Grid Computing Security hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 1

Size: px

Start display at page:

Download "Grid Computing Security hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 1"

Brittany Morgan
6 years ago
Views:

Grid Computing Security 20.10.2006 hack.

1 Grid Computing Security hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 1

2 What to expect from this talk Collection of bits about GC I thought you might find interesting Mixed bag: Systems engineering considerations Exploration without bounds hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 2

3 What to expect from this talk Shed some light on these questions: What is Grid Computing about? Why is it interesting to computer security folk? What is the status quo in Grid Computing, security-wise? hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 3

4 Fahrplan Introduction to Grid Computing Assorted Interesting Grid Issues Globus Toolkit & Issues Possible playgrounds hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 4

5 What is Grid Computing? Grid Computing is Kind of Distributed Computing hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 5

6 .* Computing Distributed Computing Grid Computing Parallel Computing hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 6

7 What is Grid Computing? Grid Computing is Kind of Distributed Computing Direction of development in systems engineering Yet Another Virtualization Effort Pragmatic Virtualization hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 7

8 The problem of Grid Computing Pre-existing infrastructure Hardware Software Organizations Policies (Dynamically) Tie together resources hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 8

9 Purpose of Unit Hardware Software Connectivity Trust Heterogeneity hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 9

10 COs rule (literally) Important principle: COs always retain full control of their resouces (resource owners always retain full control of that resource) hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 10

11 Virtual Organizations VOs Virtual Organizations, COs Conventional Organizations VOs: Created through overlay on COs hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 11

12 Virtual Organizations Properties Lifetime: Arbitrary Highly dynamic User-driven hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 12

13 Purpose of VOs Reconciliation across COs: different technologies different policies Providing environment for cooperation across CO-boundaries hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 13

14 Old wine in larger bottles Some problems are 30+ years old First occurred in larger multi-user computing environments Often see scaled up versions of these old problems in GC hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 14

15 Short Summary: GC Features Pragmatic Virtualization Use what s there Share what s there Obey existing policies hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 15

16 Applications Grid Computing applications are today found in: Science Life sciences Physics Medical environments Hospitals Business hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 16

17 Grid Scenario I: LHC Computing Grid Large Hadron Collider Computing Grid Hosted mainly at CERN in Geneve Uses Globus Toolkit Version 2 Condor glite More middleware developed in DataGrid project hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 17

18 LHC Computing Grid When it begins operations in 2007, it will produce roughly 15 Petabytes (15 million Gigabytes) of data annually, which thousands of scientists around the world will access and analyse. The mission of the LHC Computing Project (LCG) is to build and maintain a data storage and analysis infrastructure for the entire high energy physics community that will use the LHC hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 18

19 Grid Scenario II: Large number of desktop PCs Different infrastructure, software, connectivity Resources shared in a rather unidirectional way Participants don t know each other, no reason for trust hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 19

20 Grid Scenario III: Sun Grid Commercial service Users can rent time and storage in Sun Grid hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 20

21 Grid Scenario IV: MediGRID German Biosciences Research project Processing and sharing of biomedical data Protection requirements for some of the data regulated by law hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 21

22 Threats to Grid Systems Threat as in goal of an attacker Random compromise (e.g. for botnets) Gateway to more interesting targets Access to restricted databases Research databases Sensitive information, e.g. MediGRID Harvesting computing power Access to interesting devices hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 22

23 Attack vectors for Grid Systems Middleware software Custom software Identity/Authorization infrastructure Underlying software OS SSL implementation ssh implementation hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 23

24 Security Issues in Grid Computing Yes. Conceptual issues Issues in existing Architecture Implementation Unsolved security-relevant problems hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 24

25 Conventional: MAC for Access Control network boundary traversal Resource access DAC for user file access Grid Computing: DAC for User file access Resource access Network boundary traversal hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 25

26 There are often firewalls and NATs between them, which are blocking packets. We believe it's going to be critical to the future of grid, not that you remove those things but that you make them another managed component of the grid that can be dynamically configured and reconfigured based on application needs. If I need to get two jobs talking to each other, but there's a firewall between them, I should be able to negotiate with that firewall to allow those two jobs to talk with each other, perhaps only for a limited period of time. Steven Tuecke hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 26

27 Authorization Done via Identification per default: Store lists of $user is allowed to do $action and $user is not allowed to do $action rules Establish the identity of a requester Derive from identity + list of rules whether requested action is authorized hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 27

28 Authorization and Identification Shifts problem to identification. Trouble. Identification is a hard problem, esp. with only machines involved Makes Identification without Authorization an interesting research topic hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 28

29 The Firewalling Mentality Put a wall around the network. Inside: Good. Outside: Bad hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 29

30 The Firewalling Mentality Grid Computing ideal and Firewalling Mentality clash But can t we use DMZs? hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 30

DMZs to the Rescue Just put the particle accelerator in the DMZ? 20.

