Ali Younes

Grid computing security mechanisms: State-of-the-art

Until recently, application developers could often assume a target environment that was homogeneous, reliable, secure, and centrally managed. However, with the advent of collaborative computing and data sharing, more and more new modes of interaction have evolved resulting in the need and use of distributed resources. Work within this community has led to the development of Grid technologies [1], which address precisely these problems. In grid computing, heterogeneous resources distributed geographically are virtualized as a unified whole. Grid computing, as a result, provides enormous opportunities in terms of resource sharing, maximization of resource utilization and virtualization of resources. Because of its immense potential, not only the scientific community, but also the IT enterprise communities are excited about its prospect. A recent survey ranked grid computing as sixth on priority lists for IT spending among industry professionals [5]. With this much interest, security becomes necessary to provide authentication, authorization, resource protection, secure communication, data confidentiality, data integrity, trust policies management, user key and credential management, service protection, and network security. This paper provides an insight classification of the different mechanisms and methods of security in grid computing environment, and also discusses the solutions for each category and its limitation in order to define the real problems in grid computing security. In our approach, we categorize the security solutions into Resources Level, Service Level, Authentication & Authorization Level, Information Level, and Management Level Solutions.

Tolerating malicious resources to ensure safe computations in grid systems

Grid computing has recently seen a great importance in diverse applications domains of scientific, industrial, and commercial activities, which demand huge computational power. Unlike traditional cluster computing, large scale grids permit the sharing of grid resources spread through different administrative sites autonomy. The distributed and dynamic features of grid resources, their architectures heterogeneity, and unreliable interconnection network increases the probability of attacks and malicious behavior of grid resources. In Grid applications, reliability and security assurance of execution are two basic requirements. Thus, it is necessary to guarantee that, among the shared grid resources, there are no malicious behaviors interested in invalidating or corrupting the job results. In order to ensure reliable and safe jobs computation in grid systems, we have proposed a new approach for tolerating malicious grid resources by using reputation to improve the efficiency of majority voting mechanisms. The grid broker service investigates the trustworthy of the grid resources that are used in the voting procedure; this investigation is based on reputation management system which maintains a reputation value for each grid resource based on its historical behavior. The validation of the result is then decided based on the reputation level of the grid resources.

The Effectiveness of Reputation-Based Voting for Collusion Tolerance in Large-Scale Grids

Large scale grids permit to share grid resources spread over different autonomous administrative sites in the internet. The rapid progress of grid systems opens the door for numerous companies to adopt this technology in their business development. This progress is characterized by the increasing openness and opportunity of resource-sharing across organizations in different domains. In the business context, these shared resources can be misused by some malicious users that can abuse the provided resources and make them behave maliciously to return wrong results and sabotage the jobs execution. The common technique used by most grid systems to deal with this problem is based on replication with voting. Nevertheless, these techniques rely on the assumption that the grid resources behave independently. They may be ineffective where a number of collusive resources collectively return the same wrong results of a job execution. In order to overcome this threat, we propose a reputation-based voting (RBV) approach, which investigates the trustworthiness of the grid resources through a reputation system, and then takes a decision about the results. In addition, the performance of our approach and other voting techniques, like m-first voting and credibility-based voting, are evaluated through simulation to perceive the effect of collusive grid resources on the correctness of the results. The obtained results show that our approach achieves a lower error-rate and better performance in terms of overhead.

SFL Algorithm for QoS-based Cloud Service Composition

With the advent of cloud service-based applications and Software as a Service (SaaS), new applications have recently known an increasing use of service-oriented architecture (SOA). This model has allowed computer science and associated industries to build new customized applications, by using the available and the existing cloud services bridged together dynamically to form a complex workflow process with more functionalities. However cloud services with similar and compatible functionalities may be offered by multiple providers but may also be offered at different QoS levels. Hence, to build a composite service with a high QoS, a decision should be made based on end-to-end QoS. This work proposes a new approach, for QoS-aware cloud service composition, which addresses a universal model, with end-toend QoS. It also proposes an effective evolutionary method based on Shuffled Frog Leaping Algorithm (SFLA), which is satisfying global and local constraints. Therefore, in order to evaluate the robustness of the proposed approach, we have evaluated the impact of several parameters that are highly significant in evolutionary methods, such as the impact of the population size, number of candidate services per task and number of criteria. The experimental results show that the chosen algorithm performs better than the ones based on Genetic Algorithm (GA).

