1st International ICST Conference on Networks for Grid Applications

Research Article

Building a Demilitarized Zone with Data Encryption for Grid Environments

Download90 downloads
  • @INPROCEEDINGS{10.4108/gridnets.2007.2160,
        author={Matthias Schmidt and Matthew Smith and Niels Fallenbeck and Hans Picht and Bernd Freisle},
        title={Building a Demilitarized Zone with Data Encryption for Grid Environments},
        proceedings={1st International ICST Conference on Networks for Grid Applications},
        publisher={ICST},
        proceedings_a={GRIDNETS},
        year={2007},
        month={10},
        keywords={Grid computing cluster computing network-level security and protection site security monitoring cryptography},
        doi={10.4108/gridnets.2007.2160}
    }
    
  • Matthias Schmidt
    Matthew Smith
    Niels Fallenbeck
    Hans Picht
    Bernd Freisle
    Year: 2007
    Building a Demilitarized Zone with Data Encryption for Grid Environments
    GRIDNETS
    ICST
    DOI: 10.4108/gridnets.2007.2160
Matthias Schmidt1,*, Matthew Smith1,*, Niels Fallenbeck1,*, Hans Picht1,*, Bernd Freisle1,*
  • 1: Department of Mathematics and Computer Science, University of Marburg Hans-Meerwein-Strasse, D-35032 Marburg, Germany
*Contact email: schmidtm@informatik.uni-marburg.de, matthew@informatik.uni-marburg.de, fallenbe@informatik.uni-marburg.de, picht@informatik.uni-marburg.de, freisleb@informatik.uni-marburg.de

Abstract

Security and data integrity are important aspects in the fields of Grid and cluster computing. When these two areas are combined, the security issues intermingle and new security concepts are needed to ensure protection of both Grid users and local cluster users. In this paper, a novel dual laned Demilitarized Zone (DMZ) to protect local clusters from Grid attacks is introduced. The Globus Security Infrastructure (GSI) is extended to enable safe end-to-end encryption of Grid jobs through the DMZ and into virtualized execution hosts. Finally, an integrated Network Intrusion Detection System with Grid-specific rules, further protecting the Grid DMZ, is presented.