Post on 18-Jan-2016
Utility Computing:Security & Trust Issues
Dr Steven Newhouse
Technical Director
London e-Science Centre
Department of Computing, Imperial College London
2
ICENI
The Iceni, under Queen Boudicca, united the tribes of South-East England in a revolt against the occupying Roman forces in AD60.
• IC e-Science Networked Infrastructure• Developed by LeSC Grid Middleware Group• Collect and provide relevant Grid meta-data• Use to define and develop higher-level services• Interaction with other frameworks: OGSA, Jxta etc.
3
ICENI Architecture
Resource Manager
Policy Manager
CR
SR
Identity Manager
Domain Manager
CR
SR
Gateway between private and public regions Public
Public Computational Community
SR CR
Public Computational Community
SR
Private
Administrative
Domain
SR
CR
Resource Broker
Application Design Tools
Component Design Tools
Application Mapper
Web ServicesGateway
Application
Portal
Private
Computational Resource
SoftwareResources
NetworkResources
StorageResources
JavaCoG
Globus
Resource Browser
RESOURCES POLICY
SERVICES USERS
4
SOAPRMI
Component Execution
Compute Resource Hardware
RTR
CodeCode Code
RTR RTR
Network Resource
MPI
APO
Jini Jini
OGSA, Jxta, etc. OGSA, Jxta, etc.
5
Exposing Resources as Services
ICENIDomainManager
FileResourcenewFile()getFile()saveFile()
jini://private.doc
Public Domainjini://public.grid.ac.uk
Public Domainjini://public.grid.edu
DomainManager publishes resource to public domain with the attached SLA.
PublicFileServicenewFile()getFile()saveFile()subContract()
SLA
Life in the Public Domain
6
RUNNINGCOMPONENTS
Security Cone
Permissible SLA
RESOURCE
SERVICEPOLICY
B A
C
D
SLA defines:• What?• Who?• When?
7
Trading Grid Services
• UK Core e-Science Programme– Partially funded by Department of Trade & Industry– Adoption by UK business is a key success criteria– Joint projects between Industry & Academics
• Computational Markets project– Requested by Tony Hey, UK e-Science Director– Led by Professor John Darlington, Director, LeSC– Define service interfaces & protocols to enable the
trading of services
8
Partners
• Research– London e-Science Centre– Manchester e-Science Centre– Southampton e-Science Centre– UK Grid Support Centre (Deployment & Support)
• Commercial– SME’s: Software & service provision– Multi-national’s: Hardware & Software vendors
9
Proposed Scope
• Core Logging & Accounting Services– For contribution to GT3
• Secure Charging and Payment Mechanisms– Define interfaces that leverage existing infrastructures
• Performance Engineering– Prediction and optimisation of execution time
• Computational Economics– Development and reference implementation of protocols– Exploration of advanced mechanisms (e.g. futures)
• Deployment within UK e-Science Grid– Utilise UK’s Grid Infrastructure– Exposure to real environment, users & applications
10
Architecture
OGSA Grid ServiceService InterfaceService Data
Service InterfaceService Data
OGSA ChargeableGrid
Service
Grid EconomicService Interface
RecordResource
Usage
OGSAResource
UsageService
ContractNegotiation
EconomicService
Data
ContractVerification
ServiceCharging
OGSA GridBankingService
GridUser
11
Issues in Selling Services
• Reliability:– Will they deliver as advertised?
• Trustworthiness:– Can I rely on what is advertised?
• Liability:– Who do I prosecute if it goes wrong?
• Contract:– How can the contract be broken?
• Secure execution:– Can I rely on the provider?
12
RealityGrid
• Applications: LB3D, …
• Resources: UCL, LeSC, Manchester, EPCC
• Runtime access: Visualisation & Steering
• Using Globus, OGSA & Unicore
• Output data: Post-processing & publication
13
Grid Enabled Integrated Earth SystemsModel - GENIE
• NERC Pilot Project
• Distributed ESM’s located at various sites
• Visualisation and steering of running simulations
• Portals
• Data Sets: For simulation initiation & output