WO2009041801A2 - Trusted node for grid computing - Google Patents

Trusted node for grid computing

Info

Publication number
WO2009041801A2
WO2009041801A2 PCT/MY2008/000103 MY2008000103W WO2009041801A2 WO 2009041801 A2 WO2009041801 A2 WO 2009041801A2 MY 2008000103 W MY2008000103 W MY 2008000103W WO 2009041801 A2 WO2009041801 A2 WO 2009041801A2
Authority
WO
Grant status
Application
Patent type
Prior art keywords
trusted
task
computing
system
virtual
Prior art date
Application number
PCT/MY2008/000103
Other languages
French (fr)
Other versions
WO2009041801A3 (en )
Inventor
Kang Siong Ng
Original Assignee
Mimos Berhad
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs

Abstract

There is disclosed a method and apparatus adapted for securing computing process running on a computing hardware node in a grid computing system through the formation of virtual trusted node. Grid computing breaks up a computational task into a smaller computation sub-tasks. These sub-tasks are distributed to many computers where once executed, the results are returned to a centralized node for compilation. Data integrity and security becomes are of paramount concern. The proposed invention solve such a concern by providing a method of creating a virtual trusted node in a grid computing system through the creation of wrapped-task (11, 21) by wrapping a software for the sub-tasks together with an operating system (12, 22), sending the wrapped-task to the computer (40) in the grid computing system and executing the wrapped- task by way of a virtual machine monitor (30) and a trusted platform module (41). The operating system is provided with only the minimum and necessary functions to execute the wrapped-task. A computer apparatus (40) for creating such virtual trusted node is also disclosed.

Description

TRUSTED NODE FOR GRID COMPUTING

1. TECHNICAL FIELD OF THE INVENTION

The present invention relates generally to computer system and more particularly, to a method and apparatus of securing computing task running on a trusted computing hardware node in a grid computing system.

2. BACKGROUND OF THE INVENTION

A typical computing system may include a central processing unit (CPU) , memory (RAM) and other hardware devices as well as software resources such as an operating system (OS) and one or more application programs. To cater for the various computing requirements, a computer system may be set as a stand alone, in a network, in a cluster or any other arrangements. One of the most commonly mentioned computing setup is grid computing. Grid computing enables the virtualization of distributed computing and data resources such as processing, network bandwidth and storage capacity to create a single system image, granting users and applications access to quite a huge number of IT possibilities. With grid computing, organizations can optimize computing and data resources, pool them for large capacity workloads, share them across networks and enable collaboration . Grid computing breaks up a computational task into smaller computation sub-tasks. These sub-tasks are distributed to many computers where they are executed and the results are returned to a centralized node for compilation. Since the sub-tasks are executed at various computers, these sub-tasks are potentially exposed to threats by malicious codes running on the computers. These malicious codes can either modify or archive the results of the executed sub-task and hence the integrity and secrecy of the sub-tasks executions is in questions. Although there are various benefits associated with grid computing to execute a complex computational task, the issue of integrity and secrecy in grid computing has become a valid concern especially where the computational tasks involved secrets or the data integrity is paramount. Conventionally, these security concerns are being addressed by running the grid computing tasks on server farms within a trusted facility or facilities. However, high cost associated with the maintenance of such facilities become another issue altogether. Should the computation power of idle computers owned by the connected masses, the security issues discussed earlier should be addressed.

Trusted platform module (TPM) has been put into practice to address security and integrity issue in relation to sharing hardware device (s) among multiple operating systems. A TPM is a hardware component residing within a computing system and provides various facilities and services for enhancing the security of the computing system. A trusted virtual machine monitor (TVMM) is a virtual machine monitor that utilizes TPM to establish root of trust of the software. In such TVMM, multiple operating systems can run on one TVMM. In such arrangement, each VMM may run on its operating software and execute it assigned tasks without realizing the other VMMs. Although such prior trusted platform module discussed the feature of sharing hardware (s) among multiple OS within one TVMM, there is no indication for applying the principle of trusted node in grid computing system where each node in the grid computing is defined as TWM and running an assigned task, the TVMM having a multiplicity of VMMs, each possibly running on its own OS, and each of the VMMs is assigned with a sub-task for which the node within the grid computing is supposed to execute.

