1
Enhancing Grid Security Using Trusted
Virtualization
Hans Löhr‡ HariGovind V. Ramasamy† Ahmad-Reza Sadeghi‡
Stefan Schulz‡ Matthias Schunter† Christian Stüble‡
†IBM Zürich Research Laboratory
‡Horst-Görtz-Institute for IT-Security
Rüschlikon, Switzerland
Ruhr-University Bochum, Germany
{hvr,mts}@zurich.ibm.com {loehr,sadeghi,schulz,stueble}@crypto.rub.de
Abstract
Grid applications have increasingly sophisticated functional and security requirements. However,
current techniques mostly protect only the resource provider from attacks by the user, while leaving
the user comparatively dependent on the well-behavior of the resource provider.
In this paper, we take the first steps towards addressing the trust asymmetry by using a combi-
nation of trusted computing and virtualization technologies. We present the key components for a
trustworthy Grid architecture and propose an implementation. By providing multilateral security, i.e.,
security for both the Grid user and the Grid provider, our architecture increases the confidence that
can be placed on the correctness of a Grid computation and on the protection of user-provided assets.
In order to maintain important scalability and performance aspects, our proposal aims to minimize
overhead. Towards this end, we propose a scalable offline attestation protocol, which allows selection
of partners in the Grid with minimal overhead.
Keywords: Trusted Computing, Grid, Scalability, Attestation
I. INTRODUCTION
A. Background
Grid Computing has been very successful in enabling massive computing efforts to take place,
but has hitherto been dominated by ‘big science.’ These projects are usually in the scientific or
academic domain (such as SETI@HOME or distributed.net) and, while important, they usually have
less stringent security requirements than commercial IT systems.
Currently, security is built into Grid toolkits (e.g. the Globus toolkit [11]) used at the provider sites
(parties that offer resources for use in the Grid). Secure channels, authentication [6], unsupervised