Architectural support for enhancing security in clusters
Loading...
Date
2009-05-15
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Cluster computing has emerged as a common approach for providing more comput-
ing and data resources in industry as well as in academia. However, since cluster
computer developers have paid more attention to performance and cost e±ciency
than to security, numerous security loopholes in cluster servers come to the forefront.
Clusters usually rely on ¯rewalls for their security, but the ¯rewalls cannot prevent
all security attacks; therefore, cluster systems should be designed to be robust to
security attacks intrinsically.
In this research, we propose architectural supports for enhancing security of clus-
ter systems with marginal performance overhead. This research proceeds in a bottom-
up fashion starting from enforcing each cluster component's security to building an
integrated secure cluster. First, we propose secure cluster interconnects providing con-
¯dentiality, authentication, and availability. Second, a security accelerating network
interface card architecture is proposed to enable low performance overhead encryption
and authentication. Third, to enhance security in an individual cluster node, we pro-
pose a secure design for shared-memory multiprocessors (SMP) architecture, which
is deployed in many clusters. The secure SMP architecture will provide con¯dential
communication between processors. This will remove the vulnerability of eavesdrop-
ping attacks in a cluster node. Finally, to put all proposed schemes together, we
propose a security/performance trade-o® model which can precisely predict performance of an integrated secure cluster.
Description
Keywords
security, cluster, SMP