Search Images Maps Play YouTube News Gmail Drive More »
Sign in
Screen reader users: click this link for accessible mode. Accessible mode has the same essential features but works better with your reader.

Patents

  1. Advanced Patent Search
Publication numberWO2009041801 A2
Publication typeApplication
Application numberPCT/MY2008/000103
Publication date2 Apr 2009
Filing date19 Sep 2008
Priority date27 Sep 2007
Also published asWO2009041801A3
Publication numberPCT/2008/103, PCT/MY/2008/000103, PCT/MY/2008/00103, PCT/MY/8/000103, PCT/MY/8/00103, PCT/MY2008/000103, PCT/MY2008/00103, PCT/MY2008000103, PCT/MY200800103, PCT/MY8/000103, PCT/MY8/00103, PCT/MY8000103, PCT/MY800103, WO 2009/041801 A2, WO 2009041801 A2, WO 2009041801A2, WO-A2-2009041801, WO2009/041801A2, WO2009041801 A2, WO2009041801A2
InventorsKang Siong Ng
ApplicantMimos Berhad
Export CitationBiBTeX, EndNote, RefMan
External Links: Patentscope, Espacenet
Trusted node for grid computing
WO 2009041801 A2
Abstract
There is disclosed a method and apparatus adapted for securing computing process running on a computing hardware node in a grid computing system through the formation of virtual trusted node. Grid computing breaks up a computational task into a smaller computation sub-tasks. These sub-tasks are distributed to many computers where once executed, the results are returned to a centralized node for compilation. Data integrity and security becomes are of paramount concern. The proposed invention solve such a concern by providing a method of creating a virtual trusted node in a grid computing system through the creation of wrapped-task (11, 21) by wrapping a software for the sub-tasks together with an operating system (12, 22), sending the wrapped-task to the computer (40) in the grid computing system and executing the wrapped- task by way of a virtual machine monitor (30) and a trusted platform module (41). The operating system is provided with only the minimum and necessary functions to execute the wrapped-task. A computer apparatus (40) for creating such virtual trusted node is also disclosed.
Claims  (OCR text may contain errors)
WHAT IS CLAIMED IS:
1. In a grid computing system, a method is provided for creating a virtual trusted node within said grid computing system, each of said virtual trusted node is a computer adapted to execute an assigned task, said assigned task is first divided into a plurality of sub-tasks, characterized in that said method comprises the steps of :-
creating a wrapped-task (11, 21) by wrapping a software for the sub-tasks together with an operating system (12, 22) ;
sending the wrapped-task (11, 21) to the computer (40) in the grid computing system; and
executing the wrapped-task by way of a trusted virtual machine monitor (30) that interacts with a trusted platform module (41) in the trusted node .
2. A method as claimed in claim 1, further characterized in that each of said sub-tasks is executed by a virtual machine (10, 20) having connection with said trusted virtual machine monitor (30) and said trusted platform module (41) .
3. A method as claimed in claim 2, further characterized in that said virtual machine (10,
20) is adapted to receive said wrapped-task (11,
21) .
4. A method as claimed in any of the preceding claims, further characterized in that said operating system is only provided with the necessary functions and services to execute said wrapped-task.
5. A computer apparatus (40) adapted for creating a virtual trusted node in a grid computing system, said computer apparatus comprises of:-
at least a trusted processor, a memory device and a storing device;
a software residing in that memory device that once executed, formed a trusted virtual machine monitor (30) ;
a trusted platform module (41); and
said virtual trusted machine monitor (30) is adapted to execute an assigned task, said assigned task is first divided into a plurality of subtasks;
characterized in that:-
said virtual trusted node is created by creating a wrapped-task (11, 21) including wrapping a software for the sub-tasks together with an operating system (12, 22); sending the wrapped-task (11, 21) to the computer apparatus (40) in the grid computing system; and
executing the wrapped-task by way of said virtual machine monitor (30) and said trusted platform module (41) .
6. A computer apparatus as claimed in claim 5, further characterized in that each of said sub- tasks (11, 21) is executed by the virtual machine (10, 20) having connection with the trusted virtual machine monitor (30) and said trusted platform module (41) .
7. A computer apparatus as claimed in claim 6, further characterized in that said virtual machine- (10, 20) is adapted to receive said wrapped-task (11, 21) .
8. A computer apparatus as claimed in any of claims 5 to 7, further characterized in that said operating system (12, 22) is only provided with the necessary functions and services to execute said wrapped-task.
Description  (OCR text may contain errors)

TRUSTED NODE FOR GRID COMPUTING

1. TECHNICAL FIELD OF THE INVENTION

The present invention relates generally to computer system and more particularly, to a method and apparatus of securing computing task running on a trusted computing hardware node in a grid computing system.

