Security Concept and Implementation for a Cloud Based E-science Infrastructure

Security Concept and Implementation for a Cloud Based E-science Infrastructure

Abstract

In this paper we present a novel Kerberos-based security concept for heterogeneous distributed e-Science infrastructures. The e-Science infrastructure we have recently developed is currently being tested by the breath gas analysis community, whose activities are based on large-scale collaborations. In many e-Science domains personal related data (e.g. patient data) is involved and therefore privacy and security is very important. Several publications mentioned that it is straightforward to add additional security to an existing infrastructure by the means of Kerberos. Our experience shows that it is not really true; at our e-Science infrastructure we discovered the following key problems: (a) to forward Kerberos tickets and (b) to use Kerberos within a cloud infrastructure. Exactly such challenges are addressed by this paper. The central aspect of the security concept presented is the authentication of the user to the lowest level (e.g. database) and not only to the first level of the e-Science services. We have to consider that our infrastructure involves several research centers with their own scientific private data. The designed security concept was implemented and tested with a cloud-based code execution framework to be able to concurrently execute problem solving environment codes (e.g. MATLAB, R, Octave). The resulting system supports EC2 compatible cloud infrastructures (e.g. AWS, Eucalyptus), enabling them to be combined to build a hybrid cloud. This paper describes several challenges and their solution including how to (a) use client authentication through all levels of the system, (b) guarantee secured execution of time consuming cloud based analysis, and (c) inject security credentials into dynamically created VM-instances.

Grafik Top
Authors
  • Ludescher, Thomas
  • Feilhauer, Thomas
  • Brezany, Peter
Grafik Top
Projects
Grafik Top
Shortfacts
Category
Paper in Conference Proceedings or in Workshop Proceedings (Paper)
Event Title
Proceedings of the International Conference on Availability, Reliability and Security (ARES), 2012
Divisions
Scientific Computing
Event Type
Conference
Page Range
pp. 280-285
Date
20 August 2012
Export
Grafik Top