Security and the Grid

1
Security and the Grid

• Mark Baker

University of Portsmouth, UK Mark.Baker_at_Computer.o
rg http//www.dcs.port.ac.uk/mab/Talks/
2
Overview

• Security
• Incidents
• Types of Attack
• Actors and Threats
• Trends and The Future.
• The Grid
• Computing and Networking Some trends
• From Metacomputing to Grid Computing
• Building blocks for Grids
• Grid computing approaches and projects
• Future trends and conclusions.

3
Notable Incidents

• Two Break-ins at Microsoft, October 2000.
• Israel-related sites attacked, October 2000.
• August 2000, Hackers attack Korean Information
  Ministry's Web site.
• Feb 2000, Denial of Service against eBay, Yahoo,
  Amazon.
• Reuters, Feb. 99, Israeli Hackers charged
  -20-Year-Old Broke Into Pentagon Computers.

4
Then there was

• I LOVE YOU, May 2000
• Outlook
• As much as 10 billion in damages
• Approximately 24 hours, gt 500,000 systems
• Melissa, March 1999
• Word 97, Word 2000
• 300 million in damages
• Approximately 4 days
• 150,000 systems.
• Brain took 5 years to do 50 million gt 10 years
  ago.

5
And in the background (CSI/FBI US Survey)

• 70 of respondents had unauthorised use of
  systems
• 12 did not know
• 85 of those reporting abuse had some over the
  Internet
• Average losses for Internet-connected companies
  average almost 1million per year.

6
Growth of Viruses In theWild
7

• About 30 are buffer overflows or unchecked
  data.
• Over 90 are coding/design flaws.
• - Securityfocus.com

8
More data

• CERT reported nearly 10,000 incidents in 1999,
  more this year.
• On-going probes
• 50-60 incidents per day on Internet
• 10-12 incidents per day on DSL
• 5-6 incidents per day on dial-up.

9
Defences

• Virus prevention
• Largely pattern based, need updates.
• Firewalls
• Because we cannot control users.
• Largely pattern based, need updates.
• Virtual Private Networks (VPNs).
• Security scanners
• Look for known flaws and misconfiguration.

10
Actors
11
The World in 2004 (at this rate)

• 100,000 computer viruses
• 99 for one vendors software
• New viruses _at_ more than 1 per hour.
• Most common desktop system
• Almost 100 million Lines Of Code, 1GHz
• 1 security patch announced per day.
• Attacks over network exceed 10 per hour.
• Losses to business and government will exceed
  100 billion per year.

12
But

• Virus prevention
• Patterns need to be updated continuously.
• Firewalls
• Cannot handle terabit pipes, wireless networks,
  VPNS.
• VPNs
• How will these work in mobile networks?
• Security scanners
• Too intrusive, need almost hourly updates to run

13
The Nature of New Threats

• Only a few result from new technology
• Faster machines
• Wireless technology
• Faster communications.
• Increasing computerisation and connectivity.
• Poor quality in COTS.
• User attitude and education.
• Lack of experts and expertise.

14
New technology WirelessNetworking

• Enhances eavesdropping.
• Insertion of malicious code.
• Denial of service.
• Theft of devicesand thus, theft of identity.
• Loss and damage become bigger concerns.
• Encourages work in unsafe environments.

15
New technology Fastermachines and communications

• Stronger encryption required.
• Automated defences required.
• More aggregation of data, and associated
  problems.
• Greater reach from far away.

16
Poor quality in COTS

• Increasing pressure to use standard, homogenous
  solutions.
• Consumers push for features, BUT not security.
• Little awareness or training at vendors.
• Compatibility breeds more problems.
• No incentive for quality!

17
User Attitude

• Most users want features, not security.
• Thin client computing not popular.
• User-installed software a threat.
• Dynamic update a threat Windows 2K!
• Issue of home vs. workplace computing.
• Users do not want controls, and management often
  will not enforce them!

