Abstract
Technological trend and the advent of worldwide networks, such as the Internet, made computing systems more and more powerful, increasing both processing and storage capabilities. In Grid computing infrastructures, the data storage subsystem is physically distributed among several nodes and logically shared among several users. This highlights the necessity of a) availability for authorized users only, b) confidentiality, and c) integrity of information and data: in one term security. In this work we face the problem of data security in Grid, by proposing a lightweight cryptography algorithm combining the strong and highly secure asymmetric cryptography technique (RSA) with the symmetric cryptography (AES). The proposed algorithm, we named Grid secure storage system (GS3), has been implemented on top of the Grid file access library (GFAL) of the gLite middleware, in order to provide a file system service with cryptography capability and POSIX interface. The choice of implementing GS3 as a file system, the GS3FS, allows to protect the file system structure also, and to overcome the well-known problem of file rewriting in gLite/GFAL environments. In the specification of the GS3FS, particular care is addressed on providing a usable user interface and on implementing a file system that has low impact on the middleware. The final result is the introduction of a new storage Grid service into the gLite middleware, whose overall characteristics are never offered before, at the best of authors’ knowledge. The paper describes and details both the GS3 algorithm and its implementation; the performance of such implementation are evaluated discussing the obtained results and possible application scenarios in order to demonstrate its effectiveness and usefulness.
Similar content being viewed by others
References
Fuse: File system in user space. URL: http://fuse.sourceforge.net/ (2007)
Abbas, A.: Grid Computing : Practical Guide to Technology & Applications, 1st edn., chap. 8. G. Charles River Media, Rockland (2003)
Andrews, P., Kovatch, P., Jordan, C.: Massive high-performance global file systems for Grid computing. In: SC ’05: Proceedings of the 2005 ACM/IEEE Conference on Supercomputing, p. 53. IEEE Computer Society, Washington, DC (2005). doi:10.1109/SC.2005.44
Bhardwaj, D., Sinha, M.K.: Gridfs: highly scalable i/o solution for clusters and computational Grids. Int. J. Comput. Sci. Eng. 2(5/6), 287–291 (2006). doi:10.1504/IJCSE.2006.014771
Blanchet, C., Mollon, R., Deleage, G.: Building an encrypted file system on the egee Grid: application to protein sequence analysis. In: ARES ’06: Proceedings of the First International Conference on Availability, Reliability and Security, pp. 965–973. IEEE Computer Society, Washington, DC (2006)
Brunie, L., Seitz, L., Pierson, J.-M.: Key management for encrypted data storage in distributed systems. In: IEEE Security in Storage Workshop, pp. 20–30, October 2003. IEEE Computer Society, Washington, DC (2003)
Chakrabarti, A.: Grid Computing Security. Springer, New York (2007)
Chakrabarti, A., Damodaran, A., Sengupta, S.: Grid computing security: a taxonomy. IEEE Secur. Priv. 6(1), 44–51 (2008). doi:10.1109/MSP.2008.12
Directorate for Science, Technology and Industry—Committee For Information, Computer And Communications Policy: The development of policies for the protection of critical information infrastructures (cii). Tech. rep., Organisation for Economic Co-operation and Development. http://www.oecd.org/dataoecd/25/10/40761118.pdf (2006)
EGRID Project: ELFI file system: EGEE Grid storage in a local filesystem interface. http://www.egrid.it/sw/elfi. Accessed 19 March 2010
Foster, I.: What is the Grid?—a three point checklist. GRIDtoday 1(6), 22–25 (2002)
Foster, I., Kesselman, C., Nick, J., Tuecke, S.: The physiology of the Grid: an open Grid services architecture for distributed systems integration. URL: citeseer.ist.psu.edu/foster02physiology.html (2002)
Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the Grid: enabling scalable virtual organizations. Int. J. High Perform. Comput. Appl. 15(3), 200–222 (2001)
Fruhwirth, C.: New methods in hard disk encryption. Tech. rep., Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology. URL: http://clemens.endorphin.org/nmihde/nmihde-A4-ds.pdf (2005)
Ganguly, A., Agrawal, A., Boykin, P., Figueiredo, R.: Wow: self-organizing wide area overlay networks of virtual workstations. J. Grid Computing 5(2), 151–172 (2007). doi:10.1007/s10723-007-9076-6
Garfinkel, S.: PGP: Pretty Good Privacy. O’Reilly Media (1994)
Ghemawat, S., Gobioff, H., Leung, S.T.: The google file system. SIGOPS Oper. Syst. Rev. 37(5), 29–43 (2003)
Global Grid Forum: Grid file system working group (gfs-wg). http://phase.hpcc.jp/ggf/gfs-rg/ (2003)
Global Grid Forum Working Group: Grid File System Architecture Workbook, vol. 1.0 (2006)
GNU: GPG—GNU privacy guard—documentation sources—GnuPG.org. URL: http://www.gnupg.org/documentation/. Accessed 19 March 2010
GridSite Project: SlashGrid: transparent Grid access to HTTP(S) servers. http://www.gridsite.org/slashgrid/. Accessed 19 March 2010
Grimshaw, A.S., Wulf, W.A., The Legion Team, C.: The legion vision of a worldwide virtual computer. Commun. ACM 40(1), 39–45 (1997). doi:10.1145/242857.242867
Globus security infrastructure. http://www.globus.org/security/. Accessed 19 March 2010
Honeyman, P., Adamson, W., McKee, S.: Gridnfs: global storage for global collaborations. In: International Symposium on Mass Storage Systems and Technology, vol. 0, pp. 111–115 (2005). doi:10.1109/LGDI.2005.1612477
Howard, J.H., Kazar, M.L., Menees, S.G., Nichols, D.A., Satyanarayanan, M., Sidebotham, R.N., West, M.J.: Scale and performance in a distributed file system. ACM Trans. Comput. Syst. 6(1), 51–81 (1988). doi:10.1145/35037.35059
Hwang, K., kwong Kwok, Y., Song, S., Cai, M., Chen, Y., Chen, Y., Zhou, R., Lou, X.: Gridsec: trusted Grid computing with security binding and self-defense against network worms and DDoS attacks. In: International Workshop on Grid Computing Security and Resource Management (GSRM’05), in Conjunction with ICCS 2005, pp. 187–195 (2005)
Hydra project: https://twiki.cern.ch/twiki/bin/view/EGEE/DMEncryptedStorage. Accessed 19 March 2010
IBM Corporation: Smart storage management with IBM general parallel file system (GPFSTM). White paper (2009). ftp://ftp.software.ibm.com/common/ssi/pm/fy/n/clf03001usen/CLF03001USEN.PDF
Institute of Electrical and Electronics Engineers, Los Alamitos, CA, USA: The Authoritative Dictionary of IEEE Standards Terms, 7t h edn. Institute of Electrical and Electronics Engineers, Los Alamitos (2000)
International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), Geneva, Switzerland: ISO/IEC 27002:2005 Standard: Information Technology—Security Techniques—Code of Practice for Information Security Management. ISO and IEC, Geneva (2005)
ISO/IEC: ISO/IEC 27002:2005: Information technology—security techniques—code of practice for information security management. http://www.iso27001security.com/html/27002.html (2005)
Junrang, L., Zhaohui, W., Jianhua, Y., Mingwang, X.: A secure model for network-attached storage on the Grid. In: SCC ’04: Proceedings of the 2004 IEEE International Conference on Services Computing, pp. 604–608. IEEE Computer Society, Washington, DC (2004)
Kesselman, C., Foster, I.: The Grid: Blueprint for a New Computing Infrastructure. Morgan Kaufmann, San Fransisco (1998)
Maad, S., Coghlan, B., Quigley, G., Ryan, J., Kenny, E., O’Callaghan, D.: Towards a complete Grid filesystem functionality. Future Gener. Comput. Syst. 23(1), 123–131 (2007). doi:10.1016/j.future.2006.06.006
Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography. CRC, Boca Raton (1996)
Microsystems, S.: Zfs learning center. URL: http://www.sun.com/software/solaris/zfs_learning_center.jsp (2009)
gLite Middleware Technical Committee: GFAL C API Description. CERN, Geneva
