Distributed computing is evolving into a collection of different paradigms that involve multiple organisations. These include mobile agents, e-Science applications such as SETI@Home or Folding@Home, and grid computing. Security is a major concern in a multi-organizational setting. To date attention has focused on authentication of participants and authorization to use resources. Projection of hosts and processes executing on those hosts have been left to the local operating system security.
In this paper we consider the security of a visiting computation with respect to a possibly hostile host. Any part of the data used by a computation,, the results of the computation or the code itself may represent valuable intellectual property to its owner. The correctness of the computation may be essential to some larger, critical process.
The paper presents a methodology based on anchors of trust that allowed us to study the security dependencies within a Unix like operating system. We have identified a small set of vulnerabilities that could be exploited to create a hostile host capable of attacking a visiting computation. We show that minor extensions to a processor's microcode can be used to remove these vulnerabilities. While we can never completely remove the threat of a hostile host the proposed extensions significantly increase the work required to corrupt a host.
|Cite as: Hine, J.H. and Dagger, P. (2004). Securing Distributed Computing Against the Hostile Host. In Proc. Twenty-Seventh Australasian Computer Science Conference (ACSC2004), Dunedin, New Zealand. CRPIT, 26. Estivill-Castro, V., Ed. ACS. 279-286. |
(local if available)