Dynamic system-wide reconfiguration of grid deployments in response to intrusion detections

Jonathan Rowanhill, Glenn Wasson, Zach Hill, Jim Basney, Yuliyan Kiryakov, John Knight, Anh Nguyen-Tuong, Andrew Grimshaw, Marty Humphrey

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As Grids become increasingly relied upon as critical infrastructure, it is imperative to ensure the highly-available and secure day-to-day operation of the Grid infrastructure. The current approach for Grid management is generally to have geographically-distributed system administrators contact each other by phone or email to debug Grid behavior and subsequently modify or reconfigure the deployed Grid software. For security-related events such as the required patching of vulnerable Grid software, this ad hoc process can take too much time, is error-prone and tedious, and thus is unlikely to completely solve the problems. In this paper, we present the application of the ANDREA management system to control Grid service functionality in near-real-time at scales of thousands of services with minimal human involvement. We show how ANDREA can be used to better ensure the security of the Grid: In experiments using 11,394 Globus Toolkit v4 deployments we show the performance of ANDREA for three increasingly-sophisticated reactions to an intruder detection: shutting down the entire Grid; incrementally eliminating Grid service for different classes of users; and issuing and applying a patch to the vulnerability exploited by the attacker. We believe that this work is an important first step toward automating the general day-to-day monitoring and reconfiguration of all aspects of Grid deployments.

Original languageEnglish (US)
Title of host publicationHigh Performance Computing and Communications - Third International Conference, HPCC 2007, Proceedings
PublisherSpringer-Verlag Berlin Heidelberg
Pages260-272
Number of pages13
ISBN (Print)9783540754435
DOIs
StatePublished - 2007
Event3rd International Conference on High Performance Computing and Communications, HPCC 2007 - Houston, TX, United States
Duration: Sep 26 2007Sep 28 2007

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4782 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other3rd International Conference on High Performance Computing and Communications, HPCC 2007
CountryUnited States
CityHouston, TX
Period9/26/079/28/07

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Dynamic system-wide reconfiguration of grid deployments in response to intrusion detections'. Together they form a unique fingerprint.

Cite this