Trust Models and NetShield Architecture for Securing Grid Computing*

Highly shared resources over multiple grid platforms make insecurity and privacy abuse major obstacles hindering general-purpose Grid applications. A scalable grid system demands the allocation and release of resources dynamically. A distributed Grid security (GridSec) architecture is introduced to meet these demands. The architecture is built with distributed firewalls, packet filters, security managers, attack databases, and automated intrusion detection and response subsystems running over multiple platforms. We developed a new trust model for dynamic resource management with distributed security reinforcement. Furthermore, we assess major PKI trust propagation models for distributed security control. A NetShield security system is designed to fortify local network of grid resources. The system reduces grid platform vulnerability and safeguards resources from malicious network attacks. NetShield adjusts itself dynamically with respect to changes in threat patterns and network conditions. We push for fine-grain, resource-access control at the file, device, and storage levels. New packet filtering and anomaly detection techniques are developed. Simulated NetShield experimental results are reported. The trust models and fortified grid resources benefit many grid applications in scientific metacomputing, digital government, virtual organizations, business management, cyberspace crime control, etc.