|Publication number||WO2009041801 A2|
|Publication date||2 Apr 2009|
|Filing date||19 Sep 2008|
|Priority date||27 Sep 2007|
|Also published as||WO2009041801A3|
|Publication number||PCT/2008/103, PCT/MY/2008/000103, PCT/MY/2008/00103, PCT/MY/8/000103, PCT/MY/8/00103, PCT/MY2008/000103, PCT/MY2008/00103, PCT/MY2008000103, PCT/MY200800103, PCT/MY8/000103, PCT/MY8/00103, PCT/MY8000103, PCT/MY800103, WO 2009/041801 A2, WO 2009041801 A2, WO 2009041801A2, WO-A2-2009041801, WO2009/041801A2, WO2009041801 A2, WO2009041801A2|
|Inventors||Kang Siong Ng|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (3), Non-Patent Citations (1), Referenced by (4), Classifications (3), Legal Events (3)|
|External Links: Patentscope, Espacenet|
TRUSTED NODE FOR GRID COMPUTING
1. TECHNICAL FIELD OF THE INVENTION
The present invention relates generally to computer system and more particularly, to a method and apparatus of securing computing task running on a trusted computing hardware node in a grid computing system.
2. BACKGROUND OF THE INVENTION
A typical computing system may include a central processing unit (CPU) , memory (RAM) and other hardware devices as well as software resources such as an operating system (OS) and one or more application programs. To cater for the various computing requirements, a computer system may be set as a stand alone, in a network, in a cluster or any other arrangements. One of the most commonly mentioned computing setup is grid computing. Grid computing enables the virtualization of distributed computing and data resources such as processing, network bandwidth and storage capacity to create a single system image, granting users and applications access to quite a huge number of IT possibilities. With grid computing, organizations can optimize computing and data resources, pool them for large capacity workloads, share them across networks and enable collaboration . Grid computing breaks up a computational task into smaller computation sub-tasks. These sub-tasks are distributed to many computers where they are executed and the results are returned to a centralized node for compilation. Since the sub-tasks are executed at various computers, these sub-tasks are potentially exposed to threats by malicious codes running on the computers. These malicious codes can either modify or archive the results of the executed sub-task and hence the integrity and secrecy of the sub-tasks executions is in questions. Although there are various benefits associated with grid computing to execute a complex computational task, the issue of integrity and secrecy in grid computing has become a valid concern especially where the computational tasks involved secrets or the data integrity is paramount. Conventionally, these security concerns are being addressed by running the grid computing tasks on server farms within a trusted facility or facilities. However, high cost associated with the maintenance of such facilities become another issue altogether. Should the computation power of idle computers owned by the connected masses, the security issues discussed earlier should be addressed.
Trusted platform module (TPM) has been put into practice to address security and integrity issue in relation to sharing hardware device (s) among multiple operating systems. A TPM is a hardware component residing within a computing system and provides various facilities and services for enhancing the security of the computing system. A trusted virtual machine monitor (TVMM) is a virtual machine monitor that utilizes TPM to establish root of trust of the software. In such TVMM, multiple operating systems can run on one TVMM. In such arrangement, each VMM may run on its operating software and execute it assigned tasks without realizing the other VMMs. Although such prior trusted platform module discussed the feature of sharing hardware (s) among multiple OS within one TVMM, there is no indication for applying the principle of trusted node in grid computing system where each node in the grid computing is defined as TWM and running an assigned task, the TVMM having a multiplicity of VMMs, each possibly running on its own OS, and each of the VMMs is assigned with a sub-task for which the node within the grid computing is supposed to execute.
It is therefore an object of the present invention to provide a method and apparatus for creating a virtual trusted node for a grid computing system for which the security and integrity of the executed tasks and sub- tasks within the node are effectively ascertained. The proposed virtual trusted node processed the assigned task by sub-dividing the assigned task into sub-tasks, wrapping the software for the sub-task together with an operating system, sending the wrapped-task to a computer in the node, executing each of the wrapped- task with a trusted virtual machine monitor that interacts with a trusted platform module.
3. SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide a method for creating a virtual trusted node for a grid computing system. It is also another object of the present invention to provide virtual trusted node in a grid computing system where each virtual machines within the computing system is assigned with a wrapped task that includes a software for the sub-task and the operating system, the operating system is provided with only minimal functions and services.
These and other objects of the present invention are accomplished by providing,
In a grid computing system, a method is provided for creating a virtual trusted node within said grid computing system, each of said virtual trusted node is a computer adapted to execute an assigned task, said assigned task is first divided into a plurality of sub-tasks, characterized in that said method comprises the steps of:-
creating a wrapped-task (11, 21) by wrapping a software for the sub-tasks together with an operating system (12, 22);
sending the wrapped-task (11, 21) to the computer (40) in the grid computing system; and
executing the wrapped-task by way of a trusted virtual machine monitor (30) that interacts with a trusted platform module (41) in the trusted node.
