Ahmed Bendahmane

Grid computing security mechanisms: State-of-the-art

Until recently, application developers could often assume a target environment that was homogeneous, reliable, secure, and centrally managed. However, with the advent of collaborative computing and data sharing, more and more new modes of interaction have evolved resulting in the need and use of distributed resources. Work within this community has led to the development of Grid technologies [1], which address precisely these problems. In grid computing, heterogeneous resources distributed geographically are virtualized as a unified whole. Grid computing, as a result, provides enormous opportunities in terms of resource sharing, maximization of resource utilization and virtualization of resources. Because of its immense potential, not only the scientific community, but also the IT enterprise communities are excited about its prospect. A recent survey ranked grid computing as sixth on priority lists for IT spending among industry professionals [5]. With this much interest, security becomes necessary to provide authentication, authorization, resource protection, secure communication, data confidentiality, data integrity, trust policies management, user key and credential management, service protection, and network security. This paper provides an insight classification of the different mechanisms and methods of security in grid computing environment, and also discusses the solutions for each category and its limitation in order to define the real problems in grid computing security. In our approach, we categorize the security solutions into Resources Level, Service Level, Authentication & Authorization Level, Information Level, and Management Level Solutions.

Tolerating malicious resources to ensure safe computations in grid systems

Grid computing has recently seen a great importance in diverse applications domains of scientific, industrial, and commercial activities, which demand huge computational power. Unlike traditional cluster computing, large scale grids permit the sharing of grid resources spread through different administrative sites autonomy. The distributed and dynamic features of grid resources, their architectures heterogeneity, and unreliable interconnection network increases the probability of attacks and malicious behavior of grid resources. In Grid applications, reliability and security assurance of execution are two basic requirements. Thus, it is necessary to guarantee that, among the shared grid resources, there are no malicious behaviors interested in invalidating or corrupting the job results. In order to ensure reliable and safe jobs computation in grid systems, we have proposed a new approach for tolerating malicious grid resources by using reputation to improve the efficiency of majority voting mechanisms. The grid broker service investigates the trustworthy of the grid resources that are used in the voting procedure; this investigation is based on reputation management system which maintains a reputation value for each grid resource based on its historical behavior. The validation of the result is then decided based on the reputation level of the grid resources.

An Overview of the State-of-the-Art of Cloud Computing Cyber-Security

During the last few years, there has been a rapid and an increasing development and adoption of cloud computing systems, technologies, applications and services. This is owing mainly to many benefits this technology offers for businesses and organizations. However, Cyber-security is considered among the most important issues and concerns for widespread adoption of cloud computing. Among the major issues related with Cloud Computing security we can mention data security, intrusions attacks, confidentiality and data integrity. This paper is dedicated to an overview study of the state of the art of cloud computing cyber-security. With the main objective to identify the main challenges and issues in this field, the different approaches and solutions proposed to address them and the open problems that need to be addressed.

The Effectiveness of Reputation-Based Voting for Collusion Tolerance in Large-Scale Grids

Large scale grids permit to share grid resources spread over different autonomous administrative sites in the internet. The rapid progress of grid systems opens the door for numerous companies to adopt this technology in their business development. This progress is characterized by the increasing openness and opportunity of resource-sharing across organizations in different domains. In the business context, these shared resources can be misused by some malicious users that can abuse the provided resources and make them behave maliciously to return wrong results and sabotage the jobs execution. The common technique used by most grid systems to deal with this problem is based on replication with voting. Nevertheless, these techniques rely on the assumption that the grid resources behave independently. They may be ineffective where a number of collusive resources collectively return the same wrong results of a job execution. In order to overcome this threat, we propose a reputation-based voting (RBV) approach, which investigates the trustworthiness of the grid resources through a reputation system, and then takes a decision about the results. In addition, the performance of our approach and other voting techniques, like m-first voting and credibility-based voting, are evaluated through simulation to perceive the effect of collusive grid resources on the correctness of the results. The obtained results show that our approach achieves a lower error-rate and better performance in terms of overhead.

