[go: up one dir, main page]

WO2009041801A2 - Trusted node for grid computing - Google Patents

Trusted node for grid computing Download PDF

Info

Publication number
WO2009041801A2
WO2009041801A2 PCT/MY2008/000103 MY2008000103W WO2009041801A2 WO 2009041801 A2 WO2009041801 A2 WO 2009041801A2 MY 2008000103 W MY2008000103 W MY 2008000103W WO 2009041801 A2 WO2009041801 A2 WO 2009041801A2
Authority
WO
WIPO (PCT)
Prior art keywords
task
trusted
wrapped
grid computing
sub
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/MY2008/000103
Other languages
French (fr)
Other versions
WO2009041801A3 (en
Inventor
Kang Siong Ng
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mimos Bhd
Original Assignee
Mimos Bhd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mimos Bhd filed Critical Mimos Bhd
Publication of WO2009041801A2 publication Critical patent/WO2009041801A2/en
Publication of WO2009041801A3 publication Critical patent/WO2009041801A3/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs

Definitions

  • the present invention relates generally to computer system and more particularly, to a method and apparatus of securing computing task running on a trusted computing hardware node in a grid computing system.
  • a typical computing system may include a central processing unit (CPU) , memory (RAM) and other hardware devices as well as software resources such as an operating system (OS) and one or more application programs.
  • a computer system may be set as a stand alone, in a network, in a cluster or any other arrangements.
  • One of the most commonly mentioned computing setup is grid computing.
  • Grid computing enables the virtualization of distributed computing and data resources such as processing, network bandwidth and storage capacity to create a single system image, granting users and applications access to quite a huge number of IT possibilities.
  • organizations can optimize computing and data resources, pool them for large capacity workloads, share them across networks and enable collaboration .
  • Grid computing breaks up a computational task into smaller computation sub-tasks.
  • Trusted platform module has been put into practice to address security and integrity issue in relation to sharing hardware device (s) among multiple operating systems.
  • a TPM is a hardware component residing within a computing system and provides various facilities and services for enhancing the security of the computing system.
  • a trusted virtual machine monitor (TVMM) is a virtual machine monitor that utilizes TPM to establish root of trust of the software. In such TVMM, multiple operating systems can run on one TVMM. In such arrangement, each VMM may run on its operating software and execute it assigned tasks without realizing the other VMMs.
  • the proposed virtual trusted node processed the assigned task by sub-dividing the assigned task into sub-tasks, wrapping the software for the sub-task together with an operating system, sending the wrapped-task to a computer in the node, executing each of the wrapped- task with a trusted virtual machine monitor that interacts with a trusted platform module.
  • a method for creating a virtual trusted node within said grid computing system, each of said virtual trusted node is a computer adapted to execute an assigned task, said assigned task is first divided into a plurality of sub-tasks, characterized in that said method comprises the steps of:-
  • a trusted virtual machine monitor (30) that interacts with a trusted platform module (41) in the trusted node.
  • the each of the sub-tasks is executed by a virtual machine having connection to the trusted machine monitor and the trusted platform module.
  • the operating system is provided with only the necessary functions and services to execute the wrapped-task.
  • a trusted platform module (41) ;
  • said virtual trusted machine monitor (30) is adapted to execute an assigned task, said assigned task is first divided into a plurality of subtasks;
  • said virtual trusted node is created by creating a wrapped-task (11, 21) including wrapping a software for the sub-tasks together with an operating system (12, 22);
  • Figure 1 shows a block diagram representation of a virtual trusted node operating in a grid computing system of the present invention.
  • the computer apparatus (40) generally includes trusted hardware including at least a processor (not shown) , a memory device (not shown) and a storing device (also not shown) , and a software (not shown) that once executed, creates a trusted virtual machine monitor (30) and a trusted platform module (41) of the computer apparatus (40) .
  • the grid computing system of the present invention may share the trusted hardware across multiple operational environments where each of the virtual trusted nodes is allocated a specific sub-task to be performed.
  • the task is first divided into multiplicity of subtasks, and each of the sub-tasks is wrapped together with the software and the operating system (12), such process is called “wrapped-task (11, 21)" throughout the description.
  • the wrapped-task (11, 21) is then send to the computer apparatus (40) where each wrapped tasks correspond to a single virtual node in which the sub-task is to be executed.
  • the trusted virtual machine monitor (30) and the trusted platform module In essence, in any physical computer device, there will be multiplicity of these virtual nodes, each executing the assigned wrapped-task through the trusted virtual machine monitor (30) and the trusted platform module
  • the operating system (12) that is used to wrapped with the grid computing sub-task (11) software contains only necessary functions and services for the proper execution of the sub-task software.
  • Such operating system is called thin operating system due to minimum functions and services that it has to perform. Limiting unnecessary functions and services running on the operating system is for the purpose of reducing security exposure.
  • Each of the wrapped-task running on the trusted virtual machine monitor (30) forms the trusted node (10, 20) of the grid computing system.
  • the trusted virtual machine monitor (30) ensures only computing processes running in the wrapped-task is not affected by other software application running con-currently on commodity operating system (22) and the trusted virtual machine monitor (30) . AS a result, the integrity of the grid computing sub-task and memory could be preserved. Further, the trusted virtual machine monitor (30) also ensures that only wrapped- task from legitimate source is allowed to be executed in the computing apparatus and such feature is advantageously provided by the trusted platform module (41) on the computing apparatus.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Multi Processors (AREA)
  • Debugging And Monitoring (AREA)