It is therefore an object of the present invention to provide a method and apparatus for creating a virtual trusted node for a grid computing system for which the security and integrity of the executed tasks and sub- tasks within the node are effectively ascertained. The proposed virtual trusted node processed the assigned task by sub-dividing the assigned task into sub-tasks, wrapping the software for the sub-task together with an operating system, sending the wrapped-task to a computer in the node, executing each of the wrapped- task with a trusted virtual machine monitor that interacts with a trusted platform module.

3. SUMMARY OF THE INVENTION

It is therefore an object of the present invention to provide a method for creating a virtual trusted node for a grid computing system. It is also another object of the present invention to provide virtual trusted node in a grid computing system where each virtual machines within the computing system is assigned with a wrapped task that includes a software for the sub-task and the operating system, the operating system is provided with only minimal functions and services.

These and other objects of the present invention are accomplished by providing,

In a grid computing system, a method is provided for creating a virtual trusted node within said grid computing system, each of said virtual trusted node is a computer adapted to execute an assigned task, said assigned task is first divided into a plurality of sub-tasks, characterized in that said method comprises the steps of:-

creating a wrapped-task (11, 21) by wrapping a software for the sub-tasks together with an operating system (12, 22);

sending the wrapped-task (11, 21) to the computer (40) in the grid computing system; and

executing the wrapped-task by way of a trusted virtual machine monitor (30) that interacts with a trusted platform module (41) in the trusted node.

Preferably, the each of the sub-tasks is executed by a virtual machine having connection to the trusted machine monitor and the trusted platform module. Also preferable, the operating system is provided with only the necessary functions and services to execute the wrapped-task.

The objects may be further accomplished by providing,

A computer apparatus (40) adapted for creating a virtual trusted node in a grid computing system, said computer apparatus comprises of:-

at least a trusted processor, a memory device and a storing device;

a software residing in that memory device that once executed, formed a trusted virtual machine monitor (30);

a trusted platform module (41) ; and

said virtual trusted machine monitor (30) is adapted to execute an assigned task, said assigned task is first divided into a plurality of subtasks;

characterized in that:-

said virtual trusted node is created by creating a wrapped-task (11, 21) including wrapping a software for the sub-tasks together with an operating system (12, 22);

sending the wrapped-task (11, 21) to the computer apparatus (40) in the grid computing system; and executing the wrapped-task by way of said virtual machine monitor (30) and said trusted platform module (41) .

4. BRIEF DESCRIPTION OF THE DRAWINGS

The embodiments of the invention will now be described, by way of example only, with reference to the accompanying figure in which :

Figure 1 shows a block diagram representation of a virtual trusted node operating in a grid computing system of the present invention.

5. DETAILED DESCRIPTION OF THE DRAWINGS

Referring to the figure, there is shown a block diagram representation of a virtual trusted node in a grid computing system configured according to the embodiment of the present invention. The computer apparatus (40) generally includes trusted hardware including at least a processor (not shown) , a memory device (not shown) and a storing device (also not shown) , and a software (not shown) that once executed, creates a trusted virtual machine monitor (30) and a trusted platform module (41) of the computer apparatus (40) .

The grid computing system of the present invention may share the trusted hardware across multiple operational environments where each of the virtual trusted nodes is allocated a specific sub-task to be performed. In operation, the task is first divided into multiplicity of subtasks, and each of the sub-tasks is wrapped together with the software and the operating system (12), such process is called "wrapped-task (11, 21)" throughout the description. The wrapped-task (11, 21) is then send to the computer apparatus (40) where each wrapped tasks correspond to a single virtual node in which the sub-task is to be executed. In essence, in any physical computer device, there will be multiplicity of these virtual nodes, each executing the assigned wrapped-task through the trusted virtual machine monitor (30) and the trusted platform module

(41) . The operating system (12) that is used to wrapped with the grid computing sub-task (11) software contains only necessary functions and services for the proper execution of the sub-task software. Such operating system is called thin operating system due to minimum functions and services that it has to perform. Limiting unnecessary functions and services running on the operating system is for the purpose of reducing security exposure.

