This project was funded by the EPSRC UK e-Science programme of research (EP/D053269). The project members were part of the Information Security Group at Royal Holloway, University of London. Contact details can be found in the papers published for the project, listed below.
Since the inception of Grid computing, security efforts have focussed on protecting assets through authorisation and authentication. One of the main examples of this work is the Grid Security Infrastructure [Foster et. al 1998]. The goal was to provide a means for Grid resource providers to enforce both local and Virtual Organisation security policies, taking into account difficulties such as managing hosts across multiple domains and authorising potentially unknown users. Clearly, a lot of trust was placed in Grid resource providers to maintain security, and while this may have been an adequate model for academic use, it is not appropriate for all scenarios. Many potential Grid users have been reluctant to use Grid computing because of security concerns:
Getting these assurances requires action by both the the Grid user and the Grid resource provider, and this project has investigated how Grid workflows can be used in a security context. This page summarises the results of this work, and is organised as follows:
More details of each area can be found in the publications listed at the end of the page.
There are two main requirements for workflow security: confidentiality and integrity.
Trusted Computing has been developed by the Trusted Computing Group, a consortium of companies including Intel, Hewlett Packard and Microsoft. Specifications have been produced for a 'trusted platform' containing a Trusted Platform Module (TPM), which is a hardware chip embedded into the host platform. The TPM is used to create proxy 'roots of trust' within a trusted platform. The chip contains protected capabilities, commands, that can access shielded locations within the TPM.
Three types of key are used by Trusted Computing:
Non-migratable keys can be certified because each TPM is installed with a non-migratable Endorsement key. This is an asymmetric key pair that is created and installed by the TPM manufacturer, along with an Endorsement key credential (certificate) for the public key.
Furthermore, when a TPM is either initalised or reset, another non-migratable asymmetric key pair is created. This key is called the Storage Root Key and the public key can be used to encrypt other keys, creating a key hierarchy that can be stored outside of the TPM. If a non-migratable key is used to encrypt data, then that data is bound to that particular TPM. If use of the non-migratable key is only possible when the platform is in a specific state, then that data is sealed to that platform state.
Sealing is only possible because of the presence of integrity measuring mechanisms, which provide the ability to record initial platform state and any events that modify platform state. The measurements are stored in Platform Configuration Registers (PCRs) within the TPM. Details of what was measured are recorded in a Secure Measurement Log (SML) outside of the TPM.
Measuring the integrity of a platform also allows for another service called attestation. Attestation provides a means for a platform to prove its state to an external entity. PCR values are signed using an Attestation Identity Key (AIK), which is an asymmetric key created by a TPM and verified by either a `Privacy Certification Authority' or using the Direct Anonymous Attestation (DAA) protocol.
The following proposal uses Trusted Computing and virtualisation to provide:
Consider a linear workflow of jobs a0, a1, … , an created by a WRB from a user's high-level workflow. Each job is encapsulated within a VDI, described above. Furthermore, each job is allocated a resource provider RPi, selected because their platform is in a trusted state αi and the TPM contains a non-migratable secret key SKi of an asymmetric key pair. The secret key could either have been proactively created by a resource provider, who advertises the corresponding public key and platform state [Lohr et al. 06], or it could have been the result of certified migration to a trusted platform.
Figure 1 illustrates an example for three resource providers RPi-1 , RPi and RPi+1 that have been allocated three consecutive jobs ai-1 , ai and ai+1 (3). The corresponding public key PKi is used to seal a symmetric key ki (2), which is generated by the WRB along with a random number ri . The key ki is used to protect the job and random number (1), where g is a generation-encryption function that produces ciphertext and a Message Authentication Code.
Each resource provider is also sent the public key corresponding to the trusted platform state for the proceeding resource provider in the workflow (4), and also the trusted platform state of the previous resource provider (5). These are used to maintain security in the forward and reverse directions during the execution of the workflow.
When a resource provider RPi-1 has processed its job in the workflow, a ready signal is sent to the next resource provider RPi, either directly or via the WRB. This is shown in message (6) in Figure 2. The next resource provider RPi creates an attestation challenge, which includes a random number rRPi , to send to to RPi-1 (7). RPi-1 creates a response to the challenge, αi-1(rRPi), attesting to its platform state; RPi-1 protects the results of the Grid job, R( ai-1 ), using a symmetric key ki-1' that RPi-1 generates; this key is also sealed to the trusted platform state of RPi - the three data objects are sent as part of message (8).
There are two essential checks during the transition between RPi-1 and RPi. The first is that the same public key PKi that is indirectly used to protect the Grid job is also used to protect the input data for that job, i.e. the results of the previous job. The corresponding secret key can only be accessed if RPi's platform is in the expected, trusted state. The attestation challenge is used to check that the previous resource provider RPi-1 remained in the expected, trusted state during the execution of its allocated Grid job. If either verification cannot be made, then an exception can be raised for the WRB to handle.
