Priority Reduction Techniques

Under these types of techniques, the priorities of the jobs are manipulated to reduce the possibility of starvation. Different techniques have been de- veloped. One such technique called local priority reduction[5] reduces the priority of all jobs which are not local to the system. This ensures that the local jobs are never starved of resources. This technique has been em- ployed in the United Devices GridMP software suite. Other innovative technique have also been developed which tries to reduce the possibility of starvation in the whole system. In the Sun® Grid engine [142] a flexible priority scheme called RRDP has been developed where the priority of the job is determined by the normalized value as a combination of per resource weighting factor, deadline weighting factor, waiting time weighting factor in combination with host or resource policies.

These techniques can work as an ad hoc mechanism to prevent job starvation. These have their advantages as they can be implemented easily and mostly requires changes at the host or the resource owner end. How- ever, the disadvantages are:

• These may result in lower QoS, if QoS is a concern to the users of the grid.

• They may result in unpredictable behavior unless integrated with the advanced reservation schemes.

7.4 Chapter Summary 157

7.4 Chapter Summary

When a host or a machine enrolls itself to the grid system it is concerned about the reliability of the jobs that would be running. The host level issues can be broadly categorized into data protection issues and job starvation is- sues. While the former is concerned about protecting the host data from outside jobs, the latter is concerned about protecting the local jobs from starvation. Most of the data protection solutions use isolation as a mecha- nism to ensure that the local system remains unaffected by the external jobs. Different types of solutions existing are: application layer sandbox- ing, virtualization, flexible kernels, and sandboxing. As a result, the solu- tion remains only of academic interest without having any commercially viable implementation. On the other hand, the second category of solutions viz. the virtualization solutions provides efficient isolation. However, some of the virtualization solutions like the hosted virtualization model come with a performance overhead which for some applications may be signifi- cant. The para-virtualization solutions the Xen provide very good perform- ance. However, most of these solutions are available for open operating systems like Linux and currently not available for closed systems like Windows. However, advances in the field of processor level support for virtualization auger well for the para-virtualization systems. There is an- other point of concern before virtualization systems become default solu- tions for isolation needs. There is a need for development of policy man- agement mechanisms on the virtualization systems. The third category of solutions is the flexible kernel systems. These are mainly research solu- tions which require more research and development effort before they can become mainstream. Finally, the sandboxing solutions are there which ca- ter mainly to the sandboxing needs of the users. These solutions are mostly through the monitoring of process and system parameters and trapping sys- tem calls. Most of these solutions are flexible in terms of policy manage- ment. However, the system level monitoring solutions have performance overhead. The better performance of the loadable kernel modules is offset by the lack of flexibility in terms of policy management. Table 7.1 summa- rizes the different data protection solutions and related issues.

In the next chapter, we will look at another important component of the grid infrastructure, viz. the network.

Table 7.1. Data protection solutions Solu-

tions Type Example Policy Flexi- bility

Over-

head Robust-ness Comments Applica- tion Level Sand- boxing Same Proof Carrying Code (PCC) Low Low at the re- cipient

High Low flexibil- ity, requires vendor sup- port Hosted Virtual- ization VMWare ® _GSX Server Need to be built Medium

to High High Relatively High per- formance overhead Para- virtual- ization Xen Need to be built

Low High Only avail-

able in open systems like Linux. A very promis- ing technol- ogy. Shared kernels Vir- tuali- zation VServer Need to be built Low to

Medium High Only avail-able in Linux systems Flexible

Kernels Same Hydra, exoker- nels Low Can be tuned as per need Gener- ally high, can also be tuned Good con- cept, requires significant research System Moni- toring

Janus High Medium

to High Medium High flexibil-ity, low per- formance Load- able Kernels Remus Low to Me- dium Low to

Medium Medium to High Low on pol-icy flexibility VM

Based

Sand- box-

ing _Entropia

VM High Low to Medium Medium Generally for a specific system like Java

8 Grid Network Security

8.1 Introduction

As part of our discussions on grid security, we have talked about security issues pertaining to the different components of the grid stack. However, till now we have ignored the element which cradles the grid infrastructure viz. the grid network. In course of this chapter we will discuss the several network security related issues which are relevant in the context of grid computing.

As a discipline, network security is becoming one of the most impor- tant areas of research, especially in the context of the Internet [144]. Ini- tially, the focus of the research community had been solely on the per- formance issues of the Internet. In the last few years, several Internet level security attacks and vulnerabilities has resulted in a surge in the activities in this field. Grid computing, being a distributed system, naturally requires networking infrastructure for its functioning. Therefore, a thorough under- standing of the network security related issues is important. In addition, grid adds complexities in terms of heterogeneity and high speed intercon- nects which add complexities in terms of management and integration with the grid system. In this chapter, we will discuss a few of the issues which are important from the grid perspective. Some of the issues, like secure multicasting and secure sensor grids may not be applicable immediately as the research in those fields are also maturing. However, taking a holistic view, we included the different areas which would be relevant to grid sys- tems.