18
Shortage of Experts

• Only a few university programmes of note
• Require resources, infrastructure, faculty.
• Hyper-competitive market.
• Too many managers mistake criminal experience for
  expertise.
• Shortage of real government understanding or
  commitment.
• Problem will get worse before it gets better.

19
How About the law?

• UCITA
• See http//www.4cite.org
• International issues.
• Law enforcement handicapped
• Basic issues need to be debated
• Lack of resources and personnel
• Turf battles.

20
What can we do?

• Need assurance, not features
• Do a few things welland safely!
• Stop using the hammer
• Diversity of systems is a good thing, but
• Build in security from the start.
• Understand policy differences.
• Think about the use of technology
• Do not simply ask Can we do it? but also ask
  Should we do it?

21
Users need to be betterconsumers

• 28-30 million lines of code for an operating
  system!?
• Consumers need to start demanding quality and
  security instead of new features.
• Security Quality Assurance needs to be the
  explicit part of every design and measured for
  the consumer.
• Hacking into systems is not security
  penetrate and patch is not a design.

22

• The Grid
• A blueprint for a global computing infrastructure

23
Some Trends

• Computer Hardware
• Continuous improvement of the commodity processor
  performance (P IV, Alpha, G4, .)

• Architected by Apple, Motorola and IBM
• Theoretical peak performance of 3.6 Gflops/s
• Sustained performance of over one Gflops/s

24
Some Trends

• Networks
• Continuous improvement of the network bandwidth
  and latency.
• WAN ATM networks rapidly transitioned from
  research Gigabit networks to commercial
  deployment.

• OC3 (155 Mbps)
• OC12 (622 Mbps)
• OC48 (2.5 Gbps)
• OC192 (10 Gbps)
• OC768 (49 Gbps)
• OC3072 (159 Gbps)

Production
Experimental
25
Some Trends
Advances in computing are inseparable from
advances in networking
26
Computing Platforms
?
PERFORMANCE
Administrative Barriers

• Individual
• Group
• Department
• Campus
• State
• National
• Globe
• Inter Planet
• Universe

Desktop
SMPs or SuperComputers
Local Cluster
Global Cluster/Grid
Inter Planet Cluster/Grid ??
Enterprise Cluster/Grid
27
Metacomputing

• Different resources (computing, instruments, .)
• Geographically distributed
• Used as a single powerful parallel resource.

28
Metacomputing

• The word metacomputing has been coined to
  describe this new computational approach.
• Reference
• Larry Smarr Charles E. Catlett
• Metacomputing
• Communications of the ACM, 35(6)45-52, June 1992

29
Are they Synonyms ?

• Metacomputing.
• Heterogeneous Computing.
• High Performance Distributed Computing.
• Networked Virtual Supercomputing.
• Seamless Computing.
• Computational Grid.
• .

30
Grid Applications-Drivers

• Distributed HPC (Supercomputing)
• Computational science.
• High-throughput computing
• Large scale simulation/chip design and parameter
  studies.
• Remote software access/renting services
• Application service provides (ASPs).
• Data-intensive computing
• Data mining, particle physics (CERN).

31
Grid Applications-Drivers

• On-demand computing
• Medical instrumentation network-enabled
  solvers.
• Collaborative
• Collaborative design, data exploration, education.

32
The Grid Vision to offer

• Dependable, consistent, pervasive access to
• resources
• Dependable Can provide performance and
  functionality guarantees.
• Consistent Uniform interfaces to a wide variety
  of resources
• Pervasive Ability to plug in from anywhere.

Source www.globus.org
33
Leading to Portal for Computational Grids

• http//www.sun.com/hpc/

34
Creating a Computational Grid

• In the same way that the electric power grid
  provides universal access to electrical power, a
  computational Grid could provide
• More widespread access to computational power
• Allowing users to request additional computer
  resources on demand
• Take advantage of computers that are idle
• Interact with simulations and very large
  databases in real-time
• Construct a supercomputer from many smaller
  computers connected to the Internet

35
A View of the Grid Infrastructure
36
Grids Application Development Challenges

• Grids are intended to support large-scale
  applications.
• Scale refers to several dimensions
• Large computational and storage capacity through
  aggregation of resources
• Complexity of resources (independent of
  capacity)
• Data intensive computing tends to require a
  complex mix of resources, with or without high
  capacity
• Grids are intended to provide transparent access
  to these resources.

