Skip to main content
SpringerLink
Log in

GS3: a Grid Storage System with Security Features

  • Published:
Journal of Grid Computing Aims and scope Submit manuscript

Abstract

Technological trend and the advent of worldwide networks, such as the Internet, made computing systems more and more powerful, increasing both processing and storage capabilities. In Grid computing infrastructures, the data storage subsystem is physically distributed among several nodes and logically shared among several users. This highlights the necessity of a) availability for authorized users only, b) confidentiality, and c) integrity of information and data: in one term security. In this work we face the problem of data security in Grid, by proposing a lightweight cryptography algorithm combining the strong and highly secure asymmetric cryptography technique (RSA) with the symmetric cryptography (AES). The proposed algorithm, we named Grid secure storage system (GS3), has been implemented on top of the Grid file access library (GFAL) of the gLite middleware, in order to provide a file system service with cryptography capability and POSIX interface. The choice of implementing GS3 as a file system, the GS3FS, allows to protect the file system structure also, and to overcome the well-known problem of file rewriting in gLite/GFAL environments. In the specification of the GS3FS, particular care is addressed on providing a usable user interface and on implementing a file system that has low impact on the middleware. The final result is the introduction of a new storage Grid service into the gLite middleware, whose overall characteristics are never offered before, at the best of authors’ knowledge. The paper describes and details both the GS3 algorithm and its implementation; the performance of such implementation are evaluated discussing the obtained results and possible application scenarios in order to demonstrate its effectiveness and usefulness.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Fuse: File system in user space. URL: http://fuse.sourceforge.net/ (2007)

  2. Abbas, A.: Grid Computing : Practical Guide to Technology & Applications, 1st edn., chap. 8. G. Charles River Media, Rockland (2003)

  3. Andrews, P., Kovatch, P., Jordan, C.: Massive high-performance global file systems for Grid computing. In: SC ’05: Proceedings of the 2005 ACM/IEEE Conference on Supercomputing, p. 53. IEEE Computer Society, Washington, DC (2005). doi:10.1109/SC.2005.44

  4. Bhardwaj, D., Sinha, M.K.: Gridfs: highly scalable i/o solution for clusters and computational Grids. Int. J. Comput. Sci. Eng. 2(5/6), 287–291 (2006). doi:10.1504/IJCSE.2006.014771

    Google Scholar 

  5. Blanchet, C., Mollon, R., Deleage, G.: Building an encrypted file system on the egee Grid: application to protein sequence analysis. In: ARES ’06: Proceedings of the First International Conference on Availability, Reliability and Security, pp. 965–973. IEEE Computer Society, Washington, DC (2006)

  6. Brunie, L., Seitz, L., Pierson, J.-M.: Key management for encrypted data storage in distributed systems. In: IEEE Security in Storage Workshop, pp. 20–30, October 2003. IEEE Computer Society, Washington, DC (2003)

  7. Chakrabarti, A.: Grid Computing Security. Springer, New York (2007)

    MATH  Google Scholar 

  8. Chakrabarti, A., Damodaran, A., Sengupta, S.: Grid computing security: a taxonomy. IEEE Secur. Priv. 6(1), 44–51 (2008). doi:10.1109/MSP.2008.12

    Article  Google Scholar 

  9. Directorate for Science, Technology and Industry—Committee For Information, Computer And Communications Policy: The development of policies for the protection of critical information infrastructures (cii). Tech. rep., Organisation for Economic Co-operation and Development. http://www.oecd.org/dataoecd/25/10/40761118.pdf (2006)

  10. EGRID Project: ELFI file system: EGEE Grid storage in a local filesystem interface. http://www.egrid.it/sw/elfi. Accessed 19 March 2010

  11. Foster, I.: What is the Grid?—a three point checklist. GRIDtoday 1(6), 22–25 (2002)

    MathSciNet  Google Scholar 

  12. Foster, I., Kesselman, C., Nick, J., Tuecke, S.: The physiology of the Grid: an open Grid services architecture for distributed systems integration. URL: citeseer.ist.psu.edu/foster02physiology.html (2002)

  13. Foster, I., Kesselman, C., Tuecke, S.: The anatomy of the Grid: enabling scalable virtual organizations. Int. J. High Perform. Comput. Appl. 15(3), 200–222 (2001)

    Article  Google Scholar 

  14. Fruhwirth, C.: New methods in hard disk encryption. Tech. rep., Institute for Computer Languages, Theory and Logic Group, Vienna University of Technology. URL: http://clemens.endorphin.org/nmihde/nmihde-A4-ds.pdf (2005)

  15. Ganguly, A., Agrawal, A., Boykin, P., Figueiredo, R.: Wow: self-organizing wide area overlay networks of virtual workstations. J. Grid Computing 5(2), 151–172 (2007). doi:10.1007/s10723-007-9076-6

