Trusted Grid computing demands on-line scheduling of parallel jobs with secure outsourcing over Grid sites owned by different organizations. We developed a new security binding technique through trust integration and optimized heuristic scheduling on multiple Grid sites.

A Fuzzy trust model is proposed for distributed security enforcement. Security binding is implemented with prior job-execution experiences on target platforms. Trust integration leads to fortified site security, frequent policy update, using stateful firewalls, and self-defense capabilities, etc. The Grid security is enforced by PKI and encrypted tunnels between private networks. These security measures are meant to establish long-term trust relationship among resource sites.

Five performance metrics are developed to measure the effects of security binding through trust integration among Grid resource sites. The performance results are based on NAS benchmark experiments on simulated Grid configurations at USC.

Scalable Grid performance is enabled by matching the security demand from user jobs with the trust index of distributed Grid resource sites. Kiviat graph depicts compound Grid performance including the makespan, site utilization, job failure rate, job response time, and slowdown ratio. Trusted job outsourcing makes it possible to use open Grid resources with confidence, guaranteed performance, and controllable risks.

Most reputation systems are based on collecting, aggregating and disseminating feedbacks. A TON is a virtual overlay network representing the trust relationship among peers. With empirical scrutiny of eBay trace data, we observe node degree of TON exhibits a power-law distribution. Power-law distribution in TON applies to any dynamically growing P2P systems

A DynaTrust system efficiently and effectively aggregates local scores to global reputation for P2P systems. DynaTrust is based on strategies of Look ahead Random Walk (LRW) and Distributed Sorting Mechanism (DSM). LRW is especially efficient in power-law TON with small message overhead and with DSM.

A distributed worm signature detection and dissemination system deployed at multiple edge networks. Distributed aggregation trees (DATs) are constructed to aggregate global information. A signature is identified if both the global prevalence and address dispersion are greater than thresholds. Signatures are disseminated to other monitors using efficient broadcasting on Chord overlay.

Simulated CodeRed-like worms on an Internet configuration of 105,246 edge networks and 338,562 vulnerable hosts. Use BGP table snapshot on July 19th, 2001 from RouteViews. Collaborative monitors detect signatures about 10 times faster than using independent monitors when Gp=10,000. About 27 times reduction of infected hosts as 1% of vulnerable edge networks being monitored.

Periodic shrew DDoS attacks throttle legitimate TCP flows by creating low-rate pulsing type of congestions. Characterized as stealthy and harder-to-detect attacks beyond the capability of ordinary traffic volume analysis tools. Cause more damages as the victims may not be aware of the shrew attacks for a long time.

The defense solution is based on the recognition of very low power spectral distribution in shrew DDoS flows. Through NS2 simulation experiments, we proved that the defense scheme can effectively segregate malicious shrew DDoS flows from the legitimate TCP flows. The legitimate TCP flows are thus rescued under shrew attacks.

Based on the inherent temporal relations among intrusion alerts. Number of alerts is reduced for more than 90%. Most attack patterns are disrupted with low mis-prediction rates. Performance insensitive to parameter variations lead to easier implementation.

Combine misuse-based IDS with Anomaly Detection System to detect both attacks with and without signatures. Datamining of Internet connection episodes for normal traffic profiling and automated attack signature generation.

The experiment is based on DARPA 1999 Intrusion Detection Evaluation Data Set mixed with real network data from USC. On the average, the CIDAS outperforms Snort and ADS by 51% and 40% improvement in intrusion detection rate, respectively.

Extending the GAA/API software tools and policy update technique developed at ISI for fine-grain access control.

System-wide integration of efficient intrusion detection systems and attack databases on field-programmable gate arrays (FPGAs) to enable real-time datamining for network security control.