{"title":"SVGrid:用于不受信任的网格应用程序的安全虚拟环境","authors":"Xin Zhao, Kevin Borders, A. Prakash","doi":"10.1145/1101499.1101515","DOIUrl":null,"url":null,"abstract":"Most grid security researches focus on user authentication and secure communication, the protection of grid computers is left to the underlying operating system. Unfortunately, most OS level protection mechanisms can be turned off after an attacker manages to exploit a vulnerability to gain privileged access.This paper proposes SVGrid, a Secure Virtual Grid computing environment, to protect grid computers' filesystem and network from malicious grid applications. SVGrid works by isolating grid applications in one or more grid virtual machines whose filesystem and network service are moved into a dedicated monitor virtual machine. All file and network access requests are then forced to go through the monitor virtual machine, where security policies can be enforced. The resource compartment guarantees that appropriate security policy enforcement cannot be bypassed or disabled, even if a grid virtual machine is compromised. We tested SVGrid against attacks on grid virtual machine using rootkit and internet worm, SVGrid was able to prevent both of them from maliciously accessing filesystem and network. We also evaluated the performance of SVGrid system and only found that performance cost was reasonable considering the security benefits of SVGrid.","PeriodicalId":313448,"journal":{"name":"Middleware for Grid Computing","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2005-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"SVGrid: a secure virtual environment for untrusted grid applications\",\"authors\":\"Xin Zhao, Kevin Borders, A. Prakash\",\"doi\":\"10.1145/1101499.1101515\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Most grid security researches focus on user authentication and secure communication, the protection of grid computers is left to the underlying operating system. Unfortunately, most OS level protection mechanisms can be turned off after an attacker manages to exploit a vulnerability to gain privileged access.This paper proposes SVGrid, a Secure Virtual Grid computing environment, to protect grid computers' filesystem and network from malicious grid applications. SVGrid works by isolating grid applications in one or more grid virtual machines whose filesystem and network service are moved into a dedicated monitor virtual machine. All file and network access requests are then forced to go through the monitor virtual machine, where security policies can be enforced. The resource compartment guarantees that appropriate security policy enforcement cannot be bypassed or disabled, even if a grid virtual machine is compromised. We tested SVGrid against attacks on grid virtual machine using rootkit and internet worm, SVGrid was able to prevent both of them from maliciously accessing filesystem and network. We also evaluated the performance of SVGrid system and only found that performance cost was reasonable considering the security benefits of SVGrid.\",\"PeriodicalId\":313448,\"journal\":{\"name\":\"Middleware for Grid Computing\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-11-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Middleware for Grid Computing\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/1101499.1101515\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Middleware for Grid Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1101499.1101515","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
SVGrid: a secure virtual environment for untrusted grid applications
Most grid security researches focus on user authentication and secure communication, the protection of grid computers is left to the underlying operating system. Unfortunately, most OS level protection mechanisms can be turned off after an attacker manages to exploit a vulnerability to gain privileged access.This paper proposes SVGrid, a Secure Virtual Grid computing environment, to protect grid computers' filesystem and network from malicious grid applications. SVGrid works by isolating grid applications in one or more grid virtual machines whose filesystem and network service are moved into a dedicated monitor virtual machine. All file and network access requests are then forced to go through the monitor virtual machine, where security policies can be enforced. The resource compartment guarantees that appropriate security policy enforcement cannot be bypassed or disabled, even if a grid virtual machine is compromised. We tested SVGrid against attacks on grid virtual machine using rootkit and internet worm, SVGrid was able to prevent both of them from maliciously accessing filesystem and network. We also evaluated the performance of SVGrid system and only found that performance cost was reasonable considering the security benefits of SVGrid.