Security of Grid Computing Environments

Slides:



Advertisements
Similar presentations
Application of Bayesian Network in Computer Networks Raza H. Abedi.
Advertisements

Fundamentals of Computer Security Geetika Sharma Fall 2008.
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Rheeve: A Plug-n-Play Peer- to-Peer Computing Platform Wang-kee Poon and Jiannong Cao Department of Computing, The Hong Kong Polytechnic University ICDCSW.
This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Silberschatz, Galvin and Gagne  Operating System Concepts Module 19: Security The Security Problem Authentication Program Threats System Threats.
Chapter 8: Network Operating Systems and Windows Server 2003-Based Networking Network+ Guide to Networks Third Edition.
Department Of Computer Engineering
Intrusion Detection System Marmagna Desai [ 520 Presentation]
INTRUSION DETECTION SYSTEM
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab.
Intrusion Detection for Grid and Cloud Computing Author Kleber Vieira, Alexandre Schulter, Carlos Becker Westphall, and Carla Merkle Westphall Federal.
 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.
Intrusion Detection Techniques for Mobile Wireless Networks Zhang, Lee, Yi-An Huang Presented by: Alex Singh and Nabil Taha.
1 / 18 Fariba alamshahi Secure Routing and Intrusion Detection in Ad Hoc Networks Supervisor: Mr.zaker Translator: fariba alamshahi.
Digital Object Architecture
Designing Active Directory for Security
Project guide Dr. G. Sudha Sadhasivam Asst Professor, Dept of CSE Presented by C. Geetha Jini (07MW03)
The Grid System Design Liu Xiangrui Beijing Institute of Technology.
Survival by Defense- Enabling Partha Pal, Franklin Webber, Richard Schantz BBN Technologies LLC Proceedings of the Foundations of Intrusion Tolerant Systems(2003)
Freelib: A Self-sustainable Digital Library for Education Community Ashraf Amrou, Kurt Maly, Mohammad Zubair Computer Science Dept., Old Dominion University.
Grid Middleware Tutorial / Grid Technologies IntroSlide 1 /14 Grid Technologies Intro Ivan Degtyarenko ivan.degtyarenko dog csc dot fi CSC – The Finnish.
Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Typing Pattern Authentication Techniques 3 rd Quarter Luke Knepper.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors : Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
VIEWS b.ppt-1 Managing Intelligent Decision Support Networks in Biosurveillance PHIN 2008, Session G1, August 27, 2008 Mohammad Hashemian, MS, Zaruhi.
Some Great Open Source Intrusion Detection Systems (IDSs)
Towards a High Performance Extensible Grid Architecture Klaus Krauter Muthucumaru Maheswaran {krauter,
Successfully Implementing The Information System Systems Analysis and Design Kendall and Kendall Fifth Edition.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
Introduction to Machine Learning, its potential usage in network area,
Presented by Edith Ngai MPhil Term 3 Presentation
CompTIA Security+ Study Guide (SY0-401)
Grid Computing Security Mechanisms: the state-of-the-art
Top 5 Open Source Firewall Software for Linux User
(A CORPORATE NETWORK APPROACH)
Access control techniques
Ad-hoc Networks.
High Performance Computing Lab.
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
QianZhu, Liang Chen and Gagan Agrawal
Outline Introduction Characteristics of intrusion detection systems
Evaluating a Real-time Anomaly-based IDS
Security in Networking
CompTIA Security+ Study Guide (SY0-401)
Network Intrusion Detection Using GA
Comparison of LAN, MAN, WAN
Detecting Targeted Attacks Using Shadow Honeypots
Network Security – Kerberos
The Globus Toolkit™: Information Services
Intrusion Prevention Systems
Dynamic Authentication of Typing Patterns
Security.
Intrusion Detection system
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Relentless Distribution
BACHELOR’S THESIS DEFENSE
The Anatomy and The Physiology of the Grid
Operating System Concepts
Operating System Concepts
Presentation transcript:

Security of Grid Computing Environments Scientific Computing Department Faculty of Computer and Information Sciences Ain Shams University Security of Grid Computing Environments Supervised By: Mohammad F. Tolba Mohammad S. Abdel-Wahab Ismail A. Taha Presented By: Ahmad M. Al Shishtawy

Agenda Introduction. The Proposed Grid Intrusion Detection Architecture (GIDA). GIDA Implementation. Testing and Results. Conclusions and Future Work. Published Work.

