Security on the Grid
A powerful new vision of computing—called grid computing—is becoming a reality. Although the web now facilitates data access, it is limited by storage and computing capabilities. Grid computing takes one step further by connecting servers around the world, pooling resources and sharing computing power and data storage. Today's grids are invaluable tools for large-scale scientific projects like the Large Hadron Collider (LHC).
"Grid computing spans across organizations and across countries," said Bob Cowles, SLAC's Computer Security Officer. "Developing such a grid is a very difficult problem, and the LHC experiments are depending on grids for all their analyses when the machine becomes operational at the end of the year." Cowles also works with the Open Science Grid (OSG), a distributed computing infrastructure for scientific research. SLAC is a charter member of the OSG.
A primary example of grid computing is SLAC's role as a Tier 2 computing center for the ATLAS (A Toroidal LHC ApparatuS) Collaboration. In this capacity, SLAC and other institutions will provide computing resources for the entire scientific community. Grid software is still rapidly evolving, but eventually researchers will be able to take advantage of computing power from every corner of the planet. "You don't care where the job gets run," Cowles said. "You just send it off and you get your results back."
One of the most difficult challenges of grid computing is security for thousands of worldwide users. In a fashion similar to what is used for web security, a researcher who wants to access the grid is issued a digital form of identification called a certificate. This allows experiments to ensure that only authorized researchers use their grid resources and allows Cowles and other security officers to track down suspicious cyber-behavior.
Without the grid, researchers need computer accounts specific to the particular computing facility they are using—BaBar, for example, might require a researcher to get separate accounts at SLAC, the Rutherford Appleton Laboratory (RAL) in the UK, the Institut National de Physique Nucléaire et de Physique des Particules (IN2P3) in France, and the Istituto Nazionale di Fisica Nucleare (INFN) in Italy. But once computing resources are unified on a grid, users will only need one certificate to use the computing facilities of dozens of institutions.
Cowles' role in developing grid security involves finding security standards that are acceptable to both researchers and computing facilities in all parts of the world. This is a complicated endeavor, as it requires substantial coordination across many organizations with differing computer security models.
"Grid computing is forcing us to find new ways to deal with security and how grid participants find new ways to enhance trust and reduce risk," Cowles said. "It's a big change for SLAC and the entire scientific community."
—Marcus Woo, March 2, 2007