Grid Computing Security

Transcription

1 Grid Computing Security

2 Anirban Chakrabarti Grid Computing Security With 87 Figures and 12 Tables 123

3 Anirban Chakrabarti Infosys Technologies Limited Electronic City Hosur Road Bangalore India Library of Congress Control Number: ACM Computing Classification (1998): C.2, D.4.6, K.6.5 ISBN Springer Berlin Heidelberg New York This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable for prosecution under the German Copyright Law. Springer is a part of Springer Science+Business Media springer.com Springer-Verlag Berlin Heidelberg 2007 The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. Typeset by the author Production: Integra Software Services Pvt. Ltd., India Cover design: KünkelLopka Werbeagentur, Heidelberg Printed on acid-free paper 42/ Integra

4 Preface Grid computing is widely regarded as a technology of immense potential in both industry and academia. The evolution pattern of grid technologies is very similar to the growth and evolution of Internet technologies that was witnessed in the early 1990s. Similar to the Internet, the initial grid computing technologies were also developed mostly in the universities and research labs to solve unique research problems and to collaborate between different researchers across the globe. Recently, the high computing industries like finance, life sciences, energy, automobiles, rendering, etc. are showing a great amount of interest in the potential of connecting standalone and silo based clusters into a department and sometimes enterprisewide grid system. Grid computing is currently in the midst of evolving standards, inheriting and customizing from those developed in the high performance, distributed, and recently from the Web services community. Due to the lack of consistent and widely used standards, several enterprises are concerned about the implementation of an enterprise-level grid system, though the potential of such a system is well understood. Even when the enterprises have considered grid as a solution, several issues have made them reconsider their decisions. Issues related to application engineering, manageability, data management, licensing, security, etc. have prevented them from implementing an enterprise-wide grid solution. As a technology, grid computing has potential beyond the high performance computing industries due to it's inherent collaboration, autonomic, and utility based service behavior. To make this evolution possible all the above-mentioned issues need to be solved. Some of the issues are technical and some of them have business and economic overtones like the issue related to licensing. Each of the issues mentioned above is important and deserves a close look and understanding. In this book we will solely concentrate on the issue related to grid computing security. As an issue, security is perhaps the most important and needs close understanding as grid computing offers unique security challenges. In this book we look at different security issues pertaining to the grid system; some of them are of immediate concern and some are long term issues. We will also look at security issues in other areas of computer science like

5 vi Preface networks and operating systems which may affect the design of future grids. We have categorized the issues pertaining to grid computing security into three main buckets viz. architecture related issues, infrastructure related issues, and management related issues. Architecture related issues are concerned about the overall architecture of the grid system like the concerns pertaining to information security, concerns about user and resource authorization, and issues pertaining to the overall service offered by the grid system. The infrastructure related issues are concerned about the underlying infrastructure which includes the hosts or the machines, and the network infrastructure. In addition, several management systems need to be in place for an all pervasive enterprise level and secure grid system. There are three main types of management systems which are important from the grid perspective, namely the credential management systems, the trust management systems, and the monitoring systems. All the three issues mentioned above are dealt with in this book, along with existing solutions and potential concerns. Organization In this book we have made no assumption about the prerequisites for the readers. We have provided a short background on grid computing, security technologies, and Web service standards for readers who are new to this field. It is to be noted that the background is not extensive and enough references are provided for readers to have a fair understanding about the different background technologies. The book is organized into 13 chapters and an appendix. Chapter 1 looks at the background, benefits, and concerns pertaining to grid systems. Chapter 2 talks about the different security technologies that are available and useful to build a secure grid system. The different security technologies that are covered in this chapter are different authentication/encryption systems, identity protocols and popular technologies like Kerberos, HMAC, SSL/TLS, IPSec, among others. It is to be noted that Web services security standards, which form the backbone of grid security, are not dealt with in this chapter. They are separately listed in the appendix. Chapter 3 provides a taxonomy of the different grid security issues and solutions. We feel that the chapter is important because readers will get a snapshot of different issues, solutions, and concerns in one place and can refer to the detailed discussions in the subsequent chapters, if interested. After the brief overview and background about the different technologies, landscape, and taxonomy we discuss the different issues in detail in Chap. 4 to 11. In Chap. 4, we look at the information

