CS6703-GRID AND CLOUD COMPUTING

DEPARTMENT OF CSE/IT – ANNA UNIVERSITY

IMPORTANT QUESTIONS WITH ANSWERS - DEFINITIONS

UNIT -4 SECURITY

PART-A

1. What are the functions present in GSI

GSI may be thought of as being composed of four distinct functions:
 message protection,
 authentication
 Delegation
 authorization.
2. What are the challenges of grid sites?
 The first challenge is integration with existing systems and technologies.
 The second challenge is interoperability with different hosting environments.
 The third challenge is to construct trust relationships among interacting hosting
environments.
3. Define Reputation-Based Trust Model
In a reputation-based model, jobs are sent to a resource site only when the site is trustworthy to
meet users’ demands. The site trustworthiness is usually calculated from the following information:
the defense capability, direct reputation, and recommendation trust.
4. Define direct reputation
Direct reputation is based on experiences of prior jobs previously submitted to the site. The
reputation is measured by many factors such as prior job execution success rate, cumulative site
utilization, job turnaround time, job slowdown ratio, and so on. A positive experience associated
with a site will improve its reputation. On the contrary, a negative experience with a site will
decrease its reputation.
5. What are the major authentication methods in the grid?
The major authentication methods in the grid include passwords, PKI, and Kerberos. The password is
the simplest method to identify users, but the most vulnerable one to use. The PKI is the most
popular method supported by GSI.
6. List the types of authority in grid
The authority can be classified into three categories: attribute authorities, policy authorities, and
identity authorities. Attribute authorities issue attribute assertions; policy authorities issue
authorization policies; identity authorities; issue certificates. The authorization server makes the
final authorization decision.
7. Define grid security infrastructure
The Grid Security Infrastructure (GSI), formerly called the Globus Security Infrastructure, is a
specification for secret, tamper-proof, delegatable communication between software in a grid
computing environment. Secure, authenticable communication is enabled using asymmetric
encryption.
8. List the protection mechanisms in GSI
GSI allows three additional protection mechanisms. The first is integrity protection, by which a
receiver can verify that messages were not altered in transit from the sender. The second is
encryption, by which messages can be protected to provide confidentiality. The third is replay
prevention, by which a receiver can verify that it has not.
9. What is the primary information of GSI?
GSI authentication, a certificate includes four primary pieces of information:
 a subject name, which identifies the person or object that the certificate represents;
 the public key belonging to the subject;
 the identity of a CA that has signed the certificate to certify that the public key and the
identity both belong to the subject;
 the digital signature of the named CA.
10. Define blue pill
The blue pill is malware that executes as a hypervisor to gain control of computer resources. The
hypervisor installs without requiring a restart and the computer functions normally, without
degradation of speed or services, which makes detection difficult.
11. What are the host security threats in public IaaS? (Dec 2017)
 Stealing keys used to access and manage hosts (e.g., SSH private keys)
 Attacking unpatched, vulnerable services listening on standard ports (e.g., FTP, SSH)
 Hijacking accounts that are not properly secured (i.e., no passwords for standard accounts)
 Attacking systems that are not properly secured by host firewalls
 Deploying Trojans embedded in the software component in the VM or within the VM image
(the OS) itself
12. List the Public Cloud Security Limitations
 There are limitations to the public cloud when it comes to support for custom security
features. Security requirements such as an application firewall, SSL accelerator,
cryptography, or rights management using a device that supports PKCS 12 are not supported
in a public SaaS, PaaS, or IaaS cloud.
 Any mitigation controls that require deployment of an appliance or locally
 attached peripheral devices in the public IaaS/PaaS cloud are not feasible.
13. Define Data lineage
Data lineage is defined as a data life cycle that includes the data's origins and where it moves over
time. It describes what happens to data as it goes through diverse processes. It helps provide
visibility into the analytics pipeline and simplifies tracing errors back to their sources.
14. Discuss on the application and use of identity and access management. (Dec‟16)
Identity and Access Management (IAM) is used to manage access to resources by assuring that the
identity of an entity is verified, then granting the correct level of access based on the protected
resources.
15. What are the IAM processes operational activities.
 Provisioning
 Credential and attribute management
 Entitlement management
 Compliance management
 Identity federation management
16. What are the functions of Cloud identity administrative?
Cloud identity administrative functions should focus on life cycle management of user identities in
the cloud—provisioning, deprovisioning, identity federation, SSO, password or credentials
management, profile management, and administrative management. Organizations that are not
capable of supporting federation should explore cloud-based identity management services.
17. Mention the importance of Transport Level Security (Dec‟16)
Transport Level Security (TLS) entails SOAP messages conveyed over a network connection protected
by TLS. TLS provides for both integrity protection and piracy. Transport Level Security is supported
today as a higher performance alternative to the more standard driven, message level security.
18. What is meant by the terms data-in-transit
It is the process of the transfer of the data between all of the versions of the original file, especially
when data may be in transit on the Internet. It is data that is exiting the network via email, web, or
other Internet protocols.
19. List the IAM process business category
 User management
 Authentication management
 Authorization management
 Access management
 Data management and provisioning
 Monitoring and auditing
20. What are the key components of IAM automation process?
 User Management, New Users
 User Management, User Modifications
 Authentication Management
 Authorization Management
21. What are the various Challenges in building the trust environment? (Apr/May 2017)
 Identification
 Privacy
 Personalization
 Integration
 Security
 Scalability
22. Identify the trust model based on site’s trust worthiness. (Dec 2017)
 A user job demands the resource site to provide security assurance by issuing a security
demand (SD).
 On the other hand, the site needs to reveal its trustworthiness, called its trust index (TI).
 These two parameters must satisfy a security-assurance condition: TI ≥ SD during the job
mapping process.
 When determining its security demand, users usually care about some typical attributes.
23. Write the brief note on the security requirements of grid? (Apr/May 2017)
 Authentication
 Authorization
 Assurance/accreditation
 Accounting
 Audit