 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY /
|
Breaking News -
Security:
$2 Million NSF Grant Funds Grid
Security Research
Grid Computing, with its promise of worldwide sharing of computational
power
and resources is emerging as a major 21st century technology -- and a possible
target for pranksters, criminals or even terrorists. Now, funded by a $2
million grant from the National Science Foundation, computer scientists at the
University of Southern California and international collaborators are creating
tools to enable the Grid to defend itself, automatically.
"Highly shared resources in distributed computer systems or large-scale
computational Grids make system insecurity and privacy violations major
obstacles hindering distributed supercomputing applications," said Kai Hwang,
a professor in the USC School of Engineering who will be leading the
effort.
According to Hwang, who directs USC's Internet and Grid Computing
Laboratory,
the "GridSec" project will create "a new self-configuring security and privacy
framework to support trusted Grid applications. The architecture will give
early warning and actively work to prevent attack-caused system failures in
Grid resource sites."
Hwang and Clifford Neuman, the director of the Center for Computer Systems
Security at USC's Information Sciences Institute, are building an automated
defense system that will improve such key security functions as
authentication, authorization, and intrusion response for Grids and related
peer-to-peer and Web services.
The proposed GridSec infrastructure "will support network-based cooperative
and pervasive computing with seamless security, assured privacy, data
integrity, confidentiality, and optimized resource allocations," the project
plan proposed.
Hwang said GridSec will create a resource called the "NetShield library"
which
will deploy distributed micro firewalls and intrusion repelling software.
"This system will monitor network traffic to recognize threat patterns as they
emerge, and dynamically configure itself to meet them," he said.
The NetShield library will be supported by special virtual private networks
(VPN), built on top of the Globus security infrastructure developed at ISI
jointly with the Argonne National Laboratory. "The GridSec team will push
further to block network attacks and to enforce fine-grain, resource-access
control at the file, device, and storage levels," said Neuman.
The approach uses contributions from a variety of disciplines. Professor
Viktor Prasanna of the USC department of electrical engineering is attacking
the problems from a dynamic hardware approach. Researcher Tatyana Ryutov of
ISI's Computer Networks Division is involved in policy management and access
control in the project. In addition to these faculty, eight Ph.D.-program
graduate students are working on the project.
The USC team are also working with Michel Cosnard and Sophia Antipolis of
the
University of Nice and INRIA in France; and with Zhiwei Xu, the Vega Grid
Project leader at Chinese Academy of Sciences in Beijing. The initial phase of
the project runs through 2006.
|