Sandboxing for a free-to-join grid with support for secure site-wide storage area

First International Workshop on Virtualization Technology in Distributed Computing (VTDC 2006) Pub Date : 2006-11-17 DOI:10.1109/VTDC.2006.11

Edjozane Cavalcanti, L. D. Assis, Matheus Gaudencio, W. Cirne, F. Brasileiro

{"title":"Sandboxing for a free-to-join grid with support for secure site-wide storage area","authors":"Edjozane Cavalcanti, L. D. Assis, Matheus Gaudencio, W. Cirne, F. Brasileiro","doi":"10.1109/VTDC.2006.11","DOIUrl":null,"url":null,"abstract":"Grid computing enables different institutions to access each other's resources, and hence requires very strong security guarantees. We here explore how visualization was used to provide security for OurGrid, an easy-to-use free-to-join grid that supports bag-of-tasks applications. OurGrid poses interesting security challenges. It is free-to-join (which means one runs unknown applications) and strives for simplicity (which means that configuration must be trivial). We show how we have dealt with such challenges by using Xen to virtualize a single machine, and VNET, OCFS2 and NFS to virtualize a site-wide shared file system, creating a sandboxing solution called SWAN. We evaluate SWANs security and performance. Our results indicate that SWAN is efficient in the single machine virtualization, but less so for the shared file system. Yet, a site-wide file system enables grid jobs to reuse files already transferred to other machines in the site, avoiding expensive inter-site file transfer.","PeriodicalId":267821,"journal":{"name":"First International Workshop on Virtualization Technology in Distributed Computing (VTDC 2006)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"First International Workshop on Virtualization Technology in Distributed Computing (VTDC 2006)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/VTDC.2006.11","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

Abstract

Grid computing enables different institutions to access each other's resources, and hence requires very strong security guarantees. We here explore how visualization was used to provide security for OurGrid, an easy-to-use free-to-join grid that supports bag-of-tasks applications. OurGrid poses interesting security challenges. It is free-to-join (which means one runs unknown applications) and strives for simplicity (which means that configuration must be trivial). We show how we have dealt with such challenges by using Xen to virtualize a single machine, and VNET, OCFS2 and NFS to virtualize a site-wide shared file system, creating a sandboxing solution called SWAN. We evaluate SWANs security and performance. Our results indicate that SWAN is efficient in the single machine virtualization, but less so for the shared file system. Yet, a site-wide file system enables grid jobs to reuse files already transferred to other machines in the site, avoiding expensive inter-site file transfer.

查看原文本刊更多论文

用于免费加入网格的沙箱，支持安全的站点范围存储区域

网格计算使不同的机构能够访问彼此的资源，因此需要非常强大的安全保证。我们在这里探讨如何使用可视化来为OurGrid提供安全性，OurGrid是一个易于使用的免费加入网格，支持任务包应用程序。OurGrid带来了有趣的安全挑战。它是免费加入的(这意味着可以运行未知的应用程序)，并力求简单(这意味着配置必须微不足道)。我们通过使用Xen虚拟化一台机器，并使用VNET、OCFS2和NFS虚拟化一个站点范围的共享文件系统，从而创建一个名为SWAN的沙箱解决方案，来展示我们如何应对这些挑战。我们评估了SWANs的安全性和性能。我们的结果表明，SWAN在单机虚拟化中是高效的，但在共享文件系统中效率较低。但是，站点范围的文件系统使网格作业能够重用已经传输到站点中的其他机器的文件，从而避免了昂贵的站点间文件传输。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

First International Workshop on Virtualization Technology in Distributed Computing (VTDC 2006)

自引率

0.00%

发文量