Abstract

There is disclosed a method and apparatus adapted for securing computing process running on a computing hardware node in a grid computing system through the formation of virtual trusted node. Grid computing breaks up a computational task into a smaller computation sub-tasks. These sub-tasks are distributed to many computers where once executed, the results are returned to a centralized node for compilation. Data integrity and security becomes are of paramount concern. The proposed invention solve such a concern by providing a method of creating a virtual trusted node in a grid computing system through the creation of wrapped-task (11, 21) by wrapping a software for the sub-tasks together with an operating system (12, 22), sending the wrapped-task to the computer (40) in the grid computing system and executing the wrapped- task by way of a virtual machine monitor (30) and a trusted platform module (41). The operating system is provided with only the minimum and necessary functions to execute the wrapped-task. A computer apparatus (40) for creating such virtual trusted node is also disclosed.

Description

TRUSTED NODE FOR GRID COMPUTING
1. TECHNICAL FIELD OF THE INVENTION
The present invention relates generally to computer system and more particularly, to a method and apparatus of securing computing task running on a trusted computing hardware node in a grid computing system.
2. BACKGROUND OF THE INVENTION
A typical computing system may include a central processing unit (CPU) , memory (RAM) and other hardware devices as well as software resources such as an operating system (OS) and one or more application programs. To cater for the various computing requirements, a computer system may be set as a stand alone, in a network, in a cluster or any other arrangements. One of the most commonly mentioned computing setup is grid computing. Grid computing enables the virtualization of distributed computing and data resources such as processing, network bandwidth and storage capacity to create a single system image, granting users and applications access to quite a huge number of IT possibilities. With grid computing, organizations can optimize computing and data resources, pool them for large capacity workloads, share them across networks and enable collaboration . Grid computing breaks up a computational task into smaller computation sub-tasks. These sub-tasks are distributed to many computers where they are executed and the results are returned to a centralized node for compilation. Since the sub-tasks are executed at various computers, these sub-tasks are potentially exposed to threats by malicious codes running on the computers. These malicious codes can either modify or archive the results of the executed sub-task and hence the integrity and secrecy of the sub-tasks executions is in questions. Although there are various benefits associated with grid computing to execute a complex computational task, the issue of integrity and secrecy in grid computing has become a valid concern especially where the computational tasks involved secrets or the data integrity is paramount. Conventionally, these security concerns are being addressed by running the grid computing tasks on server farms within a trusted facility or facilities. However, high cost associated with the maintenance of such facilities become another issue altogether. Should the computation power of idle computers owned by the connected masses, the security issues discussed earlier should be addressed.
Trusted platform module (TPM) has been put into practice to address security and integrity issue in relation to sharing hardware device (s) among multiple operating systems. A TPM is a hardware component residing within a computing system and provides various facilities and services for enhancing the security of the computing system. A trusted virtual machine monitor (TVMM) is a virtual machine monitor that utilizes TPM to establish root of trust of the software. In such TVMM, multiple operating systems can run on one TVMM. In such arrangement, each VMM may run on its operating software and execute it assigned tasks without realizing the other VMMs. Although such prior trusted platform module discussed the feature of sharing hardware (s) among multiple OS within one TVMM, there is no indication for applying the principle of trusted node in grid computing system where each node in the grid computing is defined as TWM and running an assigned task, the TVMM having a multiplicity of VMMs, each possibly running on its own OS, and each of the VMMs is assigned with a sub-task for which the node within the grid computing is supposed to execute.
It is therefore an object of the present invention to provide a method and apparatus for creating a virtual trusted node for a grid computing system for which the security and integrity of the executed tasks and sub- tasks within the node are effectively ascertained. The proposed virtual trusted node processed the assigned task by sub-dividing the assigned task into sub-tasks, wrapping the software for the sub-task together with an operating system, sending the wrapped-task to a computer in the node, executing each of the wrapped- task with a trusted virtual machine monitor that interacts with a trusted platform module.
3. SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide a method for creating a virtual trusted node for a grid computing system. It is also another object of the present invention to provide virtual trusted node in a grid computing system where each virtual machines within the computing system is assigned with a wrapped task that includes a software for the sub-task and the operating system, the operating system is provided with only minimal functions and services.
These and other objects of the present invention are accomplished by providing,
In a grid computing system, a method is provided for creating a virtual trusted node within said grid computing system, each of said virtual trusted node is a computer adapted to execute an assigned task, said assigned task is first divided into a plurality of sub-tasks, characterized in that said method comprises the steps of:-
creating a wrapped-task (11, 21) by wrapping a software for the sub-tasks together with an operating system (12, 22);
sending the wrapped-task (11, 21) to the computer (40) in the grid computing system; and
executing the wrapped-task by way of a trusted virtual machine monitor (30) that interacts with a trusted platform module (41) in the trusted node.
Preferably, the each of the sub-tasks is executed by a virtual machine having connection to the trusted machine monitor and the trusted platform module. Also preferable, the operating system is provided with only the necessary functions and services to execute the wrapped-task.
The objects may be further accomplished by providing,
A computer apparatus (40) adapted for creating a virtual trusted node in a grid computing system, said computer apparatus comprises of:-
at least a trusted processor, a memory device and a storing device;
a software residing in that memory device that once executed, formed a trusted virtual machine monitor (30);
a trusted platform module (41) ; and
said virtual trusted machine monitor (30) is adapted to execute an assigned task, said assigned task is first divided into a plurality of subtasks;
characterized in that:-
said virtual trusted node is created by creating a wrapped-task (11, 21) including wrapping a software for the sub-tasks together with an operating system (12, 22);
sending the wrapped-task (11, 21) to the computer apparatus (40) in the grid computing system; and executing the wrapped-task by way of said virtual machine monitor (30) and said trusted platform module (41) .
4. BRIEF DESCRIPTION OF THE DRAWINGS
The embodiments of the invention will now be described, by way of example only, with reference to the accompanying figure in which :
Figure 1 shows a block diagram representation of a virtual trusted node operating in a grid computing system of the present invention.
5. DETAILED DESCRIPTION OF THE DRAWINGS
Referring to the figure, there is shown a block diagram representation of a virtual trusted node in a grid computing system configured according to the embodiment of the present invention. The computer apparatus (40) generally includes trusted hardware including at least a processor (not shown) , a memory device (not shown) and a storing device (also not shown) , and a software (not shown) that once executed, creates a trusted virtual machine monitor (30) and a trusted platform module (41) of the computer apparatus (40) .
The grid computing system of the present invention may share the trusted hardware across multiple operational environments where each of the virtual trusted nodes is allocated a specific sub-task to be performed. In operation, the task is first divided into multiplicity of subtasks, and each of the sub-tasks is wrapped together with the software and the operating system (12), such process is called "wrapped-task (11, 21)" throughout the description. The wrapped-task (11, 21) is then send to the computer apparatus (40) where each wrapped tasks correspond to a single virtual node in which the sub-task is to be executed. In essence, in any physical computer device, there will be multiplicity of these virtual nodes, each executing the assigned wrapped-task through the trusted virtual machine monitor (30) and the trusted platform module
(41) . The operating system (12) that is used to wrapped with the grid computing sub-task (11) software contains only necessary functions and services for the proper execution of the sub-task software. Such operating system is called thin operating system due to minimum functions and services that it has to perform. Limiting unnecessary functions and services running on the operating system is for the purpose of reducing security exposure.
Each of the wrapped-task running on the trusted virtual machine monitor (30) forms the trusted node (10, 20) of the grid computing system. The trusted virtual machine monitor (30) ensures only computing processes running in the wrapped-task is not affected by other software application running con-currently on commodity operating system (22) and the trusted virtual machine monitor (30) . AS a result, the integrity of the grid computing sub-task and memory could be preserved. Further, the trusted virtual machine monitor (30) also ensures that only wrapped- task from legitimate source is allowed to be executed in the computing apparatus and such feature is advantageously provided by the trusted platform module (41) on the computing apparatus.
While the preferred embodiments of the present invention have been described, it should be understood that various changes, adaptations and modifications may be made thereto. It should be understood, therefore, that the invention is not limited to details of the illustrated invention shown in the figures and that variations in such minor details will be apparent to one skilled in the art.