Historical Background Metacomputing. Grid computing coined in the late 1990s. Analogy to the electrical power grid. Ultimate goal: Make access to computational power as easy as access to electrical power Still under research and development.

The Evolution of the Grid The Internet (Sharing of Information): PC LAN WAN The Internet The Grid (Sharing of Computational Power): Distributed Computing PC Cluster The Grid

Characteristics Heterogeneity. Scalability. Dynamicity or adaptability. Multiple administrative domains and autonomy.

Requirements A Grid system should: Coordinate resources that are not subject to centralized control. Use standard, open, general-purpose protocols and interfaces. Deliver nontrivial Qualities of Service.

Grid Computing – Current Efforts (Sample) Globus: www.globus.org GridBus: www.gridbus.org Legion: legion.virginia.edu UNICORE: www.unicore.org

The Grid Project Description Joint project between: Ain Shams University in Egypt George Washington University in USA Test Project (Signature Verification). Goals: Understand Grid environments. Hands on practice. Master security related issues.

The Grid Scenario

The Grid Scenario

The Grid Scenario

The Grid Scenario

The Grid Scenario

The Grid Scenario

Basic Grid Services Security Resource Management Information Services Data Security

Security Problems The need to establish security relationship among hundreds of processes .(not simple client/server). The dynamic nature of the grid. Interdomain security solutions must interoperate with the diverse intradomain access control technologies

Security Problems Based on Public Key Infrastructure Private Keys can be stolen. Temporary Credentials poorly protected No protection from insiders. Software Bugs and Security Holes

Different Security Levels First Level Second Level Attacks Firewall Password Authentication Authorization ... Intrusion Detection Protected Computer System

Intrusion Detection System Second line of defense Normal differ from malicious use. Data Gathering: Host-based. Network-based. Analysis and Detection: Anomaly detection. Misuse detection. Centralized vs. Distributed detection.

Centralized Intrusion Detection LAN Data gathering module Analysis and Detection module

Distributed Intrusion Detection LAN LAN LAN LAN Data gathering module Analysis and Detection module

Hierarchical Distributed Intrusion Detection LAN LAN Data Gathering Module ... ... Intrusion Detection Servers Data Analysis Module LAN LAN

Agenda Introduction. The Proposed Grid Intrusion Detection Architecture (GIDA). GIDA Implementation. Testing and Results. Conclusions and Future Work. Published Work.

Goal Protect Grid resources from attacks that results from installing and using the Grid Infrastructure. Normal Internet attacks (that are not related to the Grid) are the responsibility of the local intrusion detection system at each domain.

Grid Intrusion Detection Architecture Intrusion Detection Agent (IDA) Data Gathering Module Intrusion Detection Server (IDS) Analysis and Detection Module Cooperation Module

Proposed Grid Intrusion Detection Architecture (GIDA)

Data Gathering Module IDA A Local IDS User Interface

Proposed Grid Intrusion Detection Architecture (GIDA) GIS or DB IDS IDS GIS or DB

Proposed Grid Intrusion Detection Architecture (GIDA) GIS or DB IDS Dynamicity or adaptability No centralized control Standard protocols Nontrivial QoS Heterogeneity Autonomy Scalability

Agenda Introduction. The Proposed Grid Intrusion Detection Architecture (GIDA). GIDA Implementation. Testing and Results. Conclusions and Future Work. Published Work.

GIDA Implementation Simulated Grid environment. Simulated IDA. Host-based anomaly detection technique. Homogeneous IDSs with LVQ Neural Network. Simple cooperation with sharing results.

Why Simulation? No real Grid for testing (Expensive). Best for testing and evaluation new architectures. Control experiments in dynamic environment.

Grid Simulators Many Grid simulation tools (GridSim, SimGrid, MicroGrid, …). Unfortunately they concentrate on resource management problems. Develop our own simulator for security and intrusion detection based on GridSim.

