Trustworthy Distributed Systems Through Integrity-Reporting
With the growing influence of e-Science, substantial quantities of research are being facilitated, recorded, and reported by means of distributed computing. As a result, the scope for malicious intervention continues to grow and so do the rewards available to those able to steal the models and data that have significant commercial value. Researchers are often reluctant to exploit the full benefits of distributed computing because they fear the compromise of their sensitive data or the uncertainty of the returned results. In this chapter, we propose two types of trustworthy distributed systems – one suitable for a computational system and the other for a distributed data system. Central to these systems is the novel idea of configuration resolver, which, in both designs, is responsible for filtering trustworthy hosts and ensuring that jobs are dispatched to those considered trustworthy. Furthermore, the blind analysis server enables statistical analyses to be performed on sensitive raw data – collected from multiple sites – without disclosing it to anyone.
KeywordsVirtual Machine Trusted Platform Module Virtual Machine Monitor Policy Enforcement Point Virtual Machine Image
The work described is supported by a studentship from QinetiQ. David Power, Mark Slaymaker, and Peter Lee provided help with the healthcare grid example. David Wallom, Steven Young, and Matteo Turilli provided insights on the National Grid Service.
- 1.2009.http://www.climateprediction.net/ (accessed February 08, 2010).
- 2.Thain, D, T Tannenbaum, and M Linvy. “Distributed computing in practice: the Condor experience.” Concurrency - Practice and Experience, 2005: 17(2–4):323–356.Google Scholar
- 3.Wallom, D C, and A E Trefethen. “OxGrid, a campus grid for the University of Oxford.” UK e-Science All Hands Meeting. 2006.Google Scholar
- 4.Power, D J, E A Politou, M A Slaymaker, and A C Simpson. “Towards secure grid-enabled healthcare.” Software Practice and Experience, 2002.Google Scholar
- 6.Simpson, A C, D J Power, M A Slaymaker, and E A Politou. “GIMI: Generic Infrastructure for Medical Informatics.” Proceedings of the 18th IEEE Symposium on Computer-Based Medical Systems. 2005. 564–566.Google Scholar
- 7.Freeman, R. “Medical records and public policy: the discursive (re)construction of the patient in Europe.” Workshop 9: ‘Policy, Discourse and Institutional Reform. ECPR Joint Sessions of Workshops, 2001.Google Scholar
- 8.Trusted Computing Group Backgrounder. 2006. https://www.trustedcomputinggroup.org (accessed February 09, 2010).
- 9.Grawrock, D. “The Intel Safer Computing Initiative.” 119–142. Intel Press, 2006.Google Scholar
- 10.“TPM Main Specification Version 1.2.” TCG Workgroup. 2003. http://www.trustedcomputinggroup.org/resources/tpm_main_specification.
- 11.TCG. “TCG Infrastructure Working Group Architecture Part II - Integrity Management.” November 2006. http://www.trustedcomputinggroup.org/resources/infrastructure_work_group_architecture_part_ii__integrity_management_version_10.
- 12.Sugerman, J, G Venkitachalam, and B Lim. “Virtualizing I/O Devices on VMware Workstation’s Hosted Virtual Machine Monitor.” Proceedings of the General Track: 2002 USENIX Annual Technical Conference. USENIX, 2001. 1–14.Google Scholar
- 13.Xen. “Xen: Enterprise Grade Open Source Virtualization A XenSource White Paper.” 2005. http://xen.xensource.com/files/xensource_wp2.pdf.
- 14.Adams, K, and O Agesen. “A comparison of software and hardware techniques for x86 virtualization.” Proceedings of the 12th international conference on Architectural support for programming languages and operating systems. ACM, 2006. 2–13.Google Scholar
- 16.Foster, I, C Kesselman, G Tsudik, and S Tuecke. “A security architecture for computational grids.” Proceedings of the 5th ACM conference on computer and communications security. ACM, 1998. 83–92.Google Scholar
- 17.Sadeghi, A R, and C Stüble. “Taming “Trusted Platforms” by Operating System Design.” Information Security Applications. Lecture Notes in Computer Science, 2004. 2908:1787–1801.Google Scholar
- 18.Hohmuth, M, M Peter, H Hartig, and J S Shapiro. “Reducing TCB size by using untrusted components: small kernels versus virtual-machine monitors.” EW11: Proceedings of the 11th workshop on ACM SIGOPS European workshop. ACM, 2004. 22.Google Scholar
- 19.Stumpf, F, M Benz, M Hermanowski, and C Eckert. “An Approach to a Trustworthy System Architecture Using Virtualization.” Autonomic and Trusted Computing. Lecture Notes in Computer Science, 2007. 191–202.Google Scholar
