SOA Security and Grid Computing

Grid computing and Service Oriented Architecture are related branches of the field of distributed computing. SOA and the Grid Computing model share an important foundation: that of Web services technology. Like the synergy possible between an enterprise security infrastructure and a Service Oriented Architecture, there are benefits to be gained from SOA and Grid Computing sharing developments in security research.

My former employer W. Daniel Hillis, inventor of the connection machine, had a vision of computing as a service, like the electrical grid. This idea actually goes back at least as far as 1965 as one of the ideas behind the Multics operating system at MIT. For tasks demanding large amounts of computing resources, users would tap into the computing service and pay a metered amount for the service. The Grid computing model is a concrete realization of this vision, allowing networks of cheap commodity general purpose computers to work together. It brings the computing power formerly available only to users of massively parallel supercomputers to communities who agree to share computing resources.

Now, instead of buying time on a supercomputer a user with a large-scale computation task can enter into a service-level agreement (SLA) in a grid environment, temporarily allocating resources to build a virtual computer that will only exist for the duration of that computing task. Large data sets and computation tasks are spread across the grid by breaking them up into smaller tasks using parallel processing techniques. By taking advantage of this environment a user can often complete a large-scale computation task in a fraction of the time it would take on a single computer, for a fraction of the cost required for the user to own that amount of computing power. At the end of my street a company called ZipCar has cars that can be used by any ZipCar customer, allowing the customer to pay only for the time that they need to use the car, which could even be for an hour. The Grid provides large-scale computation power in a similar fashion.

The three properties that are generally used to define Grid computing each have their own security implications. These properties are the use of shared resources, open standards and service-level agreements. Shared resources are used to provide resource virtualization, dynamic provisioning of resources. Because the resources are generally shared between organizational units or organizations, they are subject to distributed administration. This requires the dynamic provisioning of security domains, referred to as virtual organizations. Virtual organizations exist in the SOA world in order to support outsource, insourcing, offshoring and virtual supply chains. For this reason security work done in the areas of Grid computing and SOA to support virtual organizations can be useful to both of these flavors of distributed computing. The fact that Grid computing uses open standards requires the use of security built on open standards, which are some of the same open standards found in the SOA world, including the WS-Security suite of standards. The use of service-level agreements in Grid computing requires a security infrastructure that can guarantee service levels, making availability a key security concern in the same way that it is found to be for SOA.

Demchenko [1] considers the vulnerabilities that the usage of Web services can expose Grid environments to. These vulnerabilities include the same Web services threats that SOA Security must address. He points out the vulnerability to "White Collar" attacks in which the attacker has an interest in the smooth operation of services in order to make detection difficult.

Ou et. al. [2] consider the topic of authorization in Grid environments and explicitly discuss the convergence of Grid computing with SOA. They point out authorization decisions within a Virtual Organization (VO) may require information that is located in multiple security domains. For this reason, authorization policies have to be able to access mulitple trust relationships between the atomic security domains that contain the user authorization information. Large enterprises such as the U.S. Federal Government are running into similar problems, where users need to participate in multiple security contexts, which may currently require the user to be in a different Virtual Private Network (VPN) in order to access services in each different security domain. The ability to dynamically provision a virtual security context spanning multiple security domains, based on trust relationships between those domains, is therefore an issue for SOA in these large enterprises. Ou et. al. [2] also notice a trend in Grid computing where it is necessary to distinguish between a Resource Provider and a Service Provider, where a Resource Provider delivers up computing resources and a Service Provider delivers specific computing services. In the SOA world this is analogous to the situation where an organization may want to access a service which is provided by another organization, which is hosted by yet another organization, to form a virtual organization for the duration of a business transaction or contractualrelationship. Ou et. al. [2] conclude that attribute based authorization through "science gateways" can beused to provide an interoperable authorization framework for a Grid environment. For an SOA in a large enterprise such as the U.S. Federal Government, this could be accomplished by providing Role Based Access Control (RBAC) as a service that could be consumed by multiple security domains in an interoperable manner, similar to the way the Credential Services are used to provide authentication in the existing Federal E-Authentication federation.

Periorellis et. al. [3] describe a project in which they seek to develop technology to support the creation, operation, and dissolution of virtual organizations. In order for organizations to cooperate in order to form virtual organizations, there must exist common standards by which these organizations can implementsecurity services including authentication, authorization, contract managment and monitoring. For authentication they are supporting the X.509 certificate, username token and a SAML assertions using WS-Security. Policies regarding authentication requirements are implemented using WS-Policy and WS-PolicyAttachment in their project. They leverage WS-Trust to implement trust brokering. In theirconsideration of Authorization they first note that dynamic virtual organizations require the dynamic activation and deactivation of access rights. They also note a requirement that user access be dependent on the context of the user's participation in a business process or workflow. This leads them to require that dynamic access control implement an additional level of granularity beyond the standard Role-Based Access Control (RBAC) model. This granularity is used to implement access control on a per-project orper-task basis. In their approach, contract monitoring can modify access rights for users based on the adherence to the contractual agreements. They use XACML (eXtensible Access Control Markup Language) to represent these fine grained authorization attributes. This allows the combination of sets of policies and rules at a Policy Decision Point to propagate decisions to a Policy Enforcement Point to allow or deny access based on dynamically changing policies used to implement the temporary security context of a virtual organization. While the frequency of VO creation and dissolution can not normally be expected to be as high in an SOA as it might be in a Grid environment, their findings may be used within SOAs to support thesein a more cost effective manner than approaches which express policies statically. In addition, specific business processes such as audits or investigations may be facilitated by dynamic VO creation in an SOA environment.

Fang et. al. [4] consider the problems of using Web Services Security in a Grid environment. They note that the processing of XML and digital signature verification required to implement WS-Security consumes a high enough level of system resources to consititute a Denial of Service attack vulnerability. Theypropose locating the WS-Security processing in a grid provides load balancing and scalability independent of application level services. They also consider the question of asynchronous vs. synchronous messaging styles and note that asynchronous messaging is preferable because of the ability to process a higher number of requests at peak processing times. This brings up an opportunity for SOA to take advantage of the Grid approach. The scalability inherent in their approach would be useful in an SOA environment because the dynamic allocation of resources for WS-Security processing would, given available resources, be able to handle the processing requirements of deploying more computationally intensive policies, for example requiringlarger key sizes, with minimal impact on overall service levels because the WS-Security processing would be load-balanced along with application level processing. Servers could then be incrementally added to the grid as needed.

In summary, a review of security research in the Grid computing field turns up common problems that occur in the SOA field and the potential for both fields to gain from sharing solutions to common problems, and indeed some are seeing a convergence between Grid computing and SOA in the area of security.

[1] Demchenko, Yuri, "White Collar" Attacks on Web Services and Grids, Work in Progress, Draft Version 0.3, March 14, Advanced Research Group, Univ. of Amsterdam, 2005
[2] Ou, Xinming, Anna Squicciarini, Sebastien Goasguen and Elisa Bertino, Authorization Strategies for Virtualized Environments in Grid Computing Systems, In IEEE Workshop on Web Services Security (WSSS 2006), Berkeley, CA, U.S.A., May, 2006.
[3] Periorellis, Panayiotis, J. Wu and P. Watson, Security Mechanisms for Data Intensive Systems, In IEEE Workshop on Web Services Security (WSSS 2006), Berkeley, CA, U.S.A., May, 2006.
[4] Fang, Liang, Aleksander Slominski and Dennis Gannon, Web Services Security and Load Balancing in a Grid Environment, submitted to 6th IEEE/ACM International Workshop on Grid Computing, 2005