37
A Grid View
38
From the Gospel of the Saints Carl Ian

• Large-scale applications in the 21st Century
• Will involve
• The communication with and the coordination of a
  large number of geographically dispersed
  information sources
• Will require an environment the supports
• Reliable
• Fault-tolerant
• Highly distributed
• Heterogeneous
• Scalable.
• Computing capabilities.

39
The Grid Impact!

• The global computational Grid is expected to
  drive the economy of the 21st century similar to
  the electric power grid that drove the economy of
  the 20th century

40
Question

• Is it possible to set up a brokerage system for
  making idle resources of anonymous users of the
  Web accessible for Grid Computing ?

41
A brokerage system..
42
Electrical Grid

• Electric power applications have caused radical
  changes into the individual and collective life
  of men.

43
Electric Plug Shapes ...
Standardisation Effortsin the Electrical Grid
44
Building Grids requires...

• New programming tools.
• Software that can translate the requirements of
  an application into requirements for computers,
  networks, and storage.
• Security mechanisms that permit resources to be
  accessed only by authorised users.
• Computers and operating systems that are more
  tightly integrated with high-speed networks.
• And strong standardisation EFFORTS...

45
(No Transcript)
46
PVM
DCOM
MPI
CORBA
NEXUS
HPF
JINI
JAVA
RESOURCE MANAGEMENT
EFFICIENCY
SECURITY
PORTABILITY
INTER-OPERABILITY
47
Conclude with a comparison with the Electrical
Grid..

• Where we are ????

48
Alessandro Volta in Paris in 1801 inside French
National Institute shows the battery while in the
presence of Napoleon I

• Fresco by N. Cianfanelli (1841)
• (Zoological Section "La Specula" of National
  History Museum of Florence University)

49
(No Transcript)
50
2000 - 1801 199 Years
51
Grid Computing A New Wave ?
What will be the dominant Grid approach in the
near future ??
52
The Computational Grid is analogous to
Electricity (Power) Grid and the vision is to
offer a (almost) dependable, consistent,
pervasive, and inexpensive access to high-end
resources irrespective their location of physical
existence and the location of access.
53
Trends
It is very difficult to predict the future and
this is particular true in a field such as
Information Technology
I think there is a world market for about five
computers. Thomas J. Watson Sr., IBM Founder,
1943
54
Trends
The Grid
The times are exciting but the way ahead may be
hard and long.!
55
Future Grid Scenarios

• Access to any resources, for anyone, anywhere,
  anytime, from any platform portal (super)
  computing .
• Application access to resources from the wall
  socket!
• Many applications provide solutions in real-time.
• Choice of working office vs home vs . . .
• Collaboratories for distributed teams.
• Monitoring and steering applications through
  wireless devices (PDAs etc.).

56
Future Grid Scenarios

• Distance learning, training, education.
• Traffic automation Grid!
• Health care everybody gets the same high-quality
  treatment through WAN access to central
  instruments and experts.