- 20.Figueiredo, R J, P A Dinda, and J A Fortes. “A case for grid computing on virtual machines.” 23rd IEEE International Conference on Distributed Computing Systems (ICDCS’03). IEEE Computer Society, 2003.Google Scholar
- 21.Keahey, K, K Doering, and I Foster. “From sandbox to playground: Dynamic virtual environments in the grid.” 5th International Conference on Grid Computing (Grid 2004). IEEE Computer Society, 2004.Google Scholar
- 22.Löhr, H, HV Ramasamy, and A R Sadeghi. “Enhancing Grid Security Using Trusted Virtualization.” Autonomic and Trusted Computing. 372-384: Lecture Notes in Computer Science, 2007. 372–384.Google Scholar
- 23.Yau, P W, A Tomlinson, S Balfe, and E Gallery. “Securing Grid Workflows with Trusted Computing.” ECCS (3). Lecture Notes in Computer Science, 2008. 510–519.Google Scholar
- 24.Vejda, T, R Toegl, M Pirker, and T Winkler. “Towards Trust Services for Language-Based Virtual Machines for Grid Computing.” TRUST. Lecture Notes in Computer Science, 2008. 48–59.Google Scholar
- 25.Mao, W, F Yan, and C Chen. “Daonity: grid security with behaviour conformity from trusted computing.” STC. ACM, 2006. 43–46.Google Scholar
- 26.Sadeghi, A R, and C Stuble. “Property-based Attestation for Computing Platforms.” NSPW ‘04: Proceedings of the 2004 workshop on New security paradigms. ACM, 2004. 67–77.Google Scholar
- 27.Cooper, A, and A Martin. “Trusted Delegation for Grid Computing.” The Second Workshop on Advances in Trusted Computing. 2006.Google Scholar
- 28.Wang, D, and A Wang. “Trust Maintenance Toward Virtual Computing Environment in the Grid Service.” APWeb. Lecture Notes in Computer Science, 2008. 166–177.Google Scholar
- 29.Pradheep, S S, S Santhanam, P Elango, A Arpaci-dusseau, and M Livny. “Deploying Virtual Machines as Sandboxes for the Grid.” In Second Workshop on Real, Large Distributed Systems (WORLDS 2005). 2005. 712.Google Scholar
- 30.Garfinkel, T, B Pfaff, M Rosenblum, and D Boneh. “Terra: A Virtual Machine-Based Platform for Trusted Computing.” Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP ‘03). ACM, 2003. 193–206.Google Scholar
- 31.Barham, P, et al. “Xen and the art of virtualization.” SOSP ‘03: Proceedings of the nineteenth ACM symposium on Operating systems principles. ACM, 2003. 164–177.Google Scholar
- 32.Nagarajan, A, V Varadharajan, and M Hitchens. “Trust management for trusted computing platforms in web services.” STC ‘07: Proceedings of the 2007 ACM workshop on Scalable trusted computing. ACM, 2007. 58–62.Google Scholar
- 33.Sailer, R, T Jaeger, X Zhang, and LV Doorn. “Attestation-based policy enforcement for remote access.” CCS ‘04: Proceedings of the 11th ACM Conference on Computer and Communications Security. ACM, 2004. 308–317.Google Scholar
- 34.Luna, J, M D Dikaiakos, T Kyprianou, A Bilas, and M Marazakis. “Data Privacy considerations in Intensive Care Grids.” Global Healthgrid: e-Science Meets Biomedical Informatics. IOS press, 2008. 178–187.Google Scholar
- 35.O’Keefe, CM. “Privacy and the Use of Health Data - Reducing Disclosure Risk.” Health Informatics, 2008: 3(1).Google Scholar
- 36.Maguire, T, and D Snelling. “Web Services Service Group 1.2 (WS-ServiceGroup).” OASIS Open, 2004.Google Scholar
- 37.Foster, I, and C Kesselman. “The Grid: Blueprint for a New Computing Infrastructure.” Chapter 2: Computational Grids. Morgan-Kaufman, 1999.Google Scholar
- 39.Huh, JH, J Lyle, C Namiluko, and A Martin. “Application Whitelists in Virtual Organisations.” Future Generation Computer Systems, 2009: (Under Revision).Google Scholar
- 40.Geddes, N. “The National Grid Service of the UK.” e-Science and Grid Computing, International Conference on, 2006: 94.Google Scholar
- 41.Andreozzi, S, et al. “GLUE Specification v. 2.0.” February 2009. http://forge.gridforum.org/sf/docman/do/downloadDocument/projects.glue-wg/docman.root.drafts.archive/doc15023.
- 42.“Berkeley database information index v5.” EGEE Web. November 2009. https://twiki.cern.ch/twiki//bin/view/EGEE/BDII.
- 43.“Amazon Elastic Compute Cloud (Amazon EC2).” Amazon Web Services. http://aws.amazon.com/ec2/ (accessed February 17, 2010).
- 44.“Enomaly - Product Overview.” Enomaly. http://www.enomaly.com/Product-Overview.419.0.html (accessed February 17, 2010).
- 45.Nurmi, D, et al. “The Eucalyptus Open-Source Cloud-Computing System.” CCGRID ‘09: Proceedings of the 2009 9th IEEE/ACM International Symposium on Cluster Computing and the Grid. IEEE Computer Society, 2009. 124–131.Google Scholar