A new Distributed Security Model for Linux Clusters

With the increasing use of clusters in different domains, efficient and flexible security has now become an essential requirement for clusters, though many security mechanisms exist, there is a need to develop more flexible and coherent security mechanisms for large distributed applications. In this paper, we present the need for a unified cluster wide security space for large distributed applications. Based on these needs, we propose a new security model that implements security zones inside the cluster. The model is an extension to Mandatory Access Control (MAC) mechanisms used at node level to the whole cluster with processes as basic security entities. We designed this model with clustered Linux servers running carrier-grade applications in mind but this model can be used in any domain that needs Linux clusters running large distributed applications continuously with no interruptions. We prove the feasibility of this approach through an open source implementation of the concept [1].