Memory, Storage and Network Security Analysis for Grid Systems

1
Memory, Storage and Network Security Analysis
for Grid Systems
L.M. Liebrock, U. Thakore Computer Science
Department, New Mexico Tech Contact liebrock,
unnati_at_cs.nmt.edu
Abstract The use of grid computing is increasing
rapidly in both academic and commercial areas.
Successful penetration of grid computing in the
commercial and business sectors increases the
need for more secure, cost-effective and QOS-
based solutions. Using the current grid security
infrastructure, this project analyzes threats to
grid users data and code. Some solutions to
avoid risks to grid users data and code have
been proposed and evaluated for performance.
Current network security solutions have been
analyzed for performance to guide the grid user
to select security over performance during
sensitive data transfer.
Approach Analyzing security for grid systems
begins with setting up an experimental grid to
study the current security features applied to
any grid system. The Globus Toolkit, popular and
open source software to build grid systems and
applications, was chosen to set up the
experimental grid. Various jobs were executed to
analyze what can be retrieved from memory and
storage footprints on a remote machine. The setup
was then modified in order to intercept network
transfers between grid nodes to analyze the
communication. Experiments were designed and
carried out to propose solutions to minimize the
risk of information retrieval.
Network Analysis Current protocols developed for
data transfers on grid systems addresses
authentication, authorization, reliability and
speed. Considering the Dolev-Yao threat model, an
attacker can intercept, overhear, and synthesize
any message, but is limited by cryptographic
constraints. Default settings of grids dont use
encrypted data channels. For example, the default
settings for secure communications using Globus
GRAM and GridFTP clients dont provide data
channel encryption because of the performance
penalty. Capturing traffic with Wireshark reveals
the grid user data on a default configuration.
Storage Analysis The secondary storage on a
machine on a grid system can be analyzed for data
and programs. A super user can read any grid
users data and programs as the current security
systems dont restrict the super users access.
Currently no job description attributes allow a
grid user to securely delete the code and data on
remote systems. Securely deleting files
necessitates overwriting that data with some
pattern. The number of times the data is
overwritten depends on the required level of
confidentiality and determines whether the data
can be extracted. Due to the large size of data
processed, this overhead becomes a significant
factor when using commercial compute grids. The
experimental results show that there is little
overhead for overwriting the data area once, this
enables an additional level of security.

Memory Analysis Physical memory analysis can be
used to extract text, executable files,
information about terminated and executing
processes, open network connections and
passwords. Physical memory (on Linux) can be read
using /dev/mem or /proc/kcore with administrator
privileges. The physical memory contents are not
erased until they are overwritten or the power is
turned off.
Conclusions The experiments show the threats to
grid users data and code with regards to memory,
storage and network using default settings. The
solutions are analyzed for performance to educate
the grid user in making informed decisions, while
using grids for sensitive data and code.