Abstract
The Grid is all about collaboration, which is supported by dynamic, multi-institutional virtual organizations (VO). The fact that Grid users and resource providers often suffer from attacks outside or inside the VO make it necessary to build a trusted sub-domain. The TCG (Trusted Computing Group) proposes Trusted Computing (TC) to enhance users’ trust on today’s open architecture platforms by adding a tamper-resistant hardware module called Trusted Platform Module (TPM) to the end system. In this paper, we propose and design an open-source security system based on Linux and TPM hardware to extend the trust on the platform to the Grid environment, and hereby provide sharing of trusted environment. Especially, we demonstrate how to build a trusted sub-domain for the Grid with our system by using trusted attestation and migration based on the TC.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the Grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications 15(3), 200–222 (2001)
Novotny, J., Tueke, S., Welch, V.: An Online Credential Repository for the Grid: MyProxy. In: Proceedings of the Tenth International Symposium on High Performance Distributed Computing (HPDC-10), IEEE Press, Los Alamitos (2001)
Lorch, M., Basney, J., Kafura, D.: A Hardware-secured Credential Repository for Grid PKIs. In: 4th IEEE/ACM International Symposium on Cluster Computing and the Grid (April 2004)
Smith, S.W., Dengguo, F., Zhen, X., Liwu, Z.: Trans. Trusted Computing Platforms: Design and Applications, pp. 14–15. Tsing Hua University Press, Beijing (in Chinese) (2006)
Sailer, R., Zhang, X., Jaeger, T., Van Doorn, L.: Design and Implementation of a TCG-based integrity measurement architecture. In: Proceedings of the 11th USENIX Security Symposium (August 2004)
Dyer, J., Lindemann, M., Perez, R., Sailer, R., Smith, S.W., van Doorn, L., Weingart, S.: Building the IBM 4758 Secure Coprocessor. IEEE Computer 34, 57–66 (2001)
Smith, S.: Outbound Authentication for Programmable Secure Coprocessors. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol. 2502, pp. 72–89. Springer, Heidelberg (2002)
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: Proceedings of the 19th Symposium on Operating Systems Principles (SOSP 2003), pp. 164–177 (2003)
Trusted Computing Research Group. Open Grid Forum, http://forge.gridforum.org/projects/tc-rg/
Globus Toolkit 4, http://www-unix.globus.org/toolkit/
Open Grid Forum. Overview of the GSI, http://www.globus.org/security/overview.html/
OpenSSL, http://www.openssl.org/
Trusted Computing Group, TCG Specification Architecture Overview (April 2004), http://www.trustedcomputinggroup.org/specs/IWG/TCG_1_0_Architecture_Overview.pdf
Trusted Computing Group, TPM Main: Part 1 Design Principles (March 2006), http://www.trustedcomputinggroup.org/specs/TPM/Main_Part1_Rev94.zip
Trusted Computing Group, TCG Infrastructure Working Group Reference Architecture for Interoperability (June 2005), http://www.trustedcomputinggroup.org/groups/infrastructure/IWG_Architecture_v1_0_r1.pdf
Trusted Computing Group, TSS_Version_1.2_Level_1_FINAL (January 2006), http://www.trustedcomputinggroup.org/specs/TSS/TSS_Version_1.2_Level_1_FINAL.pdf
Watson Research I.B.M - Global Security Analysis Lab: TCPA Resources (April 2006), http://sourceforge.net/projects/trousers
LaGrande Technology Architectural Overview (September 2003), http://www.intel.com/technology/security/
Microsoft, Next-Generation Secure Computing Base home page, http://www.microsoft.com/resources/ngscb
IBM Integrity Measurement Architecture (March 2007), http://sourceforge.net/projects/linux-ima
Smith, M., Friese, T., Engel, M., Freisleben, B.: Countering security threats in service-oriented on-demand grid computing using sandboxing and trusted computing techniques. Journal of Parallel and Distributed Computing 66(9), 1189C1204 (2006)
Sailer, R., Jaeger, T., Zhang, X., van Doorn, L.: Attestationbased policy enforcement for remote access. In: Proceedings of the 11th ACM conference on Computer and communications security (CCS 2004), pp. 308–317. ACM Press, New York (2004)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: A virtual machine-based platform for trusted computing. In: Proceedings of the 19th ACM Symposium on Operating Systems Principles (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhan, J., Zhang, H., Yan, F. (2008). Building Trusted Sub-domain for the Grid with Trusted Computing. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds) Information Security and Cryptology. Inscrypt 2007. Lecture Notes in Computer Science, vol 4990. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-79499-8_36
Download citation
DOI: https://doi.org/10.1007/978-3-540-79499-8_36
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-79498-1
Online ISBN: 978-3-540-79499-8
eBook Packages: Computer ScienceComputer Science (R0)