    Article  Google Scholar 

  16. Garfinkel, S.: PGP: Pretty Good Privacy. O’Reilly Media (1994)

  17. Ghemawat, S., Gobioff, H., Leung, S.T.: The google file system. SIGOPS Oper. Syst. Rev. 37(5), 29–43 (2003)

    Article  Google Scholar 

  18. Global Grid Forum: Grid file system working group (gfs-wg). http://phase.hpcc.jp/ggf/gfs-rg/ (2003)

  19. Global Grid Forum Working Group: Grid File System Architecture Workbook, vol. 1.0 (2006)

  20. GNU: GPG—GNU privacy guard—documentation sources—GnuPG.org. URL: http://www.gnupg.org/documentation/. Accessed 19 March 2010

  21. GridSite Project: SlashGrid: transparent Grid access to HTTP(S) servers. http://www.gridsite.org/slashgrid/. Accessed 19 March 2010

  22. Grimshaw, A.S., Wulf, W.A., The Legion Team, C.: The legion vision of a worldwide virtual computer. Commun. ACM 40(1), 39–45 (1997). doi:10.1145/242857.242867

    Article  Google Scholar 

  23. Globus security infrastructure. http://www.globus.org/security/. Accessed 19 March 2010

  24. Honeyman, P., Adamson, W., McKee, S.: Gridnfs: global storage for global collaborations. In: International Symposium on Mass Storage Systems and Technology, vol. 0, pp. 111–115 (2005). doi:10.1109/LGDI.2005.1612477

  25. Howard, J.H., Kazar, M.L., Menees, S.G., Nichols, D.A., Satyanarayanan, M., Sidebotham, R.N., West, M.J.: Scale and performance in a distributed file system. ACM Trans. Comput. Syst. 6(1), 51–81 (1988). doi:10.1145/35037.35059

    Article  Google Scholar 

  26. Hwang, K., kwong Kwok, Y., Song, S., Cai, M., Chen, Y., Chen, Y., Zhou, R., Lou, X.: Gridsec: trusted Grid computing with security binding and self-defense against network worms and DDoS attacks. In: International Workshop on Grid Computing Security and Resource Management (GSRM’05), in Conjunction with ICCS 2005, pp. 187–195 (2005)

  27. Hydra project: https://twiki.cern.ch/twiki/bin/view/EGEE/DMEncryptedStorage. Accessed 19 March 2010

  28. IBM Corporation: Smart storage management with IBM general parallel file system (GPFSTM). White paper (2009). ftp://ftp.software.ibm.com/common/ssi/pm/fy/n/clf03001usen/CLF03001USEN.PDF

  29. Institute of Electrical and Electronics Engineers, Los Alamitos, CA, USA: The Authoritative Dictionary of IEEE Standards Terms, 7t h edn. Institute of Electrical and Electronics Engineers, Los Alamitos (2000)

  30. International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC), Geneva, Switzerland: ISO/IEC 27002:2005 Standard: Information Technology—Security Techniques—Code of Practice for Information Security Management. ISO and IEC, Geneva (2005)

  31. ISO/IEC: ISO/IEC 27002:2005: Information technology—security techniques—code of practice for information security management. http://www.iso27001security.com/html/27002.html (2005)

  32. Junrang, L., Zhaohui, W., Jianhua, Y., Mingwang, X.: A secure model for network-attached storage on the Grid. In: SCC ’04: Proceedings of the 2004 IEEE International Conference on Services Computing, pp. 604–608. IEEE Computer Society, Washington, DC (2004)

  33. Kesselman, C., Foster, I.: The Grid: Blueprint for a New Computing Infrastructure. Morgan Kaufmann, San Fransisco (1998)

  34. Maad, S., Coghlan, B., Quigley, G., Ryan, J., Kenny, E., O’Callaghan, D.: Towards a complete Grid filesystem functionality. Future Gener. Comput. Syst. 23(1), 123–131 (2007). doi:10.1016/j.future.2006.06.006

  35. Menezes, A.J., Vanstone, S.A., Oorschot, P.C.V.: Handbook of Applied Cryptography. CRC, Boca Raton (1996)

    Book  Google Scholar 

  36. Microsystems, S.: Zfs learning center. URL: http://www.sun.com/software/solaris/zfs_learning_center.jsp (2009)

  37. gLite Middleware Technical Committee: GFAL C API Description. CERN, Geneva

  38. Montagnat, J., A. Frohner, D.J., Pera, C., Kunszt, P., Koblitz, B., Santos, N., Loomis, C., Texier, R., Lingrand, D., Guio, P., Rocha, R.B.D., de Almeida, A.S., Farkas, Z.: A secure Grid medical data manager interfaced to the gLite middleware. J. Grid Computing 6(1), 45–59 (2008)

    Article  Google Scholar 

  39. Nadalin, A., Kaler, C., Monzino, R., Hallam-Baker, P.: Web services security: SOAp message 1.1 (WS-Security 2004). OASIS Standard Specification. Web Service Security (WSS)-OASIS, 1.1 edn. http://docs.oasis-open.org/wss/v1.1/ (2006)

