Enhancing Grid Security Using Trusted Virtualization

  • Hans Löhr
  • HariGovind V. Ramasamy
  • Ahmad-Reza Sadeghi
  • Stefan Schulz
  • Matthias Schunter
  • Christian Stüble
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4610)


Grid applications increasingly have sophisticated functional and security requirements. Current techniques mostly protect the grid resource provider from attacks by the grid user, while leaving the user comparatively dependent on the well-behavior of the provider. We present the key components for a trustworthy grid architecture and address this trust asymmetry by using a combination of trusted computing and virtualization technologies. We propose a scalable offline attestation protocol, which allows the selection of trustworthy partners in the grid with low overhead. By providing multilateral security, i.e., security for both the grid user and the grid provider, our protocol increases the confidence that can be placed on the correctness of a grid computation and on the protection of user-provided assets.


Trusted Platform Module Trust Computing Security Architecture Grid User Trust Computing Group 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the grid: Enabling scalable virtual organizations. International Journal of Supercomputer Applications 15, 200–222 (2001)CrossRefGoogle Scholar
  2. 2.
    Foster, I., Kesselman, C., Tsudik, G., Tuecke, S.: A security architecture for computational grids. In: Proc. 5th ACM Conference on Computer and Communications Security, pp. 83–92 (1998)Google Scholar
  3. 3.
    Azzedin, F., Maheswaran, M.: Towards trust-aware resource management in grid computing systems. In: Proc. 2nd IEEE International Symposium on Cluster Computing and the Grid, pp. 452–457 (2002)Google Scholar
  4. 4.
    Hwang, K., Kwok, Y.K., Song, S., Chen, M.C.Y., Chen, Y., Zhou, R., Lou, X.: GridSec: Trusted grid computing with security bindings and self-defense against network worms and DDoS attacks. In: Sunderam, V.S., van Albada, G.D., Sloot, P.M.A., Dongarra, J.J. (eds.) ICCS 2005. LNCS, vol. 3516, pp. 187–195. Springer, Heidelberg (2005)Google Scholar
  5. 5.
    Fuggetta, A., Picco, G.P., Vigna, G.: Understanding code mobility. IEEE Transactions on Software Engineering 24, 342–361 (1998)CrossRefGoogle Scholar
  6. 6.
    Mao, W., Jin, H., Martin, A.: Innovations for grid security from trusted computing (2005), Available online at
  7. 7.
    Smith, M., Friese, T., Engel, M., Freisleben, B.: Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques. Journal of Parallel and Distributed Computing 66, 1189–1204 (2006)zbMATHCrossRefGoogle Scholar
  8. 8.
    Intel Trusted Execution Technology Website: Intel trusted execution technology (2006),
  9. 9.
    AMD Virtualization Website: Introducing AMD virtualization (2006),
  10. 10.
    Sailer, R., Jaeger, T., Valdez, E., Caceres, R., Perez, R., Berger, S., Griffin, J.L., van Doorn, L.: Building a MAC-based security architecture for the Xen open-source hypervisor. In: Proc. 21st Annual Computer Security Applications Conference, pp. 276–285. IEEE Computer Society Press, Los Alamitos (2005)Google Scholar
  11. 11.
    Nabhen, R., Jamhour, E., Maziero, C.: A policy based framework for access control. In: Proc. 5th International Conference on Information and Communications Security, pp. 47–59 (2003)Google Scholar
  12. 12.
    Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proc. 19th ACM Symposium on Operating Systems Principles, pp. 193–206 (2003)Google Scholar
  13. 13.
    Löhr, H., Ramasamy, H.V., Sadeghi, A.R., Schulz, S., Schunter, M., Stüble, C.: Enhancing grid security using trusted virtualization (extended version) (2007),
  14. 14.
    TCG Website: TPM Specification version 1.2. (2006), Available online at
  15. 15.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proc. ACM Conference on Computer and Communications Security, pp. 132–145 (2004)Google Scholar
  16. 16.
    Sadeghi, A.R., Stüble, C.: Property-based attestation for computing platforms: caring about properties, not mechanisms. In: Proc 2004 New Security Paradigms Workshop, pp. 67–77 (2004)Google Scholar
  17. 17.
    Rutkowska, J.: Blue pill. Presented at Syscan 2006 (2006),
  18. 18.
    Pfitzmann, B., Riordan, J., Stüble, C., Waidner, M., Weber, A.: The PERSEUS system architecture. Technical Report RZ 3335 (#93381), IBM Research (2001)Google Scholar
  19. 19.
    OpenTC Website: The OpenTC project (2006),
  20. 20.
    EMSCB Website: The EMSCB project (2006),
  21. 21.
    Zhao, S., Lo, V., Gauthier-Dickey, C.: Result verification and trust-based scheduling in peer-to-peer grids. In: Proc. 5th IEEE International Conference on P2P Computing, pp. 31–38 (2005)Google Scholar
  22. 22.
    Cavalcanti, E., Assis, L., Gaudêncio, M., Cirne, W., Brasileiro, F., Novaes, R.: Sandboxing for a free-to-join grid with support for secure site-wide storage area. In: Proc. 1st International Workshop on Virtualization Technology in Distributed Computing (2006)Google Scholar
  23. 23.
    McCune, J.M., Jaeger, T., Berger, S., Cáceres, R., Sailer, R.: Shamon: A system for distributed mandatory access control. In: Proc. 22nd Annual Computer Security Applications Conference, pp. 23–32 (2006)Google Scholar
  24. 24.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: Proc. Annual USENIX Security Symposium, USENIX, pp. 223–238 (2004)Google Scholar
  25. 25.
    Jaeger, T., Sailer, R., Shankar, U.: PRIMA: policy-reduced integrity measurement architecture. In: Proc. 11th ACM Symposium on Access Control Models and Technologies, pp. 19–28 (2006)Google Scholar
  26. 26.
    Mao, W., Yan, F., Chen, C.: Daonity—grid security with behaviour conformity from trusted computing. In: Proc. 1st ACM Workshop on Scalable Trusted Computing (2006)Google Scholar
  27. 27.
    Cooper, A., Martin, A.: Trusted delegation for grid computing. In: Presented at: 2nd Workshop on Advances in Trusted Computing (2006)Google Scholar
  28. 28.
    Dinda, P.A.: Addressing the trust asymmetry problem in grid computing with encrypted computation. In: Proc. 7th Workshop on Languages, Compilers, and Run-Time Support for Scalable Systems, pp. 1–7 (2004)Google Scholar
  29. 29.
    Algesheimer, J., Cachin, C., Camenisch, J., Karjoth, G.: Cryptographic security for mobile code. Technical Report RZ 3302 (# 93348), IBM Research (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Hans Löhr
    • 1
  • HariGovind V. Ramasamy
    • 2
  • Ahmad-Reza Sadeghi
    • 1
  • Stefan Schulz
    • 3
  • Matthias Schunter
    • 2
  • Christian Stüble
    • 1
  1. 1.Horst-Görtz-Institute for IT-Security, Ruhr-University BochumGermany
  2. 2.IBM Zurich Research Laboratory RüschlikonSwitzerland
  3. 3.Max-Planck Institut für EisenforschungGermany

Personalised recommendations