Grid Computing Security hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 1
|
|
- Brittany Morgan
- 6 years ago
- Views:
Transcription
1 Grid Computing Security hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 1
2 What to expect from this talk Collection of bits about GC I thought you might find interesting Mixed bag: Systems engineering considerations Exploration without bounds hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 2
3 What to expect from this talk Shed some light on these questions: What is Grid Computing about? Why is it interesting to computer security folk? What is the status quo in Grid Computing, security-wise? hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 3
4 Fahrplan Introduction to Grid Computing Assorted Interesting Grid Issues Globus Toolkit & Issues Possible playgrounds hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 4
5 What is Grid Computing? Grid Computing is Kind of Distributed Computing hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 5
6 .* Computing Distributed Computing Grid Computing Parallel Computing hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 6
7 What is Grid Computing? Grid Computing is Kind of Distributed Computing Direction of development in systems engineering Yet Another Virtualization Effort Pragmatic Virtualization hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 7
8 The problem of Grid Computing Pre-existing infrastructure Hardware Software Organizations Policies (Dynamically) Tie together resources hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 8
9 Purpose of Unit Hardware Software Connectivity Trust Heterogeneity hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 9
10 COs rule (literally) Important principle: COs always retain full control of their resouces (resource owners always retain full control of that resource) hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 10
11 Virtual Organizations VOs Virtual Organizations, COs Conventional Organizations VOs: Created through overlay on COs hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 11
12 Virtual Organizations Properties Lifetime: Arbitrary Highly dynamic User-driven hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 12
13 Purpose of VOs Reconciliation across COs: different technologies different policies Providing environment for cooperation across CO-boundaries hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 13
14 Old wine in larger bottles Some problems are 30+ years old First occurred in larger multi-user computing environments Often see scaled up versions of these old problems in GC hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 14
15 Short Summary: GC Features Pragmatic Virtualization Use what s there Share what s there Obey existing policies hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 15
16 Applications Grid Computing applications are today found in: Science Life sciences Physics Medical environments Hospitals Business hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 16
17 Grid Scenario I: LHC Computing Grid Large Hadron Collider Computing Grid Hosted mainly at CERN in Geneve Uses Globus Toolkit Version 2 Condor glite More middleware developed in DataGrid project hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 17
18 LHC Computing Grid When it begins operations in 2007, it will produce roughly 15 Petabytes (15 million Gigabytes) of data annually, which thousands of scientists around the world will access and analyse. The mission of the LHC Computing Project (LCG) is to build and maintain a data storage and analysis infrastructure for the entire high energy physics community that will use the LHC hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 18
19 Grid Scenario II: Large number of desktop PCs Different infrastructure, software, connectivity Resources shared in a rather unidirectional way Participants don t know each other, no reason for trust hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 19
20 Grid Scenario III: Sun Grid Commercial service Users can rent time and storage in Sun Grid hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 20
21 Grid Scenario IV: MediGRID German Biosciences Research project Processing and sharing of biomedical data Protection requirements for some of the data regulated by law hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 21
22 Threats to Grid Systems Threat as in goal of an attacker Random compromise (e.g. for botnets) Gateway to more interesting targets Access to restricted databases Research databases Sensitive information, e.g. MediGRID Harvesting computing power Access to interesting devices hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 22
23 Attack vectors for Grid Systems Middleware software Custom software Identity/Authorization infrastructure Underlying software OS SSL implementation ssh implementation hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 23
24 Security Issues in Grid Computing Yes. Conceptual issues Issues in existing Architecture Implementation Unsolved security-relevant problems hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 24
25 Conventional: MAC for Access Control network boundary traversal Resource access DAC for user file access Grid Computing: DAC for User file access Resource access Network boundary traversal hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 25
26 There are often firewalls and NATs between them, which are blocking packets. We believe it's going to be critical to the future of grid, not that you remove those things but that you make them another managed component of the grid that can be dynamically configured and reconfigured based on application needs. If I need to get two jobs talking to each other, but there's a firewall between them, I should be able to negotiate with that firewall to allow those two jobs to talk with each other, perhaps only for a limited period of time. Steven Tuecke hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 26
