Publication and Protection of Sensitive Site Information in a Grid Infrastructure
In order to create a successful grid infrastructure, sites and resource providers must be able to publish information about their underlying resources and services. This information makes it easier for users and virtual organizations to make intelligent decisions about resource selection and scheduling, and can be used by the grid infrastructure for accounting and troubleshooting services. However, such an outbound stream may include data deemed sensitive by a resource-providing site, exposing potential security vulnerabilities or private user information to the world at large, including malicious entities. This study analyzes the various vectors of information being published from sites to grid infrastructures. In particular, it examines the data being published to, and collected by the Open Science Grid, including resource selection, monitoring, accounting, troubleshooting, logging and site verification data. We analyze the risks and potential threat models posed by the publication and collection of such data. We also offer some recommendations and best practices for sites and grid infrastructures to manage and protect sensitive data.
- Research Organization:
- Lawrence Berkeley National Lab. (LBNL), Berkeley, CA (United States)
- Sponsoring Organization:
- National Energy Research Scientific Computing Division
- DOE Contract Number:
- DE-AC02-05CH11231
- OSTI ID:
- 934956
- Report Number(s):
- LBNL-660E; TRN: US200815%%45
- Resource Relation:
- Conference: The First Workshop on Security, Trust and Privacy in Grid Environments at the 8th IEEE International Symposium on Cluster Computing and the Grid, Lyon, France, 05/19-22/2008
- Country of Publication:
- United States
- Language:
- English
Similar Records
Grid accounting service: state and future development
MetaPhortress: A Situational Awareness Platform