An attack-resilient Grid auditing infrastructure

As recent experiments have shown, current Grid infrastructures are highly vulnerable against root exploits. In these attacks legitimate Grid user credentials were used to compromise vulnerable Grid head and worker nodes. Any such attack against a distributed working environment is critical. However, in the Grid it is particularly devastating, attacks against the head node affect unencrypted Grid proxy certificates. Using these, an attacker can act with the permissions of the original owner, undermining the Grid security concept. Even after the original attack has been detected and the affected systems have been sanitized, the attacker is still in possession of the stolen proxy. In previous work we introduced an auditing infrastructure that gives Grid users a way to reconstruct usage of their delegated credentials and detect their possibly abuse. We achieve this by including an X.509 certificate extension in a proxy credential signed by the Grid user - making the users request to track credential usage tamper-proof In this paper, we extend the auditing infrastructure by a novel encryption aware watchdog, which can detect proxy certificate misuse even in the face of complete root compromise of all accessible Grid resources. It correlates network communication in the Grid with the auditing infrastructure and can thus detect proxy certificate misuse and tampering with the auditing framework.