Grid workflows provide significant advantages when completing highly complex computations if assurances that participating entities have behaved as expected can be provided. This requires both the judicious selection of trustworthy Grid resource providers, and a means to determine whether or not this trust still holds after job processing. This trust is built using Trusted Computing and virtualisation technology. The scheme presented above enables Grid users to derive confidence in the execution of their workflows, and from this establish trust in workflow results. While a simple linear example has been given above, it is also possible to divide a key protecting workflow results into several key shares and use the scheme to distribute them amongst several resource providers. The scheme can also be extended to incorporate the Grid access device, which could be a wireless mobile terminal. Further work includes:
H. Löhr, H. V. Ramasamy, A.-R. Sadeghi, S. Schulz, M. Schunter, and C. Stüble. Enhancing Grid security using trusted virtualization. In Proceedings of the 1st Benelux Workshop on Information and System Security (WISSEC ’06), Antwerpen, Belgium, November 8-9, 2006. COmputer Security and Industrial Cryptography (COSIC), K.U. Leuven, ESAT/SCD, Nov 2006.
[1] A. Martin and P.W. Yau, “Grid Security: Next Steps”, Information Security Technical Report, 12 no. 3 (2007), 113-122. [pdf]
[2 P.-W. Yau, S. Hu and C. J. Mitchell, 'Malicious attacks on ad hoc network routing protocols' (pdf), International Journal of Computer Research, 15 no. 1 (2007) 73-100. [pdf]
[3] P.W. Yau and A. Tomlinson, “Using Trusted Computing in Commercial Grids”, in Proceedings of the 15th International Workshops on Conceptual Structures (ICCS 2007), Sheffield, UK, July 22-27, 2007, Springer-Verlag, pp 31-36. [pdf]
[4] A. Leung and C. J. Mitchell, 'Ninja: Non Identity Based, Privacy Preserving Authentication for Ubiquitous Environments', in: J. Krumm, G. D. Abowd, A.Seneviratne and T. Strang (eds.), UbiComp 2007: Ubiquitous Computing, 9th International Conference, Innsbruck, Austria, September 16--19 2007, Springer-Verlag (LNCS 4717), Berlin (2007), pp.73-90. [pdf]
[5] E. Gallery and C. J. Mitchell, 'Trusted mobile platforms', in: A. Aldini and R. Gorrieri (eds.), Foundations of Security Analysis and Design IV: FOSAD 2006/2007 Tutorial Lectures, Springer-Verlag (LNCS 4677), Berlin (2007), pp.282-323. [pdf]
[6] S. Balfe, E. Gallery, C. J. Mitchell and K. G. Paterson, 'Challenges for trusted computing', IEEE Security and Privacy, 6 no. 6 (November/December 2008) 60-66. [pdf]
[7] A. Leung, L. Chen and C. J. Mitchell, 'On a possible privacy flaw in Direct Anonymous Attestation (DAA)', in: P. Lipp, A.-R. Sadeghi and K.-M. Koch (eds.), Trusted Computing - Challenges and Applications, First International Conference on Trusted Computing and Trust in Information Technologies, TRUST 2008, Villach, Austria, March 11-12, 2008, Proceedings, Springer-Verlag (LNCS 4968), Berlin (2008), pp.179-190. [pdf]
[8] A. Leung and C. J. Mitchell, 'A device management framework for secure ubiquitous service delivery', in: Proceedings: the Fourth International Symposium on Information Assurance and Security (IAS 2008), Naples, Italy, September 2008, IEEE Computer Society Press, Los Alamitos, CA (2008), pp.267-274. [pdf]
[9] P. W. Yau, A. Tomlinson, S. Balfe and E. M. Gallery, “Securing Grid Workflows with Trusted Computing (Extended Abstract)”, in Proceedings of the Eigth IEEE International Symposium on Cluster Computing and the Grid (CCGRID '08), Lyon, France, May 19-22, 2008, IEEE Press, pp 700. [pdf]
[10] P. Yau, A. Tomlinson, S. Balfe, and E. M. Gallery, “Securing grid workflows with trusted computing,” in Proceedings of the 8th International Conference on Computation Science (ICCS ’08), Krakow, Poland, June 23–25, 2008, Springer-Verlag (LNCS 5103), June 2008, pp. 510–519. [pdf]
[11]. C. Gebhardt and A. Tomlinson, “Secure virtual disk images for grid computing,” in Proceedings of the Third Asia-Pacific Trusted Infrastructure Technologies Conference, Wuhan, Hubei, China, October 14-17, 2008, IEEE Press, October 2008, pp. 19–29. [pdf]
[12] A. Leung, P.-W. Yau and C. J. Mitchell, 'Using trusted computing to secure mobile ubiquitous environments' in: Security and Privacy in Wireless and Mobile Networking (Troubador Publishing, 2009), edited by S. Gritzalis, T. Karygiannis and C. Skianis. [pdf]
[13] E. M. Gallery and C. J. Mitchell, 'Trusted computing: Security and applications', Cryptologia, 33 (2009) 217-245. [pdf]
[14] P. Yau and A. Tomlinson, “Enhancing Grid Security using Workflows, Trusted Computing and Virtualisation”, in Proceedings of the 2009 International Conference on Grid Computing and Applications (GCA 2009), Worldcomp ’09, Las Vegas, Nevada, USA, July 13-16, 2009, CSREA Press, July 2009, pp. 113–119. [pdf]
[15] S. Balfe, P. Yau and K. G. Paterson, 'A Guide to Trust in Mobile Ad Hoc Networks', Security and Communication Networks, to appear. [pdf]