Abstract
The USC GridSec project develops distributed security infrastructure and self-defense capabilities to secure wide-area networked resource sites participating in a Grid application. We report new developments in trust modeling, security-binding methodology, and defense architecture against intrusions, worms, and flooding attacks. We propose a novel architectural design of Grid security infrastructure, security binding for enhanced Grid efficiency, distributed collaborative IDS and alert correlation, DHT-based overlay networks for worm containment, and pushback of DDoS attacks. Specifically, we present a new pushback scheme for tracking attack-transit routers and for cutting malicious flows carrying DDoS attacks. We discuss challenging research issues to achieve secure Grid computing effectively in an open Internet environment.
The paper was presented in the International Workshop on Grid Computing Security and Resource Management (GSRM’05) in conjunction with the International Conference on Computational Science (ICCS 2005), Emory University, Atlanta, May 22-25, 2005. The research reported here was fully supported by an NSF ITR Grant 0325409. Corresponding author: Kai Hwang, USC Internet and Grid Computing Lab, EEB 212, Los Angeles, CA 90089. E-mail: kaihwang@usc.edu, Tel.: (213) 740-4470. Y.-K. Kwok participated in this project when he was a visiting associate professor at USC on sabbatical leave from HKU.
Chapter PDF
Similar content being viewed by others
References
Cai, M., Hwang, K., Kwok, Y.-K., Chen, Y., Song, S.: Fast Conatinment of Internet Worms for Epidemic Defense using Distributed-Hashing Overlays. In: IEEE Security and Privacy. Submitted July 2004 and revised March 6, November/December (2005) (to appear)
Cai, M., Kwok, Y.-K., Hwang, K.: Inferring Network Anomalies from Mices: A Low-Complexity Traffic Monitoring Approach. Preparation for submission to ACM SIGCOMM Workshop on Mining Network Data (2005)
Chen, Y., Kwok, Y.-K., Hwang, K.: MAFIC: Adaptive Packet Dropping for Cutting Malicious Flows to Pushback DDoS Attacks. In: Proc. Int’l Workshop on Security in Distributed Systems (SDCS-2005), in conjunction with ICDCS 2005, Columbus, Ohio, USA (June 2005)
Cuppens, F., Miege, A.: Alert Correlation in a Cooperative Intrusion Detection Framework. In: IEEE Symposium on Security and Privacy, pp. 187–200 (2002)
Durand, M., Flajolet, P.: LogLog Counting of Large Cardinalities. In: Proc. European Symp. on Algorithms (2003)
Hwang, K., Chen, Y., Liu, H.: Protecting Network-Centric Computing System from Intrusive and Anomalous Attacks. In: Proc. IEEE Workshop on Security in Systems and Networks (SSN 2005), in conjunction with IPDPS 2005, April 8 (2005)
Kamvar, S., Schlosser, M., Garcia-Molina, H.: The EigenTrust Algorithm for Reputation Management in P2P Networks. In: Proc. of WWW (2003)
Kim, H.A., Karp, B.: Autograph: Toward Automated Distributed Worm Signature Detection. In: Proc. USENIX Security Symposium (2004)
Kodialam, M., Lakshman, T.V., Lau, W.C.: High-speed Traffic Measurement and Analysis Methodologies and Protocols. Bell Labs Technical Memo (August 2004)
Nagaratnam, N., Janson, P., Dayka, J., Nadalin, A., Siebenlist, F., Welch, V., Tuecke, S., Foster, I.: Security Architecture for Open Grid Services, http://www.ggf.org/ogsa-sec-wg
Singh, S., Estan, C., Varghese, G., Savage, S.: Automated Worm Fingerprinting. In: Proc. of the USENIX Symp.on Operating System Design and Implementation, S.F. (December 2004)
Song, S., Hwang, K., Kwok, Y.-K.: Security Binding for Trusted Job Outsourcing in Open Computational Grids. IEEE Trans. Parallel and Dist. Systems (revised December 2004)
Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: A P2P Lookup Protocol for Internet Applications. In: Proc. ACM SIGCOMM (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hwang, K. et al. (2005). GridSec: Trusted Grid Computing with Security Binding and Self-defense Against Network Worms and DDoS Attacks. In: Sunderam, V.S., van Albada, G.D., Sloot, P.M.A., Dongarra, J. (eds) Computational Science – ICCS 2005. ICCS 2005. Lecture Notes in Computer Science, vol 3516. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11428862_27
Download citation
DOI: https://doi.org/10.1007/11428862_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26044-8
Online ISBN: 978-3-540-32118-7
eBook Packages: Computer ScienceComputer Science (R0)