Each of the wrapped-task running on the trusted virtual machine monitor (30) forms the trusted node (10, 20) of the grid computing system. The trusted virtual machine monitor (30) ensures only computing processes running in the wrapped-task is not affected by other software application running con-currently on commodity operating system (22) and the trusted virtual machine monitor (30) . AS a result, the integrity of the grid computing sub-task and memory could be preserved. Further, the trusted virtual machine monitor (30) also ensures that only wrapped- task from legitimate source is allowed to be executed in the computing apparatus and such feature is advantageously provided by the trusted platform module (41) on the computing apparatus.

While the preferred embodiments of the present invention have been described, it should be understood that various changes, adaptations and modifications may be made thereto. It should be understood, therefore, that the invention is not limited to details of the illustrated invention shown in the figures and that variations in such minor details will be apparent to one skilled in the art.

Claims

WHAT IS CLAIMED IS:
1. In a grid computing system, a method is provided for creating a virtual trusted node within said grid computing system, each of said virtual trusted node is a computer adapted to execute an assigned task, said assigned task is first divided into a plurality of sub-tasks, characterized in that said method comprises the steps of :-
creating a wrapped-task (11, 21) by wrapping a software for the sub-tasks together with an operating system (12, 22) ;
sending the wrapped-task (11, 21) to the computer (40) in the grid computing system; and
executing the wrapped-task by way of a trusted virtual machine monitor (30) that interacts with a trusted platform module (41) in the trusted node .
2. A method as claimed in claim 1, further characterized in that each of said sub-tasks is executed by a virtual machine (10, 20) having connection with said trusted virtual machine monitor (30) and said trusted platform module (41) .
3. A method as claimed in claim 2, further characterized in that said virtual machine (10,
20) is adapted to receive said wrapped-task (11,
21) .
4. A method as claimed in any of the preceding claims, further characterized in that said operating system is only provided with the necessary functions and services to execute said wrapped-task.
5. A computer apparatus (40) adapted for creating a virtual trusted node in a grid computing system, said computer apparatus comprises of:-
at least a trusted processor, a memory device and a storing device;
a software residing in that memory device that once executed, formed a trusted virtual machine monitor (30) ;
a trusted platform module (41); and
said virtual trusted machine monitor (30) is adapted to execute an assigned task, said assigned task is first divided into a plurality of subtasks;
characterized in that:-
said virtual trusted node is created by creating a wrapped-task (11, 21) including wrapping a software for the sub-tasks together with an operating system (12, 22); sending the wrapped-task (11, 21) to the computer apparatus (40) in the grid computing system; and
executing the wrapped-task by way of said virtual machine monitor (30) and said trusted platform module (41) .
6. A computer apparatus as claimed in claim 5, further characterized in that each of said sub- tasks (11, 21) is executed by the virtual machine (10, 20) having connection with the trusted virtual machine monitor (30) and said trusted platform module (41) .
7. A computer apparatus as claimed in claim 6, further characterized in that said virtual machine- (10, 20) is adapted to receive said wrapped-task (11, 21) .
8. A computer apparatus as claimed in any of claims 5 to 7, further characterized in that said operating system (12, 22) is only provided with the necessary functions and services to execute said wrapped-task.
PCT/MY2008/000103 2007-09-27 2008-09-19 Trusted node for grid computing WO2009041801A3 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
MYPI20071632 2007-09-27
MYPI20071632 2007-09-27

Publications (2)

Publication Number Publication Date
WO2009041801A2 true true WO2009041801A2 (en) 2009-04-02
WO2009041801A3 true WO2009041801A3 (en) 2009-07-02

Family

ID=40512037

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2008/000103 WO2009041801A3 (en) 2007-09-27 2008-09-19 Trusted node for grid computing

Country Status (1)

Country Link
WO (1) WO2009041801A3 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2468169A (en) * 2009-02-28 2010-09-01 Geoffrey Mark Timothy Cross A grid application implemented using a virtual machine.
US20110219380A1 (en) * 2010-03-08 2011-09-08 Microsoft Corporation Marshaling results of nested tasks