6 Acknowledgments vii security aspects of the grid system. Here we look at the grid standards like GSI, and security implementations of popular grid standard Globus. In Chap. 5, we look at the authorization systems namely the Community Authorization Service (CAS), Virtual Organization Membership Service (VOMS), Akenti, PERMIS, among others. In Chap. 6, we look at the issues pertaining to the grid service viz. Denial-of-Service (DoS) attacks and Quality of Service (QoS) violation attacks. Different solutions and concerns are also discussed in this chapter. It is to be noted that since grid systems have relatively limited deployments, most of these attacks and solutions described in the chapter have been borrowed from the domain of the Internet. Many of these solutions would be useful in designing the future secure grid. Chapter 7 looks at the security issues pertaining to the hosts or the machines comprising the grid system. Different solutions like sandboxing, flexible kernels, virtualization, etc. have been discussed in detail in this chapter. Chapter 8 looks at another important infrastructure component namely the network. The immediate issues like integrating firewalls, VPNs, etc. are looked at in this chapter. In addition some long term issues like secure grid multicasting sensor grids, and others are also discussed in this chapter. Chapters 9-11 deal with the different management systems. Chapter 9 discusses about credential management systems like MyProxy, Smartcards, etc. and issues pertaining to them. Chapter 10 talks about trust management systems and issues like trust creation, negotiation among others. These issues are important in dynamic systems and have enormous research potential. Chapter 11 talks about the monitoring systems that are currently present. Two grid security case studies are provided in Chap. 12. These case studies should help readers in getting a holistic view of the different concepts, principles, protocols, and technologies mentioned in the book. Finally Chap. 13 concludes the book by looking at a few future technologies and mapping the issues and solutions into immediate, medium term and long term categories. Acknowledgments I would like to thank all those people who have contributed to the book. I would like to thank my colleagues, Dr Shubhashis Sengupta, Mr Deependra Moitra, Mr Srikanth Sundarrajan, and Mr Hariprasad Nellitheertha for helping me sort out the administrative issues, and providing me with useful comments and reviews. I would also like to thank Mr Anish Damodaran for providing me with useful inputs whenever needed. Moreover, I would take the opportunity to thank Mr Ralf Gestner and Ms Ulrike Stricker of

7 viii Preface Springer for providing me the opportunity and extending support in writing this book. I am also extremely grateful to all the reviewers for their insightful comments. Moreover, I would like to extend my gratitude to the Springer production and copyediting team for their tireless efforts. Finally, special thanks go to my wife Lopamudra and also to my mother for their constant support and encouragement.

8 Contents Preface..... v Organization..... vi Acknowledgments...vii 1 Introduction Background Grid Computing Overview Evolution of Grid Computing Benefits of Grid Computing Grid Computing Issues and Concerns About the Book Target Audience Organization of the Book Overview of Security Introduction Characteristics of Secure System Security Threats Different Encryption Schemes Different Authentication Schemes Shared Secret Based Authentication Public Key Based Authentication Third Party Authentication Schemes Different Integrity Schemes Message Authentication Code (MAC) Keyed MAC Standard Protocols Public Key Infrastructure Secure Socket Layer (SSL) Kerberos IP Security (IPSec) Chapter Summary...31

9 x Contents 3 Taxonomy of Grid Security Issues Introduction Grid Security Taxonomy Architecture Related Issues Information Security Authorization Service Security Infrastructure Related Issues Host Security Issues Network Security Issues Management Related Issues Credential Management Trust Management Monitoring Chapter Summary Grid Information Security Architecture Introduction Grid Security Infrastructure (GSI) Grid Security Model Authentication in GSI Certificate based Authentication Password based Authentication Integration with Kerberos Delegation in GSI An Example: Security in Globus Toolkit 4.0 (GT4) Message Protection in GT Delegation in GT Chapter Summary Grid Authorization Systems Introduction Different Access Control Models Push vs. Pull Authorizations Characteristics of Grid Authorization Systems Scalability Issues Security Issues Revocation Issues Inter-operability Issues Grid Authorization Systems...79

