Abstract
Programs in execution have long been considered to be immutable objects. Object code and libraries are emitted by the compiler, linked and then executed; any changes to the program require revisiting the compile or link steps. In contrast, we consider a running program to be an object that can be examined, instrumented, and re-arranged on the fly. The DynInst API provides a portable library for tool builders to construct tools that operate on a running program. Where previous tools might have required a special compiler, linker, or run-time library, tools based on DynInst can operate directly on unmodified binary programs during execution. I will discuss how this technology can be used to subvert system security and present an interesting scenario for security vulnerability in Grid computing. The example comes from an attack that we made on the Condor distributed scheduling system.
For this attack, we created ”lurker” processes that can be left latent on a host in the Condor pool. These lurker processes lie in wait for subsequent Condor jobs to arrive on the infected host. The lurker then uses Dyninst to attach to the newly-arrived victim job and take control. Once in control, the lurker can cause the victim job to make requests back to its home host, causing it execute almost any system call it would like.
Using techniques similar to those in intrusion detection, I show how to automatically construct a nondeterministic finite automata from the binary code of the Condor job, and use this NFA while the job is executing to check that it is not acting out of character.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Miller, B.P. (2002). A Security Attack and Defense in the Grid Environment. In: Kranzlmüller, D., Volkert, J., Kacsuk, P., Dongarra, J. (eds) Recent Advances in Parallel Virtual Machine and Message Passing Interface. EuroPVM/MPI 2002. Lecture Notes in Computer Science, vol 2474. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45825-5_8
Download citation
DOI: https://doi.org/10.1007/3-540-45825-5_8
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44296-7
Online ISBN: 978-3-540-45825-8
eBook Packages: Springer Book Archive