Grid computing middleware information systems: Review and synthesis study

Information services are one of the most important requirements of the grid system. They include Discovery and Monitoring of the resources. The discovery is the process of finding the computational resource/service. The Monitoring detects and diagnoses problems. Both require the information collection about the resources from the complete grid environment. This paper intends to explore some mechanisms of resource discovery, which are quite important within the Grid Environments. That is, the resource discovery should find out the preferred resources quickly and assign them in a timely manner to the requesting terminal. An in-depth review and analysis study is carried out about the previous work related to resource discovery.

A fuzzy MADM approach for grid services composition

In service oriented computing applications, different resources in grid systems are encapsulated abstractly as services. Sometime, single service software can provide valuable service functions for service consumers, but most of the time, single atomic service can not satisfy them. In this case, the system builds a new composite service, which selects all available qualified grid service for composition. Services with similar and compatible functionality may be offered at different QoS levels. Thus, to build a service process, decisions must be made to select component services at appropriate QoS levels. Therefore, quality of service (QoS) aspects is crucial for selecting the grid services to take part in the composition of the new service. In this paper, we address to the problem of Grid services composition based on QoS parameters with end-to-end constraints, we suggest a new model, which transform any model of composition to a sequential model, and we propose a new approach based on the application of a Fuzzy Multiple Attribute Decision Making technique in order to guide the composition process to selected an optimal composite service.

Compromised Resources Tolerance in Grid Computing Systems

In the past ten years, grid computing has been heavily researched and developed. At the present, grid technology has matured enough to enable the realization of workable and commercial infrastructures, platforms and tools, ready to be used in production environments ranging from scientific to commercial application domains. As grid resources are used outside of organizational boundaries, it becomes increasingly difficult to guarantee that a resource being used is not malicious in some way. However, the critical grid application domains require many protections against malicious entities or massive attacks. It is then necessary to detect and tolerate malicious behavior of grid resources (or resources provider) in order to enhance the efficiency of grid security architecture. In this paper, we will propose and discuss an attack-tolerance mechanism based on sabotage tolerance technique. The grid broker service will build the reputation of all resources provider, by observing their trustworthiness from their previous results. The reputation value can be used in the validation process of job result by using majority voting technique.

A new mechanism to ensure integrity for MapReduce in cloud computing

MapReduce has been widely used as a powerful parallel data processing model and is adopted by most cloud providers to built cloud computing framework. However, in open cloud systems, security of computation becomes a great challenge. Moreover, MapReduce data-processing services are long-running, which increase the opportunity that an adversary launches attack to the workers and make them behave maliciously and, then tamper with the computation integrity of user tasks where their executions are generally performed in different administration domains out of the user control. Thus, the results of the computation might be erroneous and dishonest. In this paper, we propose a new mechanism based on weighted t-first voting method for ensuring the integrity of MapReduce in open cloud computing environment. Our mechanism can defeat both collusive and non-collusive malicious entities and thus guarantee high computation accuracy.

Computaion integrity mechanism for MapReduce in cloud computing system

MapReduce has been widely used as a powerful parallel data processing model and is adopted by most cloud providers to build cloud computing framework. However, in open cloud systems, security of computation becomes a great challenge. Moreover, MapReduce data-processing services are long-running, which increases the possibility that an adversary launches an attack on the workers and make them behave maliciously and then tamper with the computation integrity of user tasks where their executions are generally performed in different administration domains out of the user control. Thus, the results of the computation might be erroneous and dishonest. In this paper, we propose a new mechanism based on weighted t-first voting method for ensuring the integrity of MapReduce in open cloud computing environment. Our mechanism can defeat both collusive and non-collusive malicious entities and therefore guarantee high computation accuracy.