The authors of this paper address the problem of security management in multi-administrative grid computing networks. In these grid networks, nodes belonging to different administrative domains have different security policies but can collaborate with each other. As a result, attacks can easily be propagated from one domain to another, making it hard to pinpoint the source of the problem. To address this issue, the authors present a grid security operation center (GSOC), which detects attacks and shares selected security alerts with other trusted administrative domains in the same grid. Trust is based on an automated security evaluation of the administrative domains. The number of low-, medium-, and high-level alerts occurring in an administrative domain is evaluated to assign one of three security levels to it.
The authors compare GSOC with the existing distributed security operation center (DSOC), which was developed for traditional computer networks, by measuring their security alert rates in response to brute-force, denial-of-service (DoS), and distributed DoS (DDoS) attacks. This comparison shows that GSOC is better suited for grid networks since it can detect attacks, share alerts with other members of the network, and correlate alerts from other local sites. They also report that GSOC has a higher stability than either DSOC or the open-source security information management (OSSIM) system (for both of these approaches, the detection rate begins to degrade after a while). Furthermore, GSOC was able to provide a security situation overview in the event of severe distributed attacks, which other tools could not accomplish. The authors propose their GSOC as a prototype for grid computing network security solutions and, with some modifications, for deployment in cloud computing infrastructures.