Claims

WHAT IS CLAIMED IS:
1. In a grid computing system, a method is provided for creating a virtual trusted node within said grid computing system, each of said virtual trusted node is a computer adapted to execute an assigned task, said assigned task is first divided into a plurality of sub-tasks, characterized in that said method comprises the steps of :-
creating a wrapped-task (11, 21) by wrapping a software for the sub-tasks together with an operating system (12, 22) ;
sending the wrapped-task (11, 21) to the computer (40) in the grid computing system; and
executing the wrapped-task by way of a trusted virtual machine monitor (30) that interacts with a trusted platform module (41) in the trusted node .
2. A method as claimed in claim 1, further characterized in that each of said sub-tasks is executed by a virtual machine (10, 20) having connection with said trusted virtual machine monitor (30) and said trusted platform module (41) .
3. A method as claimed in claim 2, further characterized in that said virtual machine (10,
20) is adapted to receive said wrapped-task (11,
21) .
4. A method as claimed in any of the preceding claims, further characterized in that said operating system is only provided with the necessary functions and services to execute said wrapped-task.
5. A computer apparatus (40) adapted for creating a virtual trusted node in a grid computing system, said computer apparatus comprises of:-
at least a trusted processor, a memory device and a storing device;
a software residing in that memory device that once executed, formed a trusted virtual machine monitor (30) ;
a trusted platform module (41); and
said virtual trusted machine monitor (30) is adapted to execute an assigned task, said assigned task is first divided into a plurality of subtasks;
characterized in that:-
said virtual trusted node is created by creating a wrapped-task (11, 21) including wrapping a software for the sub-tasks together with an operating system (12, 22); sending the wrapped-task (11, 21) to the computer apparatus (40) in the grid computing system; and
executing the wrapped-task by way of said virtual machine monitor (30) and said trusted platform module (41) .
6. A computer apparatus as claimed in claim 5, further characterized in that each of said sub- tasks (11, 21) is executed by the virtual machine (10, 20) having connection with the trusted virtual machine monitor (30) and said trusted platform module (41) .
7. A computer apparatus as claimed in claim 6, further characterized in that said virtual machine- (10, 20) is adapted to receive said wrapped-task (11, 21) .
8. A computer apparatus as claimed in any of claims 5 to 7, further characterized in that said operating system (12, 22) is only provided with the necessary functions and services to execute said wrapped-task.
PCT/MY2008/000103 2007-09-27 2008-09-19 Trusted node for grid computing Ceased WO2009041801A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
MYPI20071632 MY152190A (en) 2007-09-27 2007-09-27 Trusted node for grid computing
MYPI20071632 2007-09-27