57
(No Transcript)
58
(No Transcript)
59
References
1 Lyster P., Bergman L., Li P., Stanfill D.,
Crippe B., Blom R., Pardo C., Okaya D., CASA
Gigabit Supercomputing Network CALCRUST
three-dimensional real-time multi-dataset
rendering, Proceedings of Supercomputing 92 2
Catlett C., Smarr L., Metacomputing,
Communications of the ACM, vol. 35(6), pages
44-52, 1992. 3 Smarr L., Infrastructure for
Science Portals, IEEE Internet Computing,
January/February 2000, 71-73. 4 Leinberger W.,
Kumar V., Information Power Grid The new
frontier in parallel computing?,
IEEE Concurrency, October-December 1999,
75-84 5 Foster I. and Kesselman C. (editors),
The Grid Blueprint for a Future Computing
Infrastructure, Morgan Kaufmann Publishers, USA,
1999. 6 Baker M., Fox G., Metacomputing
Harnessing Informal Supercomputers, In High
Performance Cluster Computing Architectures and
Systems, Buyya, R. (ed.), Volume 1, Prentice Hall
PTR, NJ, USA, 1999. 7 Abramson D., Giddy J.,
and Kotler L., High Performance Parametric
Modeling with Nimrod/G Killer Application for
the Global Grid?, International Parallel and
Distributed Processing Symposium (IPDPS),
IEEE Computer Society Press, 2000. 8 Nimrod/G -
http//www.dgs.monash.edu.au/davida/nimrod.html
9 Buyya R, Abramson D, and Giddy J, Nimrod/G An
Architecture for a Resource Management and
Scheduling System in a Global Computational Grid,
The 4th International Conference on High
Performance Computing in Asia-Pacific Region (HPC
Asia'2000), Beijing, China. IEEE Computer Society
Press, USA, 2000. 10 Buyya R, Abramson D, and
Giddy J, Economy Driven Resource Management
Architecture for Computational Power Grids, The
2000 International Conference on Parallel and
Distributed Processing Techniques and
Applications (PDPTA2000), Las Vegas, USA,
2000. 11 Gentzsch W. (editor), Special Issue on
Metacomputing From Workstation Clusters to
Internet computing, Future Generation Computer
Systems, No. 15, North Holland, 1999. 12 Grid
Computing Infoware - http//www.gridcomputing.com/
60
References
13 Globus - http//www.globus.org/ 14 Globus
Testbeds - http//www-fp.globus.org/testbeds/ 15
Foster I. and Kesselman C., Globus A
Metacomputing Infrastructure Toolkit,
International Journal of Supercomputer
Applications, 11(2) 115-128, 1997. 16 Legion -
http//legion.virginia.edu/ 17 Grimshaw A.,
Wulf W. et al., The Legion Vision of a Worldwide
Virtual Computer. Communications of the ACM, vol.
40(1), January 1997. 18 WebFlow
http//osprey7.npac.syr.edu1998/iwt98/products/we
bflow/ 19 Haupt T., Akarsu E., and Fox G.,
Furmanski W, Web Based Metacomputing, Special
Issue on Metacomputing, Future Generation
Computer Systems, North Holland 1999. 20
NetSolve http//www.cs.utk.edu/casanova/NetSolv
e/ 21 Casanova H. and Dongarra, J., NetSolve A
Network Server for Solving Computational Science
Problems, Intl. Journal of Supercomputing
Applications and High Performance Computing, Vol.
11, No. 3, 1997. 22 Casanova H., Kim M., Plank
J., and Dongarra J., Adaptive Scheduling for Task
Farming with Grid Middleware, International
Journal of Supercomputer Applications and
High-Performance Computing, 1999. 23 Almond J.,
Snelling D., UNICORE uniform access to
supercomputing as an element of electronic
commerce, Future Generation Computer Systems
15(1999) 539-548, NH-Elsevier. 24 UNICORE
http//www.unicore.org 25 Berman F. and Wolski
R., The AppLeS Project A Status Report,
Proceedings of the Eight NEC Research Symposium,
Germany, May 1997. 26 Hawick K., James H.,
Silis A, Grove D., Kerry K., Mathew J.,
Coddington P., Patten C., Hercus J., Vaughan F.,
