Skip to main content
Springer Nature Link
Log in

Agent-based accountable grid computing systems

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

Accountability is an important aspect of any computer system. It assures that every action executed in the system can be traced back to some entity. Accountability is even more crucial for assuring the safety and security of grid systems, given the very large number of users active in these sophisticated environments. However, no comprehensive approach to accountability for grid systems presently exists. Our work addresses this inadequacy by developing a comprehensive accountability system driven by policies and supported by accountability agents. In this paper, we first discuss the requirements that have driven the design of our accountability system and then discuss the key elements of our accountability framework. We also show how accountability data can be used to detect anomalies performed by exploiting resources, such as computing power and/or network bandwidth, etc., made available by grid systems and then protect systems from these malicious actions. A model for optimizing a time frequency to monitor a queue usage is introduced as an example to be used in the initial step of the detection against the anomalous usage patterns of a monitored object. We describe a fully operational implementation of our accountability system and report the results from extensive experimental evaluations of it. Our experiments, carried out using an emulated laboratory test-bed, demonstrate that the implemented system is efficient and scalable for grid systems consisting of large numbers of resources and users.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

Notes

  1. Globus container refers to a grid container to manage all of the deployed web services at the server side of GT4.

  2. There is a default depth limit (9) imposed on proxy chains in the GT4 that we used.

  3. In our emulated environment, it is not actually feasible to saturate a queue.

References

  1. Chivers H (2003) Grid security: problems and potential solutions. Department of Computer Science, University of York. Yellow report YCS-2003-354. doi:10.1.1.14.6927

  2. Humphrey M, Thompson MR (2001) Security implications of typical grid computing usage scenarios. In: Proceedings of the 10th IEEE international symposium on high performance distributed computing, pp 95–103

    Chapter  Google Scholar 

  3. Catlett C (2002) The philosophy of TeraGrid: building an open, extensible, distributed TeraScale facility. In: Proceedings of the 2nd IEEE/ACM international symposium on cluster, cloud and grid computing (CCGrid-02). doi:10.1109/CCGRID.2002.1017101

    Google Scholar 

  4. Webb K, Hibler M, Ricci R, Clements A, Lepreau L (2004) Implementing the emulab-planetlab portal: experience and lessons learned. In: Proceedings of the 1st usenix workshop on real, large distributed systems (WORLDS). doi:10.1.1.140.2742

    Google Scholar 

  5. Foster I, Kesselman C, Tuecke S (2001) The anatomy of the grid. Int J High Perform Comput Appl 15(3):200–222

    Article  Google Scholar 

  6. Christie M, Marru S (2007) The lead portal: a teragrid gateway and application service architecture. J Concurr Comput, Pract Exp 19(6):767–781

    Article  Google Scholar 

  7. Fortes A, Figueiredo J, Lundstrom M (2005) Virtual computing infrastructure for nanoelectronics simulation. Proc IEEE 93(10):1839–1847

    Article  Google Scholar 

  8. Khan L, Awad M, Thuraisingham B (2007) A new intrusion detection system using support vector machines and hierarchical clustering. VLDB J 16(4):507–521

    Article  Google Scholar 

  9. Transmission control protocol: http://www.faqs.org/rfcs/rfc793.html. Accessed 2 December 2011

  10. Foster I, Kesselman C (1997) Globus: a metacomputing infrastructure toolkit. Int J Supercomput Appl 11(2):115–128

    Article  Google Scholar 

  11. Novotny J, Russell M, Wehrens O (2003) GridSphere: a portal framework for building collaborations. J Concurr Comput, Pract Exp 16(5):503–513

    Article  Google Scholar 

  12. Squicciarini AC, Lee W, Bertino E (2008) A policy-based accountability tool for grid computing systems. In: Proceedings of IEEE Asia-pacific services computing conference (APSCC-08), pp 95–100

    Google Scholar 

  13. Shanmugasundaram J (1999) Relational databases for querying XML documents: limitations and opportunities. In: Proceedings of the 25th international conference on very large data bases, pp 302–314

    Google Scholar 

  14. Bertino E, Bettini C, Ferrari E, Samarati P (1998) An access control model supporting periodicity constraints and temporal reasoning. ACM Trans Database Syst 23(3):231–285

