Grid-computing portals and security issues

Computational grids provide computing power by sharing resources across administrative domains. This sharing, coupled with the need to execute untrusted code from arbitrary users, introduces security hazards. Grid environments are built on top of platforms that control access to resources within a single administrative domain, at the granularity of a user. In wide-area multidomain grid environments, the overhead of maintaining user accounts is prohibitive, and securing access to resources via user accountability is impractical. Typically, these issues are handled by implementing checks that guarantee the safety of applications, so that they can run in shared user accounts. This work shows that safety checks--language-based, compile-time, link-time or load-time--currently implemented in most grid environments are either inadequate or limit allowed grid users and applications. A survey of various grid systems is presented, highlighting the problems and limitations of current grid environments. A runtime process monitoring technique is also proposed. The approach allows setting-up an execution environment that supports the full legitimate use allowed by the security policy of a shared resource. For shell-based applications, performance measurements of the proposed scheme show up to 2.14 times less overheads as compared to the case where all applications including the shell are monitored.