Intrusion Detection and tolerance in Grid-based applications

With the increasing use of Grid-based applications, especially in business-driven scenarios, new types of cross-domain attacks which initiate from one site and then easily spread to other federated sites are expected to appear and become serious threats. In this paper, the need for dedicated Grid Intrusion Detection Systems (Grid-IDS) is motivated by giving such an example attack on a federated service protocol. A generic Grid-IDS architecture is presented as well as a concrete realization based on various Web services specifications. At the heart of the introduced Grid-IDS architecture is the correlation service, which receives the event information from sensors distributed across the federation and detects intrusions by analyzing and correlating the events. A protocol-aware correlation service is proposed, in which each service protocol is abstracted to a generic representation - a relationship of roles. Finally, based on the developed Grid-IDS and the gathered experiences, an approach towards intrusion tolerance is presented and discussed.