  40. Pacitti, E., Valduriez, P., Mattoso, M.: Grid data management: open problems and new issues. J. Grid Computing 5(3), 273–281 (2007)

    Article  Google Scholar 

  41. eCryptfs Project WebSite: ecryptfs—enterprise cryptographic filesystem (2010)

  42. Rivest, R.L., Shamir, A., Adelman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MATH  Google Scholar 

  43. Rosenberg, J., Remy, D.: Securing Web Services with WS-Security: Demystifying WS-Security, WS-Policy, SAML, XML Signature, and XML Encryption. Sams, Indianapolis (2004)

  44. Sandberg, R., Goldberg, D., Kleiman, S., Walsh, D., Lyon, B.: Design and implementation of the sun network filesystem. In: Proc. of Summer 1985 USENIX Conf., pp. 119–130. Portland OR (USA). URL: http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.14.47%3 (1985)

  45. Scardaci, D., Scuderi, G.: A secure storage service for the glite middleware. In: International Symposium on Information Assurance and Security, pp. 261–266. IEEE Computer Society, Los Alamitos (2007)

  46. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MATH  MathSciNet  Google Scholar 

  47. Stallings, W.: Cryptography and Network Security: Principles and Practice, 3rd edn. Pearson Education, Boston (2002)

    Google Scholar 

  48. Standards, F.I.P.: FIPS Publication 197: Advanced Encryption Standard (AES). National Institute of Standards and Technology (NIST), USA. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf (2001)

  49. Sun Microsystems, Inc.: LUSTRETM FILE SYSTEM—High-Performance Storage Architecture and Scalable Cluster File System. White paper. URL: https://www.sun.com/offers/docs/LustreFileSystem.pdf (2008)

  50. Tatebe, O., Soda, N., Morita, Y., Matsuoka, S., Sekiguchi, S.: Gfarm v2: a Grid file system that supports high-performance distributed and parallel data computing. In: Computing in High Energy Physics (CHEP) (2004)

  51. Thain, D., Livny, M.: Parrot: An application environment for data-intensive computing. J. Parallel Distrib. Comput. Pract. 6, 9–18 (2004)

    Google Scholar 

  52. Thain, D., Moretti, C., Hemmes, J.: Chirp: a practical global filesystem for cluster and Grid computing. J. Grid Computing 7(1), 51–72 (2009). doi:10.1007/s10723-008-9100-5. URL: http://dx.doi.org/10.1007/s10723-008-9100-5

    Article  Google Scholar 

  53. Tilborg, H.C.V.: Encyclopedia of Cryptography and Security. Springer, New York (2005)

    Book  MATH  Google Scholar 

  54. Tipton, H.: Information Security Management Handbook, 5th edn. CRC, Boca Raton (2003)

    Google Scholar 

  55. Tu, M., Li, P., Yen, I.L., Thuraisingham, B., Khan, L.: Secure data objects replication in data Grid. IEEE Trans. Dependable Secur Comput 7, 50–64 (2010)

    Article  Google Scholar 

  56. US National Archive and Records Administration: Executive Order 13292—Further Amendment to Executive Order 12958, as Amended, Classified National Security Information, vol. 68. US Federal Register. http://www.archives.gov/isoo/policy-documents/eo-12958-amendment.html (2003)

  57. WebSite, T.P.: Truecrypt—Free Open-Source Disk Encryption Software (2010)

  58. Weil, S., Brandt, S.A., Miller, E.L., Long, D.D.E., Maltzahn, C.: Ceph: a scalable, high-performance distributed file system. In: Proceedings of the 7th Conference on Operating Systems Design and Implementation (OSDI ’06), vol. 7. USENIX. URL: http://www.ssrc.ucsc.edu/proj/ceph.html (2006)

  59. Zhao, M., Figueiredo, R.J.: A user-level secure Grid file system. In: SC ’07: Proceedings of the 2007 ACM/IEEE Conference on Supercomputing, pp. 1–11. ACM, New York (2007). doi:10.1145/1362622.1362683

Download references

Author information

Authors and Affiliations

  1. Università di Messina, Dipartimento di Matematica, Contrada Papardo, S. Sperone, 98166, Messina, Italy

    Vincenzo D. Cunsolo, Salvatore Distefano, Antonio Puliafito & Marco L. Scarpa

Authors
  1. Vincenzo D. Cunsolo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Salvatore Distefano
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Antonio Puliafito
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marco L. Scarpa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Salvatore Distefano.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cunsolo, V.D., Distefano, S., Puliafito, A. et al. GS3: a Grid Storage System with Security Features. J Grid Computing 8, 391–418 (2010). https://doi.org/10.1007/s10723-010-9157-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10723-010-9157-9

Keywords

Search

Navigation