Sandboxing for a free-to-join grid with support for secure site-wide storage area

Grid computing enables different institutions to access each other´s resources, and hence requires very strong security guarantees. We here explore how visualization was used to provide security for OurGrid, an easy-to-use free-to-join grid that supports bag-of-tasks applications. OurGrid poses interesting security challenges. It is free-to-join (which means one runs unknown applications) and strives for simplicity (which means that configuration must be trivial). We show how we have dealt with such challenges by using Xen to virtualize a single machine, and VNET, OCFS2 and NFS to virtualize a site-wide shared file system, creating a sandboxing solution called SWAN. We evaluate SWANs security and performance. Our results indicate that SWAN is efficient in the single machine virtualization, but less so for the shared file system. Yet, a site-wide file system enables grid jobs to reuse files already transferred to other machines in the site, avoiding expensive inter-site file transfer.