Montagnat, J., A. Frohner, D.J., Pera, C., Kunszt, P., Koblitz, B., Santos, N., Loomis, C., Texier, R., Lingrand, D., Guio, P., Rocha, R.B.D., de Almeida, A.S., Farkas, Z.: A secure Grid medical data manager interfaced to the gLite middleware. J. Grid Computing 6(1), 45–59 (2008)
Nadalin, A., Kaler, C., Monzino, R., Hallam-Baker, P.: Web services security: SOAp message 1.1 (WS-Security 2004). OASIS Standard Specification. Web Service Security (WSS)-OASIS, 1.1 edn. http://docs.oasis-open.org/wss/v1.1/ (2006)
Pacitti, E., Valduriez, P., Mattoso, M.: Grid data management: open problems and new issues. J. Grid Computing 5(3), 273–281 (2007)
eCryptfs Project WebSite: ecryptfs—enterprise cryptographic filesystem (2010)
Rivest, R.L., Shamir, A., Adelman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)
Rosenberg, J., Remy, D.: Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption. Sams, Indianapolis (2004)
Sandberg, R., Goldberg, D., Kleiman, S., Walsh, D., Lyon, B.: Design and implementation of the sun network filesystem. In: Proc. of Summer 1985 USENIX Conf., pp. 119–130. Portland OR (USA). URL: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.14.47%3 (1985)
Scardaci, D., Scuderi, G.: A secure storage service for the glite middleware. In: International Symposium on Information Assurance and Security, pp. 261–266. IEEE Computer Society, Los Alamitos (2007)
Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)
Stallings, W.: Cryptography and Network Security: Principles and Practice, 3rd edn. Pearson Education, Boston (2002)
Standards, F.I.P.: FIPS Publication 197: Advanced Encryption Standard (AES). National Institute of Standards and Technology (NIST), USA. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf (2001)
Sun Microsystems, Inc.: LUSTRETM FILE SYSTEM—High-Performance Storage Architecture and Scalable Cluster File System. White paper. URL: https://www.sun.com/offers/docs/LustreFileSystem.pdf (2008)
Tatebe, O., Soda, N., Morita, Y., Matsuoka, S., Sekiguchi, S.: Gfarm v2: a Grid file system that supports high-performance distributed and parallel data computing. In: Computing in High Energy Physics (CHEP) (2004)
Thain, D., Livny, M.: Parrot: An application environment for data-intensive computing. J. Parallel Distrib. Comput. Pract. 6, 9–18 (2004)
Thain, D., Moretti, C., Hemmes, J.: Chirp: a practical global filesystem for cluster and Grid computing. J. Grid Computing 7(1), 51–72 (2009). doi:10.1007/s10723-008-9100-5. URL: http://dx.doi.org/10.1007/s10723-008-9100-5
Tilborg, H.C.V.: Encyclopedia of Cryptography and Security. Springer, New York (2005)
Tipton, H.: Information Security Management Handbook, 5th edn. CRC, Boca Raton (2003)
Tu, M., Li, P., Yen, I.L., Thuraisingham, B., Khan, L.: Secure data objects replication in data Grid. IEEE Trans. Dependable Secur Comput 7, 50–64 (2010)
US National Archive and Records Administration: Executive Order 13292—Further Amendment to Executive Order 12958, as Amended, Classified National Security Information, vol. 68. US Federal Register. http://www.archives.gov/isoo/policy-documents/eo-12958-amendment.html (2003)
WebSite, T.P.: Truecrypt—Free Open-Source Disk Encryption Software (2010)
Weil, S., Brandt, S.A., Miller, E.L., Long, D.D.E., Maltzahn, C.: Ceph: a scalable, high-performance distributed file system. In: Proceedings of the 7th Conference on Operating Systems Design and Implementation (OSDI ’06), vol. 7. USENIX. URL: http://www.ssrc.ucsc.edu/proj/ceph.html (2006)
Zhao, M., Figueiredo, R.J.: A user-level secure Grid file system. In: SC ’07: Proceedings of the 2007 ACM/IEEE Conference on Supercomputing, pp. 1–11. ACM, New York (2007). doi:10.1145/1362622.1362683
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Cunsolo, V.D., Distefano, S., Puliafito, A. et al. GS3: a Grid Storage System with Security Features. J Grid Computing 8, 391–418 (2010). https://doi.org/10.1007/s10723-010-9157-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10723-010-9157-9