DISCWorld An Environment for Service-Based
Metacomputing, Future Generation Computing
Systems (FGCS), Vol. 15, 1999. 27 Wolski R.,
Neil T. Spring, and Jim Hayes, The Network
Weather Service A Distributed Resource Performanc
e Forecasting Service for Metacomputing, Future
Generation Computing Systems, 1999.
61
References
28 Computing Portals, Formely Desktop Access
to Remote Resources - http//www.computingportals.
org/ 29 FAFNER http//www.npac.syr.edu/factori
ng.html 30 I-WAY http//146.137.96.14/ 31
RSA http//www.rsa.com/ 32 SETI_at_Home
http//setiathome.ssl.berkeley.edu/ 33
Distributed.Net http//www.distributed.net/ 34
Active Tools http//www.activetools.com 35
PAPIA Parallel Protein Information Analysis
system http//www.rwcp.or.jp/papia/ 36
Distributed ASCI Supercomputer (DAS)
http//www.cs.vu.nl/das/ 37 I. Foster, J.
Geisler, W. Nickless, W. Smith, and S. Tuecke,
Software Infrastructure for the
I-WAY Metacomputing Experiment, Concurrency
Practice and Experience, vol. 10(7), pages
567-581, 1998. 38 Arnold, K., and Gosling, J.
The Java Programming Language, Addison-Wesley,
Longman, Reading, Mass., 1996. 39 Object
Management Group, Common Object Request Broker
Architecture and Specification, OMG Doc. No.
91.12.1, 1991. 40 Waldo J., The JINI
Architecture for Network-Centric Computing,
Communications of the ACM, Vol. 42, No.7, July
1999. 41 Sun Microsystems, Inc., Jini
architectural overview http//www.sun.com/jini/w
hitepapers/ 42 Rogerson, D. Inside COM.
Microsoft Press, Redmond, Wash., 1997. 43 Ninf
http//ninf.etl.go.jp/ 44 M. Sato, H. Nakada,
S. Sekiguchi, S. Matsuoka, U. Nagashima, and H.
Takagi, Ninf A Network based Information Library
for a Global World-Wide Computing Infrastructure,
Lecture Notes in Computer Science, High-Performanc
e Computing and Networking, Springer Verlag, pp.
491-502, 1997.
62
References
45 NASA Information Power Grid (IPG)
http//www.ipg.nasa.gov 46 Smarr L,
Computational Physics in the Grid Computing Era,
http//doug-pc.itp.ucsb.edu/online/numrel00/smarr1
/ 47 Leinberger, W., and Kumar, V., Information
Power Grid The new frontier in parallel
computing?, IEEE Concurrency, Vol. 7, No. 4,
Oct.Dec. 1999, IEEE Computer Society Press,
USA. 48 Smallen, S., et al., , Combining
Workstations and Supercomputers to Support Grid
Applications The Parallel Tomography Experience,
9th Heterogenous Computing Workshop (HCW
2000_at_IPDPS), Cancun, Mexico. 49 Brown, M., The
International Grid (iGrid) Empowering Global
Research Community Networking Using
High Performance International Internet Services,
Apr. 1999, http//www-fp.globus.org/documentation/
papers.html. 50 Reinefeld A., Baraglia R.,
Decker T., Gehring J., Laforenza D., Ramme F.,
Romke T., Simon J.. Proceedings of the
"Heterogeneous Computing" Workshop, University of
Geneva, April 1, 1997, IEEE Computer Society
Press, 1997, pp. 17-31 http//www.uni-paderborn.de
/pcpc/. 51 Baker M., Buyya R. and Laforenza D.,
The Grid International Efforts in Global
Computing, International Conference on Advances
in Infrastructure for Electronic Business,
Science,and Education on the Internet
(SSGRR'2000), lAquila, Rome, Italy, July 31 -
August 6. 2000. 52 Buyya R., Seamless, Scalable
Computing from Desktops to Global Computational
Power Grids Hype or Reality ?, School of
Computer Science and Software Engineering Monash
University, Melbourne, Australia,
http//www.buyya.com/ecogrid/ .
63
The GRIDBlueprint for a New Computing
Infrastructure
64

• Thanks to Eugene H. Spafford, Professor
  Director, Center for Education and Research in
  Information Assurance and Security (CERIAS),
  Purdue University, USA.