Segregate Applications at System Level to Eliminate Security Problems

Abstract

Improvements in advanced microprocessor design and cost/performance gains in hardware technology have changed the distributed computing paradigm from a homogeneous parallel computation to a heterogeneous cluster one. This new paradigm involves coordinating and sharing computing, application, data, storage, and network resources across dynamic and possibly geographically dispersed organizations. To attract organizations to take advantage of off-the-shelf ready-to-build commodity clusters, substantial improvements have been realized in many areas such as resource allocation and management, process distribution and recovery, data integrity and application security. However, the primary factor above all others as we approach this new level of computing is trust - higher confidence in the privacy and security of data and resources is needed to advance to the next level. Most organizations avoid running applications using their private data on systems that are not under their control until a sufficient confidence of trust is built. Proofs of information security help build a higher level of trust and thus increase the utilization of the shared cluster. When launch applications on computer systems, five potential security threats arise at user, protocol, system, communication and hardware levels. To secure information, each level has to execute a set of protection tasks. Full trust will be achieved after all levels are proven immune from attack. In a conventional system, security is guaranteed if the hosting system is wholly controlled by the applications. Therefore, to protect confidential data between applications in a shared system, the traditional approach is to separate the entire system by either spatial or time methods. Here we introduce a resource separating and grouping mechanism that physically and logically separates system resources by adaptable scale to eliminate security problems and reduce the overall cost