Learn How a Virtual Networking Approach Can Strengthen the Security of Federal Networks REGISTER >
And the commercial sector has begun to take notice.
''Companies that rely on computationally intensive tasks, such as rendering frames of movies, hardware verification, software building, infrastructure testing and some financial applications, are attracted to the same tools that scientists use for the grid,'' says Ian Alderman, a Ph.D student, who also is a member of the Condor Project, based at the University of Wisconsin in Madison.
The SETI grid model, for example, is being harnessed by pharmaceutical and stock brokering companies to extend their analysis applications and utilize any spare computer power from idling office computers at night.
Such scenarios, however, highlight the importance of security.
While these external firms are working for the same manufacturer, they are often direct competitors. Resource sharing has to be managed so they have enough access to be able to compute, but not enough to be able to steal each other's secrets.
''Perhaps the biggest challenge in grid computing is security,'' says Sasan Hamadi, chief security officer at Interval International Inc., a Miami-based resort and vacation company, which is using grid technology.
Computing in Concert
Grid computing is essentially a diverse array of machines and other resources being used in concert to rapidly process and solve problems beyond an organization's available capacity. Grids function by partitioning problems into smaller tasks. Each node within the grid is given some code and asked to solve a piece of a larger problem.
According to Hamadi, the main advantages are the resolution of large-scale problems, reduction of time-to-market, enhancement of the business process, and lowered cost of computing. Beyond that, though, it could open the door to innovative goods and services, as well as alternative methods of marketing products.
For those benefits to be realized on a grand scale, however, grid security will have to reach maturity.
Fortunately, grids have gone relatively unmolested by the bad hats. The biggest breach to date was an attack against a series of universities and government agencies last year. Interestingly, this attack was not directed towards grid software, but against a broadly adopted software component used for remote logins to UNIX and Linux systems. Essentially, a local privilege escalation attack was used to obtain passwords, and those passwords were used to log in to other machines. Attackers then repeated the process.
''Users had access to several of these systems, and the attackers used this to quickly jump from one place to the next, creating more or less global havoc in no time,'' says Stockholm, Sweden-based Olle Mulmo, security area director for the Global Grid Forum and security architect for the world's largest production grid to date. ''The most important lesson learned from this attack is that if one site is vulnerable, nearly all sites are. This has prompted us to put a lot of energy into preparing for when an attack comes, not if it will come.''
That means a heavy investment of time and effort on tools that can quickly disable what grid computing has enabled. Though this problem is not fully resolved, Mulmo reports that the grid community is working in that direction.
For grid computing to become commercially viable, the potential compromise of corporate secrets has to be addressed. That's why most commercial grid projects to date have been in-house. As long as you have traditional security measures in place and can trust your developers and vendors, there is no grid-specific threat. But when your grid extends beyond the bounds of the corporate firewall, a whole vista of new concerns emerges.
When you let someone use your computer cycles, for example, how do you ensure that what is executed is not something destructive, such a Trojan horse that steals company secrets or reads email. The answer to that is isolation.
There are several techniques that will ''sandbox'' an application, meaning that it will permit certain functions while denying other ones. That is a simple approach, though perhaps not the best.
''Virtual machines are a heavyweight solution to this problem but could be made very secure,'' says Alderman. ''Sandboxing is easier to implement but probably less effective.''
Access control -- or simply keeping the bad guys out -- is another important security facet. But in such a distributed problem, access control is far from easy.
Several solutions currently exist, according to Mulmo, who also co-founded the Globus Alliance, which fosters the research and development of grid middleware technologies. One solution is to ask a central service at runtime if a user is permitted to perform a certain operation. Another approach is to have users provide ''evidence'' ahead of time that they are indeed allowed to perform the operations requested.
Both solutions have their pros and cons with regard to performance, scalability, management and security.
''Ultimately, it's a question of where in the system you will place the complexity,'' says Mulmo. ''Which solution you would finally choose depends on your particular use case and your specific application needs.''
For grid authentication to work properly, a global identification scheme is required. Currently, the grid community is favoring a Public Key Infrastructure (PKI) certificate format known as X.509. This is the same technology that identifies your online banking or travel reservation services, and provides an added assurance that you won't send your credit card details to the wrong person.
''Grid users need to have strong protection mechanisms to securely store private keys, to revoke certificates and secure applications being used within the grid,'' says Hamadi.
The problem with this PKI scheme, says Mulmo, is that setting up an X.509-based infrastructure can be expensive. More flexibility, therefore, is needed to reduce costs while maintaining security.
And then there are the gray areas.
If a user gives a task to the grid, does that task have the full rights of that user? If so, what if an attacker gets ahold of the task? How do you give the tasks just the rights they need, but not more?
''Even if you are able to delegate a subset of rights, you still need to keep those rights out of the wrong hands,'' says Alderman. ''The techniques used for digital rights management (DRM) might be effective at providing confidentiality and integrity guarantees in a grid setting.''
But security of the grids themselves may actually prove to be less of a stumbling point in corporate adoption than the thorny subject of licensing security.
How do you move a software license, which is required to run your program, from one organization to another? The grid concept is juxtaposed against the traditional software licensing models used worldwide.
''Today, you cannot move licenses in a secure manner, or without breaking the licensing terms,'' says Mulmo. ''This problem strikes at the heart of currently used licensing management schemes, and while it is being investigated, it is still unresolved at this point in time.''