Secure Architectures for Clusters and Grids

For applications like multi-physics simulations or complex data analysis, todays needs in computations require to gather thousands of computers geographically scattered and interconnected throw the Internet. Also the use of large scale global computing platforms – from a grid that couples several clusters of computers to peer-to-peer systems – has been experimented for some compute intensive high-end applications, such as the popular Seti@home [3] or BlueGene [1]. However, extending such global computing platforms to a wide class of applications and resources faces several critical security issues concerning the software architecture that manages the grid: [9]: • users and machines have to be authenticated; • as regards communications, privacy, integrity and nonrepudiation are still basic requirements; • component failures and disconnections are frequent events: the system has to ensure fault-tolerance for the application; • the results computed on remote resources, that may be victims of Trojan horses, have to be certified. In this paper, we firstly compare and classify (§II) the various security policies that have been developed for clusters and grids, from point-to-point security to private key (Kerberos, Kryptoknight) and public key (PKI) infrastructures. Coupling several clusters requires compliance with the local security policies on each local cluster, either by deploying a virtual private network (VPN) or based on a PKI infrastructure (Globus [8], DataGrid [4]). In order to resist to attacks by Trojan horses, output results are checked on the replication of computations, either total replication [19] or, more recently, partial replication [13]. Yet, tackling both security issues in a global architecture remains an open problem. In section IV, we propose a security infrastructure that address both problems. Smart cards (§III) are used in order to address authentication issues while using the system from a non trusted machine.