Daonity – Grid security from two levels of virtualization

The service oriented architecture of grid computing has been thoughtfully engineered to achieve a service level virtualization: not only should a grid be a virtual machine (also known as a virtual organization, VO) of unbounded computational power and storage capacity, but also should the virtual machine be serviceable in all circumstances independent from serviceability of any of its component. At present, a grid VO as a result of service level virtualization only is more or less confined to participants from scientific computing communities, i.e., can have a limited scale. It is widely agreed that for a grid to pool resources of truly unbounded scale, commercial enterprises and in particular server-abundant financial institutions, should also “go for the grid,” i.e., open up their servers for being used by grid VO constructions. We believed that it is today's inadequate strength of the grid security practice that is the major hurdle to prevent commercial organizations from serving and participating the grid.This article presents the work of Daonity which is our attempt to strengthening grid security. We identify that a security service which we name behavior conformity be desirable for grid computing. Behavior conformity for grid computing is an assurance that ad hoc related principals (users, platforms or instruments) forming a grid VO must each act in conformity with the rules for the VO constitution. We apply trusted computing technologies to achieve two levels of virtualization: resource virtualization and platform virtualization. The former is about behavior conformity in a grid VO and the latter, that in an operating system. With these two levels of virtualization working together it is possible to build a grid of truly unbounded scale by VO including servers from commercial organizations.