GridSec: Trusted Grid computing with security binding and self-defense against network worms and DDoS attacks

Abstract

The USC GridSec project develops distributed security infrastructure and self-defense capabilities to secure wide-area networked resource sites participating in a Grid application. We report new developments in trust modeling, security-binding methodology, and defense architecture against intrusions, worms, and flooding attacks. We propose a novel architectural design of Grid security infrastructure, security binding for enhanced Grid efficiency, distributed collaborative IDS and alert correlation, DHT-based overlay networks for worm containment, and pushback of DDoS attacks. Specifically, we present a new pushback scheme for tracking attack-transit routers and for cutting malicious flows carrying DDoS attacks. We discuss challenging research issues to achieve secure Grid computing effectively in an open Internet environment. © Springer-Verlag Berlin Heidelberg 2005.