2. BACKGROUND OF THE INVENTION

A typical computing system may include a central processing unit (CPU) , memory (RAM) and other hardware devices as well as software resources such as an operating system (OS) and one or more application programs. To cater for the various computing requirements, a computer system may be set as a stand alone, in a network, in a cluster or any other arrangements. One of the most commonly mentioned computing setup is grid computing. Grid computing enables the virtualization of distributed computing and data resources such as processing, network bandwidth and storage capacity to create a single system image, granting users and applications access to quite a huge number of IT possibilities. With grid computing, organizations can optimize computing and data resources, pool them for large capacity workloads, share them across networks and enable collaboration . Grid computing breaks up a computational task into smaller computation sub-tasks. These sub-tasks are distributed to many computers where they are executed and the results are returned to a centralized node for compilation. Since the sub-tasks are executed at various computers, these sub-tasks are potentially exposed to threats by malicious codes running on the computers. These malicious codes can either modify or archive the results of the executed sub-task and hence the integrity and secrecy of the sub-tasks executions is in questions. Although there are various benefits associated with grid computing to execute a complex computational task, the issue of integrity and secrecy in grid computing has become a valid concern especially where the computational tasks involved secrets or the data integrity is paramount. Conventionally, these security concerns are being addressed by running the grid computing tasks on server farms within a trusted facility or facilities. However, high cost associated with the maintenance of such facilities become another issue altogether. Should the computation power of idle computers owned by the connected masses, the security issues discussed earlier should be addressed.

Trusted platform module (TPM) has been put into practice to address security and integrity issue in relation to sharing hardware device (s) among multiple operating systems. A TPM is a hardware component residing within a computing system and provides various facilities and services for enhancing the security of the computing system. A trusted virtual machine monitor (TVMM) is a virtual machine monitor that utilizes TPM to establish root of trust of the software. In such TVMM, multiple operating systems can run on one TVMM. In such arrangement, each VMM may run on its operating software and execute it assigned tasks without realizing the other VMMs. Although such prior trusted platform module discussed the feature of sharing hardware (s) among multiple OS within one TVMM, there is no indication for applying the principle of trusted node in grid computing system where each node in the grid computing is defined as TWM and running an assigned task, the TVMM having a multiplicity of VMMs, each possibly running on its own OS, and each of the VMMs is assigned with a sub-task for which the node within the grid computing is supposed to execute.

It is therefore an object of the present invention to provide a method and apparatus for creating a virtual trusted node for a grid computing system for which the security and integrity of the executed tasks and sub- tasks within the node are effectively ascertained. The proposed virtual trusted node processed the assigned task by sub-dividing the assigned task into sub-tasks, wrapping the software for the sub-task together with an operating system, sending the wrapped-task to a computer in the node, executing each of the wrapped- task with a trusted virtual machine monitor that interacts with a trusted platform module.

3. SUMMARY OF THE INVENTION

It is therefore an object of the present invention to provide a method for creating a virtual trusted node for a grid computing system. It is also another object of the present invention to provide virtual trusted node in a grid computing system where each virtual machines within the computing system is assigned with a wrapped task that includes a software for the sub-task and the operating system, the operating system is provided with only minimal functions and services.

These and other objects of the present invention are accomplished by providing,

In a grid computing system, a method is provided for creating a virtual trusted node within said grid computing system, each of said virtual trusted node is a computer adapted to execute an assigned task, said assigned task is first divided into a plurality of sub-tasks, characterized in that said method comprises the steps of:-

creating a wrapped-task (11, 21) by wrapping a software for the sub-tasks together with an operating system (12, 22);

sending the wrapped-task (11, 21) to the computer (40) in the grid computing system; and

executing the wrapped-task by way of a trusted virtual machine monitor (30) that interacts with a trusted platform module (41) in the trusted node.

Preferably, the each of the sub-tasks is executed by a virtual machine having connection to the trusted machine monitor and the trusted platform module. Also preferable, the operating system is provided with only the necessary functions and services to execute the wrapped-task.