10 Contents xi 5.3 VO Level Authorization Systems Community Authorization Service (CAS) Virtual Organization Membership Service (VOMS) Enterprise Authorization and Licensing Service (EALS) Resource Level Authorization Systems Akenti Privilege and Role Management Infrastructure Standards Validation (PERMIS) Project Authorization Using GridMap Comparing the Different Authorization Systems Comparison Roadmap to Grid Authorization Systems Chapter Summary Service Level Security in Grid Systems Introduction Components of Service Service Vulnerabilities DoS Attacks and Countermeasures Effect of DoS attacks Distributed Denial-of-Service Attacks Existing DoS Countermeasures Preventive DoS Counter-measures Reactive DoS Countermeasures Comparison between DoS Countermeasures QoS Violation Attacks and Countermeasures Different Types of QoS Violation Attacks Existing Solutions Chapter Summary Host Level Security Introduction Data Protection Issue Application Level Sandboxing Virtualization Flexible Kernel Systems Sandboxing Job Starvation Issue Advanced Reservation Techniques Priority Reduction Techniques Chapter Summary...157

11 xii Contents 8 Grid Network Security Introduction Grid Network Security Issues Firewalls Different Types of Firewalls Firewalls and Grid Issues Firewalls and Web Services Virtual Private Networks (VPN) VPNs and Grid Types of VPNs VPNs and Grid Issues VPNs and Grid Some Solutions Secure Routing Impacts of Routing Table Poisoning Different Routing Protocols Routing Attacks and Countermeasures Multicasting Secure Multicasting Sensor Grids Security in Sensor Networks Issues Existing Solutions High Performance Interconnects Gigabit Ethernet Infiniband Architecture (IBA) Some High Performance Security Solutions Chapter Summary Grid Credential Management Systems Introduction Types of Credentials Characteristics of Credential Management Systems Different Credential Management System s Centralized Vs. Federated Credential Management Credential Repositories Smart Cards Virtual Smart Cards MyProxy Online Credential Repository Federated Credential Management Systems Virtualized Credential Manager (VCMan) KX Liberty Alliance for Federated Identity Shibboleth Identity Federation Chapter Summary...212

12 Contents xiii 10 Managing Trust in the Grid Introduction Definition of Trust Reputation and Trust Categories of Trust Functions Trust Management Systems Life Cycle of Trust Management Systems Characteristics of Trust Management Systems Reputation-Based Trust Management Systems PeerTrust A P2P Trust Management System XenoTrust Trust Management System NICE Trust Management System Secure Grid Outsourcing (SeGO) System Policy-Based Trust Management Systems PeerTrust Trust Negotiation TrustBuilder Trust Negotiation for the Grid Comparing the Trust Management Systems Generic Understanding of Trust Management Systems Applicability of the Trust Management Systems Chapter Summary Grid Monitoring Introduction Stages of Monitoring Requirements of Distributed Monitoring System Grid Monitoring Architecture (GMA) Different Monitoring Tools/Frameworks Simple Network Management Protocol (SNMP) Different System Monitoring Tools Ganglia Hawkeye Monitoring System Relational GMA (RGMA) Globus Monitoring and Discovery System (MDS) Management of Adaptive Grid Infrastructure (MAGI) GlueDomains Discussions on the Different Monitoring Systems Comparison Applicability Chapter Summary...269

13 xiv Contents 12 Putting it All Together Security in the European Data Grid (EDG) Authentication and Delegation Credential Management Job Execution An Enterprise Case Study Overview of the Security Architecture Chapter Summary Conclusion Looking at the Future Identity Based Encryption (IBE) Application Oriented Networking (AON) Summarizing the Security Issues in Grid Immediate Issues Medium-term Issues Long-term Issues Summarizing the Security Solutions in the Grid Solutions to Immediate Issues Solutions to Medium Term Issues Solutions to Long Term Issues Appendix A.1 Web Services A.1.1 Components of Web Services A.2 Web Services Security A.2.1 WS-Security A.2.2 WS-Policy* A.2.3 WS-SecureConversation A.2.4 Security Assertions Markup Language (SAML) A.2.5 extensible Access Control Markup Language A.3 Open Grid Services Architecture (OGSA) A.3.1 Open Grid Services Infrastructure (OGSI) A.3.2 Web Services Critique of OGSI A.3.2 Web Services Resource Framework (WSRF) Bibliography Index...329