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030225822A1 (en) * 2002-05-30 2003-12-04 Microsoft Corporation Unbounded computing space
US20050138370A1 (en) * 2003-12-23 2005-06-23 Goud Gundrala D. Method and system to support a trusted set of operational environments using emulated trusted hardware
US7047425B2 (en) * 2002-07-19 2006-05-16 The Boeing Company Scaleable muti-level security method in object oriented open network systems

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030225822A1 (en) * 2002-05-30 2003-12-04 Microsoft Corporation Unbounded computing space
US7047425B2 (en) * 2002-07-19 2006-05-16 The Boeing Company Scaleable muti-level security method in object oriented open network systems
US20050138370A1 (en) * 2003-12-23 2005-06-23 Goud Gundrala D. Method and system to support a trusted set of operational environments using emulated trusted hardware

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
'Proc. of the 6th IEEE International Symposium on Cluster Computing and the Grid', 2006, IEEE COMPUTER SOCIETY article COOPER ET AL.: 'Towards a secure, tamper-proof grid platform', pages 373 - 380 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2468169A (en) * 2009-02-28 2010-09-01 Geoffrey Mark Timothy Cross A grid application implemented using a virtual machine.
US20110219380A1 (en) * 2010-03-08 2011-09-08 Microsoft Corporation Marshaling results of nested tasks
CN102193822A (en) * 2010-03-08 2011-09-21 微软公司 Marshaling results of nested tasks
US8392922B2 (en) * 2010-03-08 2013-03-05 Microsoft Corporation Marshaling results of nested tasks
CN102193822B (en) * 2010-03-08 2015-08-26 微软技术许可有限责任公司 Results for nested task of grouping methods and systems

Also Published As

Publication number Publication date Type
WO2009041801A3 (en) 2009-07-02 application

Similar Documents

Publication Publication Date Title
Voorsluys et al. Cost of virtual machine live migration in clouds: A performance evaluation
Ostermann et al. A performance analysis of EC2 cloud computing services for scientific computing
US20090271498A1 (en) System and method for layered application server processing
US20120174097A1 (en) Methods and systems of managing resources allocated to guest virtual machines
US8776050B2 (en) Distributed virtual machine monitor for managing multiple virtual resources across multiple physical nodes
US7222203B2 (en) Interrupt redirection for virtual partitioning
US20120167081A1 (en) Application Service Performance in Cloud Computing
US20020111997A1 (en) Methods and systems for securing computer software
US20130061220A1 (en) Method for on-demand inter-cloud load provisioning for transient bursts of computing needs
US20100169536A1 (en) Dynamic virtual machine memory management
US20090210527A1 (en) Virtual Machine Management Apparatus, and Virtual Machine Management Method and Program
Giunta et al. A GPGPU transparent virtualization component for high performance computing clouds
US20110029970A1 (en) Optimizing on demand allocation of virtual machines using a stateless preallocation pool
US20090217267A1 (en) Dynamic Resizing of Applications Running on Virtual Machines
US20070288224A1 (en) Pre-creating virtual machines in a grid environment
US20120066681A1 (en) System and method for management of a virtual machine environment
US20060206891A1 (en) System and method of maintaining strict hardware affinity in a virtualized logical partitioned (LPAR) multiprocessor system while allowing one processor to donate excess processor cycles to other partitions when warranted
US20070073896A1 (en) System and method for power reduction
US20110314465A1 (en) Method and system for workload distributing and processing across a network of replicated virtual machines
US8539556B1 (en) Disabling administrative access to computing resources
CN101951411A (en) Cloud scheduling system and method and multistage cloud scheduling system
US9032373B1 (en) End to end testing automation and parallel test execution
US7802248B2 (en) Managing a service having a plurality of applications using virtual machines
US20050050545A1 (en) Allocating computing resources in a distributed environment
Qi et al. Hand: Highly available dynamic deployment infrastructure for globus toolkit 4

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08833860

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08833860

Country of ref document: EP

Kind code of ref document: A2