February 10, 2004

Can the Grid be secured?

One of the latest European high-tech projects is the EU DataGrid which will eventually link all the key research centres in a huge virtual distributed supercomputer.

The idea in itself isn't exactly novel: PVM and Condor have been offering some of its capabilities for a long time.

One of the issues in the EU DataGrid which I find particularly interesting is the security aspect which has in some ways been addressed.

The project set up a serious PKI infrastructure which is used to authorise job submissions and authenticate DataGrid users to the Grid itself. This would normally indicate a serious concern for security, after all you would want to ensure that the computing power is not used by some kid in school to improvie his ranking on Seti@Home and that rogue systems can't join the Grid.

I'd like to offer a different slant to the security issue: not so much who is allowed to use the DataGrid but where the data flows are.

It should be pretty clear that the security of the Grid as a whole depends on the security of individual systems and also that it is sadly the case that any system connected to a network cannot be guaranteed to be secure. In particular what concerns me most is that for computations to take place you have to ship some data off to systems which you do not control so if one of these is compromised then the data is wide open.

The argument which is often put forward is that this is scientific data so it doesn't really matter if someone obtains access to it. This is akin to the justification for universities having lax security and we shall leave it at that but the difference here is that the Grid is being offered for use in other fields, for example, medical research.

Here we hit a problem: it is no longer physicists working with the consitituents of matter but medical research which could possibly contain either patentable information or clinical trial information. In theory data could be encrypted and decrypted on the fly during job runs but once you have control of a system it doesn't take much work to access the decrypted data.

I would agree that it requires a certain amount of dedication to enact the above but this dedication has been definitely shown recently by the spamming community...

Posted by arrigo at February 10, 2004 11:12 AM