Native Code Security for Grid Services

In modern on demand grid computing scenarios, services from different organisations will potentially run on the same web service engine of a grid node. Secure isolation of data and code of different service instances is a vital requirement in such an environment, since mutual trust cannot be assumed between all involved parties. For Java based Grid applications the Java virtual machine offers sandboxing vacilities, however the common occurrence of native code (e.g. C/C++, Fortran) in business and scientific Grid applications leads to a number of security issues which are not handled by the basic Java security mechanisms. In this paper, we analyze the threat scenarios that emanate from native code in a service-oriented Grid scenario. A novel security architecture is presented, which enables a fine grained confinement of native components of Grid applications into a secure environment for protecting the hosting system as well as other service instances. Although our work focuses on Grid services, it is also relevant for any hosting scenario in which multiple web services using native code components are deployed in the same service container.