Scoping security issues for interactive grids

Grid computing allows flexible resource sharing among geographically distributed computing resources in multiple administrative domains. Virtualization of resources allows jobs to be run on remote resources participating in a grid. While this computing paradigm has been used primarily for batch jobs, we study interactive grid applications rich in graphics and multimedia such as scientific visualization and digital content creation. A host of security issues need to be addressed for such interactive grids to gain acceptance, particularly in industry. The purpose of this paper is to study these security issues. The grid security infrastructure (GSI), a component of the Globus Toolkit (I. Foster et al., 1997), creates grid credentials for every user and resource. We describe how this may be extended to securely set up an interactive session on a remote host, and the additional security issues associated with interactive session management. We propose controlled shell and controlled desktop mechanisms that restrict the user to execute only authorized commands and applications, and controlled user and super-user accounts that customize the shell and desktop using policy files. We also propose a new approach to scoping the security needs of grid systems by defining three generic scenarios: mutual trust, partial trust and mutual distrust. New security issues arise when the user may not be trusted, or the user and the host computer´s owner are mutually suspicious.