Publications (2)

Publication Number Publication Date
WO2009041801A2 true WO2009041801A2 (en) 2009-04-02
WO2009041801A3 WO2009041801A3 (en) 2009-07-02

Family

ID=40512037

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/MY2008/000103 Ceased WO2009041801A2 (en) 2007-09-27 2008-09-19 Trusted node for grid computing

Country Status (2)

Country Link
MY (1) MY152190A (en)
WO (1) WO2009041801A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2468169A (en) * 2009-02-28 2010-09-01 Geoffrey Mark Timothy Cross A grid application implemented using a virtual machine.
US20110219380A1 (en) * 2010-03-08 2011-09-08 Microsoft Corporation Marshaling results of nested tasks

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7043522B2 (en) * 2002-05-30 2006-05-09 Microsoft Corporation Unbounded computing space
US7047425B2 (en) * 2002-07-19 2006-05-16 The Boeing Company Scaleable muti-level security method in object oriented open network systems
US7222062B2 (en) * 2003-12-23 2007-05-22 Intel Corporation Method and system to support a trusted set of operational environments using emulated trusted hardware

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2468169A (en) * 2009-02-28 2010-09-01 Geoffrey Mark Timothy Cross A grid application implemented using a virtual machine.
US20110219380A1 (en) * 2010-03-08 2011-09-08 Microsoft Corporation Marshaling results of nested tasks
CN102193822A (en) * 2010-03-08 2011-09-21 微软公司 Marshaling results of nested tasks
US8392922B2 (en) * 2010-03-08 2013-03-05 Microsoft Corporation Marshaling results of nested tasks
CN102193822B (en) * 2010-03-08 2015-08-26 微软技术许可有限责任公司 For the method and system of the marshalling of the result of nested task

Also Published As

Publication number Publication date
WO2009041801A3 (en) 2009-07-02
MY152190A (en) 2014-08-29

Similar Documents

Publication Publication Date Title
Caprolu et al. Edge computing perspectives: architectures, technologies, and open security issues
US11429442B2 (en) Parallel and distributed computing using multiple virtual machines
US7596790B2 (en) Allocating computing resources in a distributed environment
US8595361B2 (en) Virtual machine software license management
Obasuyi et al. Security challenges of virtualization hypervisors in virtualized hardware environment
Hong et al. Go serverless: Securing cloud via serverless design patterns
US20120265890A1 (en) Data streaming infrastructure for remote execution in a constrained environment
CN110175457B (en) A dual-architecture trusted operating system and method
Kuchler et al. Function as a Function
CN107423619A (en) A kind of method during the structure intelligent terminal WEB operations based on virtualization technology
Diab et al. Dynamic sharing of GPUs in cloud systems
CN101470634A (en) CPU resource scheduling method and virtual machine monitor, virtual machine system
Antony et al. Task scheduling algorithm with fault tolerance for cloud
US10223238B1 (en) Multiple-stage crash reporting
WO2009041801A2 (en) Trusted node for grid computing
Mainas et al. Sandboxing functions for efficient and secure multi-tenant serverless deployments
US20200225972A1 (en) Autonomously reproducing and destructing virtual machines
US20230156004A1 (en) Scalable and secure edge cluster registration
Ruhela et al. Characterizing containerized HPC applications performance at petascale on CPU and GPU architectures
US20230041845A1 (en) Running virtual machines within containers
Mentone et al. CUDA virtualization and remoting for GPGPU based acceleration offloading at the edge
Na’im Fikri Jamaluddin et al. Performance comparison of Java based parallel programming models
CN114579250A (en) Method, device and storage medium for constructing virtual cluster
Biswas et al. Portable parallel programming for the dynamic load balancing of unstructured grid applications
Gutiérrez-Aguado et al. Toward a transparent and efficient GPU cloudification architecture

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08833860

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08833860

Country of ref document: EP

Kind code of ref document: A2