Security enhanced kernels in EDG/LCG enabled clusters --WITHDRAWN--
Presented by Mr. Marcus HARDT
Session: Poster Session 2
Track: Track 4 - Distributed Computing Services
In the HEP environment, clusters are running jobs comming from other sites and usually also from a relatively unknown user community -- Virtual Organizations of geographically distributed people. In this context, security is crucial! Much more crucial than in the case of cluster accepting only batch jobs from local users of an institution. A security breach could, for instance, let the attackers get access to the grid-certificates i.e. steal identities of many users in the Grid. Since the overall security of an insfrastructure is only as strong as the weakest link it is very important to make it certain that layers on top of which we build our higher lever Grid services are solid. Therefore, in parallel to the normal ways of dealing with security in the server code, a hardening of the Linux Kernel itself should be seriously considered. In this work we report on our experience with some of those hardened kernels in a Grid cluster running EDG/LCG middleware. Although some of the solutions provide the highest level of security in these kernels, they can also restrict the access that applications need to have to the system. Therefore it is particularly important to know beforehand which features can be enabled in the kernel, and which ones will lead to funtionally non-working nodes.