skip to main content
10.1145/1266840.1266857acmconferencesArticle/Chapter ViewAbstractPublication PagessacmatConference Proceedingsconference-collections
Article

Mesh: secure, lightweight grid middleware using existing SSH infrastructure

Published:20 June 2007Publication History

ABSTRACT

Grid computing promises gains in effective computational power, resource utilization, and resource accessibility, but in order to achieve these gains, organizations must deploy grid middleware that, in most cases, does not adhere to fundamental security principles. This paper introduces a new lightweight grid middleware called Mesh, which is based on the addition of a single sign-on capability to the built-in public key authentication mechanism of SSH using system call interposition. The initial Mesh implementation is compatible with approximately 90% of the world's SSH servers and any SSH client that supports public key authentication. Resources maybe added to a Mesh-based grid in a matter of minutes using just five small files and two environment variable settings. Mesh adheres to fundamental security principles and was designed to be compatible with strong security mechanisms including two-factor authentication, SSH bastions, and restrictive firewalls. Mesh uses a remote command model, which is based on the syntax and commands already understood by users, thus requires no additional knowledge to utilize effectively. Several existing services have been integrated with Mesh to provide resource discovery and query, high performance file transfer, and job management.

References

  1. Alfieri, R., Cecchini, R. et al.: From gridmap-file to VOMS: Managing Authorization in a Grid Environment. Future Generation Computer Systems, vol. 21, num. 4, 2005.Google ScholarGoogle Scholar
  2. Bbcp. http://www.slac.stanford.edu/~abh/bbcp.Google ScholarGoogle Scholar
  3. BbFTP. http://doc.in2p3.fr/bbftp.Google ScholarGoogle Scholar
  4. Doyle, A. T., Lloyd, S. L., McNab, A.: GridSite, GACL and SlashGrid: Giving Grid Security to Web and File Applications. UK e-Science All Hands Meeting, Sep. 2002.Google ScholarGoogle Scholar
  5. Erwin, D. W., Snelling, D. F.: UNICORE: A Grid Computing Environment. 7th Intl. Euro-Par Conf., Aug. 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Foster, I., Kesselman, C.: Globus: A Metacomputing Infrastructure Toolkit. Intl. J. Supercomputer Applications, vol. 11, num. 2, 1997.Google ScholarGoogle Scholar
  7. Foster, I., Kesselman, C. (eds.): The GRID: Blueprint for a New Computing Infrastructure. Morgan-Kaufmann Publishers, Nov. 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Foster, I., Kesselman, C., Tuecke, S.: The Anatomy of the Grid: Enabling Scalable Virtual Organizations. Intl. J. Supercomputer Applications, vol. 15, num. 3, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. FUSE. http://fuse.sourceforge.net.Google ScholarGoogle Scholar
  10. Globus Project: GT 4.0: GSI-OpenSSH. Dec. 2005. Available at http://www.globus.org/toolkit/docs/4.0/security/openssh.Google ScholarGoogle Scholar
  11. Hayes, M., Morris, L. et al.: GROWL: A Lightweight Grid Services Toolkit and Applications. UK e-Science All Hands Meeting, Sep. 2005.Google ScholarGoogle Scholar
  12. Hughes-Jones, R., Dallison, S.: Investigating the Interaction Between High-Performance Network and Disk Sub-Systems. 3rd Intl. Wkshp. on Protocols for Fast Long-Distance Networks, Feb. 2005.Google ScholarGoogle Scholar
  13. Jones, M. B.: Interposition Agents: Transparently Interposing User Code at the System Interface. 14th ACM Symp. on Operating System Principles, Dec. 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Kohl, J. T., Neuman, B. C., Ts'o, T. Y.: The Evolution of the Kerberos Authentication Service. Spring 1991 EurOpen Conf., May 1991.Google ScholarGoogle Scholar
  15. Kolano, P. Z.: Surfer: An Extensible Pull-Based Framework for Resource Selection and Ranking. 4th IEEE/ACMIntl. Symp. on Cluster Computing and the Grid, Apr. 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Kolano, P. Z.: A Unified Framework for Periodic, On-Demand, and User-Specified Software Information. 5th IEEE/ACM Intl. Wkshp. on Grid Computing, Nov. 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Linux Virtual Server. http://linuxvirtualserver.org.Google ScholarGoogle Scholar
