Security System for Overlapping Non-dedicated Clusters

Abstract

Techniques for building local area network clusters differ from those used for large scale harvesting of idle computing power. The overlapping non dedicated clusters (ONDC) architecture is trying to mix advantages of both techniques. Clusters build in ONDC style can be deployed both on small scale local networks, but as well in large scale over the Internet deployments. In this paper we analyze the security requirements of ONDC and describe our solution. The solution was implemented for the Clondike clustering system, but the same approach can be used for any other ONDC system. The proposed system is inspired by the security mechanisms of existing P2P grid systems and various trust management systems, but it is tailored to exactly match the ONDC requirements. An important aspect of the proposed solution is a combination of locally issued identity based access control and certificates based delegated authorizations. While the identity based access control is the most intuitive way how to express trust for the users of the system, delegated authorizations are an answer for more complex cases. The unique feature of the proposed system is configurable mechanism for authorization distributions and storage that enables users to trade-off a local information availability with local storage requirements.