$2 Million NSF Grant Funds Grid Security Research and Builds Self-Defense Toolkits at USC

February 23, 2004

Grid Computing, with its promise of worldwide sharing of computational power and resources is emerging as a major 21st century technology and a possible target for pranksters, criminals or even terrorists.

Now, funded by a $2 million grant from the National Science Foundation, computer scientists at the University of Southern California and international collaborators are creating tools to enable the Grid to defend itself, automatically.

"Highly shared resources in distributed computer systems or large-scale computational Grids make system insecurity and privacy violations major obstacles hindering distributed supercomputing applications," said Kai Hwang, a professor in the USC School of Engineering who will be leading the effort.

According to Hwang, who directs USC's Internet and Grid Computing Laboratory, the "GridSec" project will create "a new self-configuring security and privacy framework to support trusted Grid applications. The architecture will give early warning and actively work to prevent attack-caused system failures in Grid resource sites."

Hwang and Clifford Neuman, the director of the Center for Computer Systems Security at USC's Information Sciences Institute, are building an automated defense system that will improve such key security functions as authentication, authorization, and intrusion response for Grids and related peer-to-peer and web services.

The proposed GridSec infrastructure "will support network-based cooperative and pervasive computing with seamless security, assured privacy, data integrity, confidentiality, and optimized resource allocations," the project plan proposed.

Hwang said GridSec will create a resource called the "NetShield library" which will deploy distributed micro firewalls and intrusion repelling software. "This system will monitor network traffic to recognize threat patterns as they emerge, and dynamically configure itself to meet them," he said.

The NetShield library will be supported by special virtual private networks (VPN), built on top of the Globus security infrastructure developed at ISI jointly with the Argonne National Laboratory. "The GridSec team will push further to block network attacks and to enforce fine-grain, resource-access control at the file, device, and storage levels," said Neuman.

The approach uses contributions from a variety of disciplines. Professor Viktor Prasanna of the USC department of electrical engineering is attacking the problems from a dynamic hardware approach. Researcher Tatyana Ryutov of ISI's Computer Networks Division is involved in policy management and access control in the project. In addition to these faculty, eight Ph.D.-program graduate students are working on the project.

The USC team are also working with Michel Cosnard of the University of Nice-Sophia Antipolis and INRIA in France; and with Zhiwei Xu, the Vega Grid Project leader at Chinese Academy of Sciences in Beijing. The initial phase of the project runs through 2006.