  18. Litzkow, M., Livny, M., Mutka, M.: Condor - A Hunter of Idle Workstations. 8th IEEE Intl. Conf. of Distributed Computing Systems, Jun. 1988.Google ScholarGoogle Scholar
  19. McCullough, M.: Secure Automated File Transfer.; Login:,30(4), Aug. 2005.Google ScholarGoogle Scholar
  20. McKeown, M.: Build WS-Resources with WSRF::Lite. Jan. 2005. Available at http://www-106.ibm.com/developerworks/edu/gr-dw-gr-wsrflite-i.html.Google ScholarGoogle Scholar
  21. OpenSSH. http://openssh.org.Google ScholarGoogle Scholar
  22. Pearlman, L., Welch, V., Foster, I., Kesselman, C., Tuecke, S.: The Community Authorization Service: Status and Future. Conf. for Computing in High Energy and Nuclear Physics, Mar. 2003.Google ScholarGoogle Scholar
  23. Portable Batch System. http://www.altair.com/software/pbspro.htm.Google ScholarGoogle Scholar
  24. Provos, N.: Improving Host Security with System Call Policies. 12th USENIX Security Symp., Aug. 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Riedel, M.: UNICORE Secure Shell Plugin Guide. Oct. 2005. Available at http://prdownloads.sourceforge.net/unicore/sshpluginguide_1_0_1.pdf.Google ScholarGoogle Scholar
  26. Rssh. http://www.pizzashack.org/rssh.Google ScholarGoogle Scholar
  27. Rsync. http://samba.anu.edu.au/rsync.Google ScholarGoogle Scholar
  28. Saltzer, J. H., Schroeder, M. D.: The Protection of Information in Computer Systems. Proc. of the IEEE, vol. 63, num. 9, 1975.Google ScholarGoogle Scholar
  29. Samar, V.: Unified Login with Pluggable Authentication Modules. 3rd ACM Conf. on Computer and Communications Security, Mar. 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Scponly. http://www.sublimation.org/scponly.Google ScholarGoogle Scholar
  31. SSH Tectia Server. http://www.ssh.com/products/client-server.Google ScholarGoogle Scholar
  32. SSH Usage Profiling. http://openssh.org/usage.Google ScholarGoogle Scholar
  33. Thain, D.: Identity Boxing: A New Technique for Consistent Global Identity. ACM/IEEE Supercomputing 2005 Conf., Nov. 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Thain, D., Livny, M.: Multiple Bypass: Interposition Agents for Distributed Computing. J. Cluster Computing, vol. 4, num. 1, 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Tridgell, A.: Efficient Algorithms for Sorting and Synchronization. Ph.D. Thesis, Australian National Univ., Feb. 1999.Google ScholarGoogle Scholar
  36. Wahl, M., Kille, S., Howes, T.: Lightweight Directory Access Protocol (v3): UTF-8 String Representation of Distinguished Names. IETF RFC 2253, Dec. 1997.Google ScholarGoogle Scholar
  37. Walters, R. J., Crouch, S.: M-grid: Using Ubiquitous Web Technologies to Create a Computational Grid. European Grid Conf., Feb. 2005.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Mesh: secure, lightweight grid middleware using existing SSH infrastructure

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in
          • Published in

            cover image ACM Conferences
            SACMAT '07: Proceedings of the 12th ACM symposium on Access control models and technologies
            June 2007
            254 pages
            ISBN:9781595937452
            DOI:10.1145/1266840

            Copyright © 2007 ACM

            Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

            Publisher

            Association for Computing Machinery

            New York, NY, United States

            Publication History

            • Published: 20 June 2007

            Permissions

            Request permissions about this article.

            Request Permissions

            Check for updates

            Qualifiers

            • Article

            Acceptance Rates

            Overall Acceptance Rate177of597submissions,30%

            Upcoming Conference

            SACMAT 2024

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader