Utility Computing:Security & Trust Issues

Dr Steven Newhouse

Technical Director

London e-Science Centre

Department of Computing, Imperial College London

2

ICENI

The Iceni, under Queen Boudicca, united the tribes of South-East England in a revolt against the occupying Roman forces in AD60.

• IC e-Science Networked Infrastructure• Developed by LeSC Grid Middleware Group• Collect and provide relevant Grid meta-data• Use to define and develop higher-level services• Interaction with other frameworks: OGSA, Jxta etc.

3

ICENI Architecture

Resource Manager

Policy Manager

CR

SR

Identity Manager

Domain Manager

CR

SR

Gateway between private and public regions Public

Public Computational Community

SR CR

Public Computational Community

SR

Private

Administrative

Domain

SR

CR

Resource Broker

Application Design Tools

Component Design Tools

Application Mapper

Web ServicesGateway

Application

Portal

Private

Computational Resource

SoftwareResources

NetworkResources

StorageResources

JavaCoG

Globus

Resource Browser

RESOURCES POLICY

SERVICES USERS

4

SOAPRMI

Component Execution

Compute Resource Hardware

RTR

CodeCode Code

RTR RTR

Network Resource

MPI

APO

Jini Jini

OGSA, Jxta, etc. OGSA, Jxta, etc.

5

Exposing Resources as Services

ICENIDomainManager

FileResourcenewFile()getFile()saveFile()

jini://private.doc

Public Domainjini://public.grid.ac.uk

Public Domainjini://public.grid.edu

DomainManager publishes resource to public domain with the attached SLA.

PublicFileServicenewFile()getFile()saveFile()subContract()

SLA

Life in the Public Domain

6

RUNNINGCOMPONENTS

Security Cone

Permissible SLA

RESOURCE

SERVICEPOLICY

B A

C

D

SLA defines:• What?• Who?• When?

7

Trading Grid Services

• UK Core e-Science Programme– Partially funded by Department of Trade & Industry– Adoption by UK business is a key success criteria– Joint projects between Industry & Academics

• Computational Markets project– Requested by Tony Hey, UK e-Science Director– Led by Professor John Darlington, Director, LeSC– Define service interfaces & protocols to enable the

trading of services

8

Partners

• Research– London e-Science Centre– Manchester e-Science Centre– Southampton e-Science Centre– UK Grid Support Centre (Deployment & Support)

• Commercial– SME’s: Software & service provision– Multi-national’s: Hardware & Software vendors

9

Proposed Scope

• Core Logging & Accounting Services– For contribution to GT3

• Secure Charging and Payment Mechanisms– Define interfaces that leverage existing infrastructures

• Performance Engineering– Prediction and optimisation of execution time

• Computational Economics– Development and reference implementation of protocols– Exploration of advanced mechanisms (e.g. futures)

• Deployment within UK e-Science Grid– Utilise UK’s Grid Infrastructure– Exposure to real environment, users & applications

10

Architecture

OGSA Grid ServiceService InterfaceService Data

Service InterfaceService Data

OGSA ChargeableGrid

Service

Grid EconomicService Interface

RecordResource

Usage

OGSAResource

UsageService

ContractNegotiation

EconomicService

Data

ContractVerification

ServiceCharging

OGSA GridBankingService

GridUser

11

Issues in Selling Services

• Reliability:– Will they deliver as advertised?

• Trustworthiness:– Can I rely on what is advertised?

• Liability:– Who do I prosecute if it goes wrong?

• Contract:– How can the contract be broken?

• Secure execution:– Can I rely on the provider?

12

RealityGrid

• Applications: LB3D, …

• Resources: UCL, LeSC, Manchester, EPCC

• Runtime access: Visualisation & Steering

• Using Globus, OGSA & Unicore

• Output data: Post-processing & publication

13

Grid Enabled Integrated Earth SystemsModel - GENIE

• NERC Pilot Project

• Distributed ESM’s located at various sites

• Visualisation and steering of running simulations

• Portals

• Data Sets: For simulation initiation & output