31 DMZs to the Rescue Just put the particle accelerator in the DMZ? hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 31

32 Firewalling and DMZs Modelling around this with DMZs: not really Share resource with some Put it in the DMZ? Dynamic sharing and DAC remember? hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 32

33 Open Problems in GC security Authorization Users vs. Hosts: Minimize required level of trust hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 33

34 Globus Toolkit Globus Toolkit (GT) provides Grid middleware e.g. GRAM, GSI, GridFTP Foundation for actual Grid applications Widely used hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 34

35 Written mainly in Java C/C++ Globus Toolkit APIs for other languages available, e.g. pyglobus Earlier versions: more C/C++, newer versions: more Java Latest version seemingly not that common hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 35

36 Some Globus Toolkit Users TeraGrid LHCGrid (Large Hadron Collider Grid) Fraunhofer Resource Grid NASA Energy Grid hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 36

37 GT and the GSI Globus Security Infrastructure Collection of security-related protocols and services within the GT CAS MyProxy SimpleCA hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 37

38 Identification in Globus X.509 end-entity certificates X.509 proxy certificates (RFC 3820) Single sign-on Delegation Identity mapping X.509 vs Kerberos vs UNIX accounts hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 38

39 CAS Community Authorization Service Problem domain: Distributed policy definition and enforcement Implementation in Java hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 39

40 Local site policy FunkyVO is granted full file access to /share/funkyvo/* /share/lhcraw/* FunkyVO policy User Bert is granted read access to /share/funkyvo/bert/* /share/lhcraw/* Option 1: Store both policies locally Option 2: Store site policy locally, VO policy somewhere else hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 40

41 Local site policy FunkyVO policy FunkyVO is granted full User file Bert access is granted to read access to /share/funkyvo/* /share/funkyvo/bert/* /share/lhcraw/* /share/lhcraw/* Local site policy FunkyVO policy FunkyVO is granted full User file Bert access is granted to read access to /share/funkyvo/* /share/funkyvo/bert/* /share/lhcraw/* /share/lhcraw/* Local site policy FunkyVO policy FunkyVO is granted full User file Bert access is granted to read access to /share/funkyvo/* /share/funkyvo/bert/* /share/lhcraw/* /share/lhcraw/* Local site policy FunkyVO policy FunkyVO is granted full User file Bert access is granted to read access to /share/funkyvo/* /share/funkyvo/bert/* /share/lhcraw/* /share/lhcraw/* hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 41

42 Local site policy FunkyVO is granted full file access to /share/funkyvo/* /share/lhcraw/* Local site policy FunkyVO is granted full file access to /share/funkyvo/* /share/lhcraw/* Local site policy FunkyVO is granted full file access to /share/funkyvo/* /share/lhcraw/* FunkyVO policy User Bert is granted read access to /share/funkyvo/bert/* /share/lhcraw/* CAS server Local site policy FunkyVO is granted full file access to /share/funkyvo/* /share/lhcraw/* hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 42

43 CAS User authenticates to CAS server CAS server sends signed capabilities to user User generates new keypair and proxy cert with capabilities embedded User authenticates to resource User presents the proxycert+capabilities to resource Resource authorizes the required action or rejects it hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 43

44 Find the CAS server CAS server is a SPF Even more of a juicy target: Get information on structure of VO Participating hosts Participating people Existing resources Create your own VO access rules Get information on valid proxy certs hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 44

45 gridftp Extension of FTP to support striped and remote-controlled transfer Part of Globus Implementation in Globus based on wuftpd hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 45

46 gridftpd CVE wuftpd char *skey_challenge(char *name, struct passwd *pwd, int pwok) { } ftpd.c from wuftpd static char buf[128];... if (pwd == NULL skeychallenge(&skey, pwd->pw_name, sbuf)) sprintf(buf, "Password required for %s.", name); else sprintf(buf, "%s %s for %s.", sbuf, pwok? "allowed" : "required", name); return (buf); hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 46

47 gridftpd char *skey_challenge(char *name, struct passwd *pwd, int pwok) { static char buf[128]; char sbuf[40]; struct skey skey; ftpd.c from gsi-wuftpd (gridftp), GT /* Display s/key challenge where appropriate. */ } if (pwd == NULL skeychallenge(&skey, pwd->pw_name, sbuf)) sprintf(buf, "Password required for %s.", name); else sprintf(buf, "%s %s for %s.", sbuf, pwok? "allowed" : "required", name); return (buf); hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 47

48 Code Quality Examples MyProxy Sloppy malloc return code handling GRAM More solid code hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 48

49 Things to do in long winter nights Proper code audit of Grid middleware Architecture review of Grid middleware Architecture & implementation review of Grid applications Puzzling over unsolved fundamental problems Investigate implications of serviceoriented architecture fancy hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 49

50 ? hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 50

51 References The Grid 2. Blueprint for a new Computing Infrastructure, Foster et al Hacking the Grid, talk given at 5 th Hope by Greg Newby hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 51

Grid Computing. MCSN - N. Tonellotto - Distributed Enabling Platforms

Grid Computing. MCSN - N. Tonellotto - Distributed Enabling Platforms Grid Computing 1 Resource sharing Elements of Grid Computing - Computers, data, storage, sensors, networks, - Sharing always conditional: issues of trust, policy, negotiation, payment, Coordinated problem