    Article  Google Scholar 

  15. Lee W, Squicciarini AC, Bertino E (2009) An assessment of accountability policies for large-scale distributed computing systems. In: Proceedings of the 5th annual workshop on cyber security and information intelligence research (CSIIRW-09). doi:10.1145/1558607.1558652

    Google Scholar 

  16. Staples G (2006) TORQUE resource manager. In: Proceedings of the ACM/IEEE conference on supercomputing, p 8

    Google Scholar 

  17. Momjan B (2000) PostgreSQL: introduction and concepts. Pearson Education, Reading

    Google Scholar 

  18. Gropp W, Lusk E, Doss N, Skjellum A (1996) A high-performance, portable implementation of the MPI message passing interface standard. Parallel Comput 22(6):789–828

    Article  MATH  Google Scholar 

  19. Corin R, Etalle S, Hartog JD, Lenzini G, Staicu I (2006) A logic for auditing accountability in decentralized systems. In: IFIP TC1 WG1.7. Workshop on formal aspects in security and trust (FAST-06). doi:10.1007/0-387-24098-5_14

    Google Scholar 

  20. Jagadeesan R, Jeffrey A, Pitcher C, Riely J (2009) Towards a theory of accountability and audit. In: Proceedings of the 14th European symposium on research in computer security (ESORICS-09), pp 152–167

    Google Scholar 

  21. Weitzner DJ, Abelson H, Berners-Lee T, Feigenbaum J, Hendler J, Sussman GJ (2008) Information accountability. Commun ACM 51(6):82–88

    Article  Google Scholar 

  22. Mach R, Lepro-Metz R, Jackson S, McGinnis L (2006) Open grid forum (OGF) resource usage (RU) standard—format recommendation. http://www.ogf.org/documents/GFD.98.pdf. Accessed 1 December 2011

  23. Newman HB, Legrand IC, Galvez P, Voicu R, Cirstoiu C (2003) MonALISA: a distributed monitoring service architecture. In: Proceedings of the computing in high energy and nuclear physics, pp 1–8

    Google Scholar 

  24. Massie ML, Chun BN, Culler DE (2004) The Ganglia distributed monitoring system: design, implementation, and experience. Parallel Comput 30(7):817–840

    Article  Google Scholar 

  25. Chun BN, Bavier AC (2004) Decentralized trust management and accountability in federated systems. In: Proceedings of the 37th annual Hawaii international conference on system sciences, p 90279a

    Google Scholar 

  26. Reilly CF, Naughton JF (2006) Exploring provenance in a distributed job execution system. In: Proceedings of the international conference on provenance and annotation of data, pp 237–245

    Chapter  Google Scholar 

  27. Lee W, Squicciarini AC, Bertino E (2009) The design and evaluation of accountable grid computing systems. In: Proceedings of 29th international conference on distributed computing systems (ICDCS-09), pp 145–154

    Google Scholar 

  28. Lee W, Squicciarini AC, Bertino E (2011) Detection & protection from DDoS attacks in accountable grid computing systems. In: Proceedings of the 11th IEEE/ACM international symposium on cluster, cloud and grid computing (CCGrid-11), pp 534–543

    Google Scholar 

  29. Garfinkel T, Rosenblum M (2003) A virtual machine introspection based architecture for intrusion detection. In: Proceedings of network and distributed systems security symposium, pp 191–206

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Electrical and Computer Engineering, Purdue University, West Lafayette, IN, USA

    Wonjun Lee

  2. College of Information Sciences and Technology, The Pennsylvania State University, University Park, PA, USA

    Anna Squicciarini

  3. Department of Computer Science, Purdue University, West Lafayette, IN, USA

    Elisa Bertino

Authors
  1. Wonjun Lee
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Anna Squicciarini
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Elisa Bertino
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Wonjun Lee.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lee, W., Squicciarini, A. & Bertino, E. Agent-based accountable grid computing systems. J Supercomput 65, 903–929 (2013). https://doi.org/10.1007/s11227-013-0871-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11227-013-0871-5

Keywords