USENIX 2004 Annual Technical Conference, FREENIX Track Abstract
Pp. 231236 of the Proceedings
A New Distributed Security Model for Linux Clusters
Makan Pourzandi, Open Systems Lab, Ericsson Research
Abstract
With the increasing use of clusters in different domains,
efficient and flexible security has now become an essential
requirement for clusters, though many security
mechanisms exist, there is a need to develop more flexible
and coherent security mechanisms for large distributed
applications.
In this paper, we present the need for a unified cluster
wide security space for large distributed applications.
Based on these needs, we propose a new security
model that implements security zones inside the cluster.
The model is an extension to Mandatory Access Control
(MAC) mechanisms used at node level to the whole
cluster with processes as basic security entities.
We designed this model with clustered Linux servers
running carrier-grade applications in mind but this
model can be used in any domain that needs Linux clusters
running large distributed applications continuously
with no interruptions. We prove the feasibility of this
approach through an open source implementation of the
concept [1].
- View the full text of this paper in PDF.
The Proceedings are published as a collective work, © 2004 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
|