The objects may be further accomplished by providing,

A computer apparatus (40) adapted for creating a virtual trusted node in a grid computing system, said computer apparatus comprises of:-

at least a trusted processor, a memory device and a storing device;

a software residing in that memory device that once executed, formed a trusted virtual machine monitor (30);

a trusted platform module (41) ; and

said virtual trusted machine monitor (30) is adapted to execute an assigned task, said assigned task is first divided into a plurality of subtasks;

characterized in that:-

said virtual trusted node is created by creating a wrapped-task (11, 21) including wrapping a software for the sub-tasks together with an operating system (12, 22);

sending the wrapped-task (11, 21) to the computer apparatus (40) in the grid computing system; and executing the wrapped-task by way of said virtual machine monitor (30) and said trusted platform module (41) .

4. BRIEF DESCRIPTION OF THE DRAWINGS

The embodiments of the invention will now be described, by way of example only, with reference to the accompanying figure in which :

Figure 1 shows a block diagram representation of a virtual trusted node operating in a grid computing system of the present invention.

5. DETAILED DESCRIPTION OF THE DRAWINGS

Referring to the figure, there is shown a block diagram representation of a virtual trusted node in a grid computing system configured according to the embodiment of the present invention. The computer apparatus (40) generally includes trusted hardware including at least a processor (not shown) , a memory device (not shown) and a storing device (also not shown) , and a software (not shown) that once executed, creates a trusted virtual machine monitor (30) and a trusted platform module (41) of the computer apparatus (40) .

The grid computing system of the present invention may share the trusted hardware across multiple operational environments where each of the virtual trusted nodes is allocated a specific sub-task to be performed. In operation, the task is first divided into multiplicity of subtasks, and each of the sub-tasks is wrapped together with the software and the operating system (12), such process is called "wrapped-task (11, 21)" throughout the description. The wrapped-task (11, 21) is then send to the computer apparatus (40) where each wrapped tasks correspond to a single virtual node in which the sub-task is to be executed. In essence, in any physical computer device, there will be multiplicity of these virtual nodes, each executing the assigned wrapped-task through the trusted virtual machine monitor (30) and the trusted platform module

(41) . The operating system (12) that is used to wrapped with the grid computing sub-task (11) software contains only necessary functions and services for the proper execution of the sub-task software. Such operating system is called thin operating system due to minimum functions and services that it has to perform. Limiting unnecessary functions and services running on the operating system is for the purpose of reducing security exposure.

Each of the wrapped-task running on the trusted virtual machine monitor (30) forms the trusted node (10, 20) of the grid computing system. The trusted virtual machine monitor (30) ensures only computing processes running in the wrapped-task is not affected by other software application running con-currently on commodity operating system (22) and the trusted virtual machine monitor (30) . AS a result, the integrity of the grid computing sub-task and memory could be preserved. Further, the trusted virtual machine monitor (30) also ensures that only wrapped- task from legitimate source is allowed to be executed in the computing apparatus and such feature is advantageously provided by the trusted platform module (41) on the computing apparatus.

While the preferred embodiments of the present invention have been described, it should be understood that various changes, adaptations and modifications may be made thereto. It should be understood, therefore, that the invention is not limited to details of the illustrated invention shown in the figures and that variations in such minor details will be apparent to one skilled in the art.

Patent Citations
Cited PatentFiling datePublication dateApplicantTitle
US7047425 *19 Jul 200216 May 2006The Boeing CompanyScaleable muti-level security method in object oriented open network systems
US20030225822 *30 May 20024 Dec 2003Microsoft CorporationUnbounded computing space
US20050138370 *23 Dec 200323 Jun 2005Goud Gundrala D.Method and system to support a trusted set of operational environments using emulated trusted hardware
Referenced by
Citing PatentFiling datePublication dateApplicantTitle
CN102193822A *7 Mar 201121 Sep 2011微软公司Marshaling results of nested tasks
CN102193822B *7 Mar 201126 Aug 2015微软技术许可有限责任公司用于嵌套任务的结果的编组的方法和系统
US8392922 *8 Mar 20105 Mar 2013Microsoft CorporationMarshaling results of nested tasks
US20110219380 *8 Mar 20108 Sep 2011Microsoft CorporationMarshaling results of nested tasks
Classifications
International ClassificationG06F15/16
Cooperative ClassificationG06F15/16
European ClassificationG06F15/16
Legal Events
DateCodeEventDescription
3 Jun 2009121Ep: the epo has been informed by wipo that ep was designated in this application
Ref document number: 08833860
Country of ref document: EP
Kind code of ref document: A2
30 Mar 2010NENPNon-entry into the national phase in:
Ref country code: DE
3 Nov 2010122Ep: pct application non-entry in european phase
Ref document number: 08833860
Country of ref document: EP
Kind code of ref document: A2