Computer security for complex and distributed systems
Large and distributed computer infrastructures face important cyber-security challenges. They are high value targets for attack due the big amount of computational power, storage capacity and network resources. These systems require novel computer security approaches, that employ emerging technologies such as data mining, machine learning, autonomous reasoning systems, automatic security hardening among others. Those technologies can be employed in areas such as distributed intrusion detection, automatic vulnerability discovery, automatic vulnerability patching, and in general all the areas that allow the system administration to have a clear security panorama over the entire computational infrastructure.
Secure architectures for Grid computing
Computing Grids allow the submission of user developed jobs composed by code and data. They interface with Internet and other communication networks, also with storage systems and experiment infrastructure. They have challenging security requirements. Even when Grid system administrators perform a careful security assessment of sites, worker nodes, storage elements and central services, an attacker could still take advantage of unknown vulnerabilities (zero day). This attacker could enter and escalate her access privileges to misuse the computational resources for unauthorized or even criminal purposes. She could even manipulate the experimental data. In this document we focus on protecting and monitoring the job execution environment. Grids require tools to enforce the environment in such a way that user processes cannot access sensitive resources. They also require automatic tools to monitor job behavior. These tools should analyze data generated in job runs like log entries, traces, system calls, to detect attacks on the system and react accordingly (for example sending alerts and stopping suspicious processes). This piece of software could be classified as a Grid Intrusion Detection System (Grid-IDS). Traditional IDS perform attack detection by fixed if-then rules based on signatures. This strategy fails when innovative intrusion methods are used. We propose the usage of Machine Learning (ML) combined with virtualization technologies to provide isolation and in real time analysis of attack attempts.
- Andres Gomez, Camilo Lara, Udo Kebschull. "Intrusion Prevention and Detection in Grid computing - The ALICE Case", Proc. CHEP, Okinawa, Japan. 2015.
- Andres Gomez, Camilo Lara, Udo Kebschull. "Intrusion prevention and detection in Grid computing", ALICE Tier-1/2 Workshop. Torino, Italy. 2015.
- Andres Gomez, Camilo Lara, Udo Kebschull. "Computer Security in the ALICE experiment: detecting and reacting to cyber-attacks", FSP ALICE meeting. 2014.