Grid computing middleware information systems: Review and synthesis study

Information services are one of the most important requirements of the grid system. They include Discovery and Monitoring of the resources. The discovery is the process of finding the computational resource/service. The Monitoring detects and diagnoses problems. Both require the information collection about the resources from the complete grid environment. This paper intends to explore some mechanisms of resource discovery, which are quite important within the Grid Environments. That is, the resource discovery should find out the preferred resources quickly and assign them in a timely manner to the requesting terminal. An in-depth review and analysis study is carried out about the previous work related to resource discovery.

A fuzzy MADM approach for grid services composition

In service oriented computing applications, different resources in grid systems are encapsulated abstractly as services. Sometime, single service software can provide valuable service functions for service consumers, but most of the time, single atomic service can not satisfy them. In this case, the system builds a new composite service, which selects all available qualified grid service for composition. Services with similar and compatible functionality may be offered at different QoS levels. Thus, to build a service process, decisions must be made to select component services at appropriate QoS levels. Therefore, quality of service (QoS) aspects is crucial for selecting the grid services to take part in the composition of the new service. In this paper, we address to the problem of Grid services composition based on QoS parameters with end-to-end constraints, we suggest a new model, which transform any model of composition to a sequential model, and we propose a new approach based on the application of a Fuzzy Multiple Attribute Decision Making technique in order to guide the composition process to selected an optimal composite service.

Compromised Resources Tolerance in Grid Computing Systems

In the past ten years, grid computing has been heavily researched and developed. At the present, grid technology has matured enough to enable the realization of workable and commercial infrastructures, platforms and tools, ready to be used in production environments ranging from scientific to commercial application domains. As grid resources are used outside of organizational boundaries, it becomes increasingly difficult to guarantee that a resource being used is not malicious in some way. However, the critical grid application domains require many protections against malicious entities or massive attacks. It is then necessary to detect and tolerate malicious behavior of grid resources (or resources provider) in order to enhance the efficiency of grid security architecture. In this paper, we will propose and discuss an attack-tolerance mechanism based on sabotage tolerance technique. The grid broker service will build the reputation of all resources provider, by observing their trustworthiness from their previous results. The reputation value can be used in the validation process of job result by using majority voting technique.

An Efficient Approach to Improve Security for MapReduce Computation in Cloud System

Running MapReduce computation in public cloud raises a series of security challenges since the service providers may not be properly protected. Due to the fact that the MapReduce applications are long-running, which increases the chance of an attacker to massively perform malicious attacks by exploiting the workers vulnerability, many workers may be compromised. Those workers could misbehave and thereby tamper the results integrity of all computations assigned to them. To tackle this challenge, this paper proposes an effective Result Verification Mechanism (RVM) using a reputation threshold-based voting method to ensure the result integrity of MapReduce on the map and reduce phases. Therefore, render the MapReduce computation accurate. Another major contribution of this paper is that we implement RVM based on Apache Hadoop and perform a series of experiments. The evaluation study of the experimental results demonstrate that RVM can significantly reduce computation overhead and guarantee a low error rate as compared to the simple voting method like m-first voting.

Classification of Cloud Systems Cyber-security Threats and Solutions Directives

Cloud computing cyber security is a subject that has been in top flight for a long period and even in near future. However, cloud computing permit to stock up a huge number of data in the cloud stockage, and allow the user to pay per utilization from anywhere via any terminal equipment. Among the major issues related to Cloud Computing security, we can mention data security, denial of service attacks, confidentiality, availability, and data integrity. This paper is dedicated to a taxonomic classification study of cloud computing cyber-security. With the main objective to identify the main challenges and issues in this field, the different approaches and solutions proposed to address them and the open problems that need to be addressed.

A new mechanism to ensure integrity for MapReduce in cloud computing

MapReduce has been widely used as a powerful parallel data processing model and is adopted by most cloud providers to built cloud computing framework. However, in open cloud systems, security of computation becomes a great challenge. Moreover, MapReduce data-processing services are long-running, which increase the opportunity that an adversary launches attack to the workers and make them behave maliciously and, then tamper with the computation integrity of user tasks where their executions are generally performed in different administration domains out of the user control. Thus, the results of the computation might be erroneous and dishonest. In this paper, we propose a new mechanism based on weighted t-first voting method for ensuring the integrity of MapReduce in open cloud computing environment. Our mechanism can defeat both collusive and non-collusive malicious entities and thus guarantee high computation accuracy.