The Simulated Grid Generated Log Files . . . Intrusion Detection Servers . . . IDS IDS Resources . . . Requests . . . . . . Users Intruders

Peer-to-peer Network or GIS GIDA Implementation IDS Log Log Log Peer-to-peer Network or GIS IDS IDS

Why LVQ? Similar to SOM and used for classification. Does not require anomalous records in training data. Classes and their labels (User Name) are known.

Analyzing and detection module IDS Analyzing Module Analyzing and detection module Log Preprocessing Trained LVQ Decision Module Response Cooperation Module

Agenda Introduction. The Proposed Grid Intrusion Detection Architecture (GIDA). GIDA Implementation. Testing and Results. Conclusions and Future Work. Published Work.

Measured Parameters False Positive Percentage. False Negative Percentage. Recognition Rate. Training Time. Detection Duration

Tested Issues Controllable (Internal) Uncontrollable (External) Data Preprocessing Number of IDSs Uncontrollable (External) Number of Users Number of Resources Number of Intruders

Different Types of Windows (Preprocessing) Type 1: Fixed number of events. Type 3: Fixed number of events with time limit. Type 4: Fixed events with time limit ignoring incomplete. Type 2: Fixed time period window. Type 5: Fixed events with time limit fixing incomplete.

Fixed Window Size 1 IDS 4 IDSs Legend

Time Period Window 1 IDS 4 IDSs Legend

Hybrid Window at size 10 1 IDS 4 IDSs Legend

Hybrid Window at size 20 1 IDS 4 IDSs Legend

Hybrid Window at size 30 1 IDS 4 IDSs Legend

Number of IDSs 50 Users 200 Users Legend 350 Users

Number of Users 1 IDS 4 IDSs Legend 8 IDSs

Number of Resources 1 IDS 4 IDSs Legend 8 IDSs

Number of Intruders 1 IDS 4 IDSs Legend 8 IDSs

Agenda Introduction. The Proposed Grid Intrusion Detection Architecture (GIDA). GIDA Implementation. Testing and Results. Conclusions and Future Work. Published Work.

Conclusions GIDA designed compatible with the grid and proved by experiments. (IDA, IDS) The hybrid window gave the best results by managing the number of events efficiently. (Detection Duration, False Negative) Distributed systems is better that Centralized systems. (False Negative, Training Time)

Conclusions GIDA is scalable. (IDSs, Users) Natural increase in number of resources improved the results. (False Positive) Better understanding of the problem of intrusion detection in Grid environments.

Future Work Trust Relationships in Grid environment. Heterogeneous IDSs. More complicated algorithms for cooperation. Misuse detection. Testing on real Grid testbeds.

Agenda Introduction. The Proposed Grid Intrusion Detection Architecture (GIDA). GIDA Implementation. Testing and Results. Conclusions and Future Work. Published Work.

Published Work M. Tolba, I. Taha, and A. Al-Shishtawy, "An Intrusion Detection Architecture for Computational Grids". First International Conference on Intelligent Computing and Information Systems, June 2002. M. Tolba, M. Abdel-Wahab, I. Taha, and A. Al-Shishtawy, “A Secure Grid Enabled Signature Verification System”. Second International Conference on Intelligent Computing and Information Systems, Cairo, Egypt, March 2005. M. Tolba, M. Abdel-Wahab, I. Taha, and A. Al-Shishtawy, "Distributed Intrusion Detection System for Computational Grids". Second International Conference on Intelligent Computing and Information Systems, Cairo, Egypt, March 2005.

Published Work M. Tolba, M. Abdel-Wahab, I. Taha, and A. Al-Shishtawy, "GIDA: Toward Enabling Grid Intrusion Detection Systems". Cluster Computing and Grid 2005, Cardiff, UK, 9 - 12 May 2005. http://dsg.port.ac.uk/events/conferences/ccgrid05/wip/schedule/Paper20.pdf M. Tolba, M. Abdel-Wahab, I. Taha, and A. Al-Shishtawy, "Intrusion Detection System for the Grid". The 2005 International Conference on Grid Computing and Applications (GCA'05). Las Vegas, Nevada, USA, 20 - 23 June 2005.

Thank you for careful listening  The End Thank you for careful listening 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.