Preferably, the each of the sub-tasks is executed by a virtual machine having connection to the trusted machine monitor and the trusted platform module. Also preferable, the operating system is provided with only the necessary functions and services to execute the wrapped-task.
The objects may be further accomplished by providing,
A computer apparatus (40) adapted for creating a virtual trusted node in a grid computing system, said computer apparatus comprises of:-
at least a trusted processor, a memory device and a storing device;
a software residing in that memory device that once executed, formed a trusted virtual machine monitor (30);
a trusted platform module (41) ; and
said virtual trusted machine monitor (30) is adapted to execute an assigned task, said assigned task is first divided into a plurality of subtasks;
characterized in that:-
said virtual trusted node is created by creating a wrapped-task (11, 21) including wrapping a software for the sub-tasks together with an operating system (12, 22);
sending the wrapped-task (11, 21) to the computer apparatus (40) in the grid computing system; and executing the wrapped-task by way of said virtual machine monitor (30) and said trusted platform module (41) .
4. BRIEF DESCRIPTION OF THE DRAWINGS
The embodiments of the invention will now be described, by way of example only, with reference to the accompanying figure in which :
Figure 1 shows a block diagram representation of a virtual trusted node operating in a grid computing system of the present invention.
5. DETAILED DESCRIPTION OF THE DRAWINGS
Referring to the figure, there is shown a block diagram representation of a virtual trusted node in a grid computing system configured according to the embodiment of the present invention. The computer apparatus (40) generally includes trusted hardware including at least a processor (not shown) , a memory device (not shown) and a storing device (also not shown) , and a software (not shown) that once executed, creates a trusted virtual machine monitor (30) and a trusted platform module (41) of the computer apparatus (40) .
The grid computing system of the present invention may share the trusted hardware across multiple operational environments where each of the virtual trusted nodes is allocated a specific sub-task to be performed. In operation, the task is first divided into multiplicity of subtasks, and each of the sub-tasks is wrapped together with the software and the operating system (12), such process is called "wrapped-task (11, 21)" throughout the description. The wrapped-task (11, 21) is then send to the computer apparatus (40) where each wrapped tasks correspond to a single virtual node in which the sub-task is to be executed. In essence, in any physical computer device, there will be multiplicity of these virtual nodes, each executing the assigned wrapped-task through the trusted virtual machine monitor (30) and the trusted platform module
(41) . The operating system (12) that is used to wrapped with the grid computing sub-task (11) software contains only necessary functions and services for the proper execution of the sub-task software. Such operating system is called thin operating system due to minimum functions and services that it has to perform. Limiting unnecessary functions and services running on the operating system is for the purpose of reducing security exposure.
Each of the wrapped-task running on the trusted virtual machine monitor (30) forms the trusted node (10, 20) of the grid computing system. The trusted virtual machine monitor (30) ensures only computing processes running in the wrapped-task is not affected by other software application running con-currently on commodity operating system (22) and the trusted virtual machine monitor (30) . AS a result, the integrity of the grid computing sub-task and memory could be preserved. Further, the trusted virtual machine monitor (30) also ensures that only wrapped- task from legitimate source is allowed to be executed in the computing apparatus and such feature is advantageously provided by the trusted platform module (41) on the computing apparatus.
While the preferred embodiments of the present invention have been described, it should be understood that various changes, adaptations and modifications may be made thereto. It should be understood, therefore, that the invention is not limited to details of the illustrated invention shown in the figures and that variations in such minor details will be apparent to one skilled in the art.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US7047425 *||19 Jul 2002||16 May 2006||The Boeing Company||Scaleable muti-level security method in object oriented open network systems|
|US20030225822 *||30 May 2002||4 Dec 2003||Microsoft Corporation||Unbounded computing space|
|US20050138370 *||23 Dec 2003||23 Jun 2005||Goud Gundrala D.||Method and system to support a trusted set of operational environments using emulated trusted hardware|
|1||*||'Proc. of the 6th IEEE International Symposium on Cluster Computing and the Grid', 2006, IEEE COMPUTER SOCIETY article COOPER ET AL.: 'Towards a secure, tamper-proof grid platform', pages 373 - 380|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|CN102193822A *||7 Mar 2011||21 Sep 2011||微软公司||Marshaling results of nested tasks|
|CN102193822B *||7 Mar 2011||26 Aug 2015||微软技术许可有限责任公司||用于嵌套任务的结果的编组的方法和系统|
|US8392922 *||8 Mar 2010||5 Mar 2013||Microsoft Corporation||Marshaling results of nested tasks|
|US20110219380 *||8 Mar 2010||8 Sep 2011||Microsoft Corporation||Marshaling results of nested tasks|
|3 Jun 2009||121||Ep: the epo has been informed by wipo that ep was designated in this application|
Ref document number: 08833860
Country of ref document: EP
Kind code of ref document: A2
|30 Mar 2010||NENP||Non-entry into the national phase in:|
Ref country code: DE
|3 Nov 2010||122||Ep: pct application non-entry in european phase|
Ref document number: 08833860
Country of ref document: EP
Kind code of ref document: A2