27 Authorization Done via Identification per default: Store lists of $user is allowed to do $action and $user is not allowed to do $action rules Establish the identity of a requester Derive from identity + list of rules whether requested action is authorized hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 27
28 Authorization and Identification Shifts problem to identification. Trouble. Identification is a hard problem, esp. with only machines involved Makes Identification without Authorization an interesting research topic hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 28
29 The Firewalling Mentality Put a wall around the network. Inside: Good. Outside: Bad hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 29
30 The Firewalling Mentality Grid Computing ideal and Firewalling Mentality clash But can t we use DMZs? hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 30
31 DMZs to the Rescue Just put the particle accelerator in the DMZ? hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 31
32 Firewalling and DMZs Modelling around this with DMZs: not really Share resource with some Put it in the DMZ? Dynamic sharing and DAC remember? hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 32
33 Open Problems in GC security Authorization Users vs. Hosts: Minimize required level of trust hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 33
34 Globus Toolkit Globus Toolkit (GT) provides Grid middleware e.g. GRAM, GSI, GridFTP Foundation for actual Grid applications Widely used hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 34
35 Written mainly in Java C/C++ Globus Toolkit APIs for other languages available, e.g. pyglobus Earlier versions: more C/C++, newer versions: more Java Latest version seemingly not that common hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 35
36 Some Globus Toolkit Users TeraGrid LHCGrid (Large Hadron Collider Grid) Fraunhofer Resource Grid NASA Energy Grid hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 36
37 GT and the GSI Globus Security Infrastructure Collection of security-related protocols and services within the GT CAS MyProxy SimpleCA hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 37
38 Identification in Globus X.509 end-entity certificates X.509 proxy certificates (RFC 3820) Single sign-on Delegation Identity mapping X.509 vs Kerberos vs UNIX accounts hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 38
39 CAS Community Authorization Service Problem domain: Distributed policy definition and enforcement Implementation in Java hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 39
40 Local site policy FunkyVO is granted full file access to /share/funkyvo/* /share/lhcraw/* FunkyVO policy User Bert is granted read access to /share/funkyvo/bert/* /share/lhcraw/* Option 1: Store both policies locally Option 2: Store site policy locally, VO policy somewhere else hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 40
41 Local site policy FunkyVO policy FunkyVO is granted full User file Bert access is granted to read access to /share/funkyvo/* /share/funkyvo/bert/* /share/lhcraw/* /share/lhcraw/* Local site policy FunkyVO policy FunkyVO is granted full User file Bert access is granted to read access to /share/funkyvo/* /share/funkyvo/bert/* /share/lhcraw/* /share/lhcraw/* Local site policy FunkyVO policy FunkyVO is granted full User file Bert access is granted to read access to /share/funkyvo/* /share/funkyvo/bert/* /share/lhcraw/* /share/lhcraw/* Local site policy FunkyVO policy FunkyVO is granted full User file Bert access is granted to read access to /share/funkyvo/* /share/funkyvo/bert/* /share/lhcraw/* /share/lhcraw/* hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 41
42 Local site policy FunkyVO is granted full file access to /share/funkyvo/* /share/lhcraw/* Local site policy FunkyVO is granted full file access to /share/funkyvo/* /share/lhcraw/* Local site policy FunkyVO is granted full file access to /share/funkyvo/* /share/lhcraw/* FunkyVO policy User Bert is granted read access to /share/funkyvo/bert/* /share/lhcraw/* CAS server Local site policy FunkyVO is granted full file access to /share/funkyvo/* /share/lhcraw/* hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 42
43 CAS User authenticates to CAS server CAS server sends signed capabilities to user User generates new keypair and proxy cert with capabilities embedded User authenticates to resource User presents the proxycert+capabilities to resource Resource authorizes the required action or rejects it hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 43
44 Find the CAS server CAS server is a SPF Even more of a juicy target: Get information on structure of VO Participating hosts Participating people Existing resources Create your own VO access rules Get information on valid proxy certs hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 44
45 gridftp Extension of FTP to support striped and remote-controlled transfer Part of Globus Implementation in Globus based on wuftpd hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 45
46 gridftpd CVE wuftpd char *skey_challenge(char *name, struct passwd *pwd, int pwok) { } ftpd.c from wuftpd static char buf[128];... if (pwd == NULL skeychallenge(&skey, pwd->pw_name, sbuf)) sprintf(buf, "Password required for %s.", name); else sprintf(buf, "%s %s for %s.", sbuf, pwok? "allowed" : "required", name); return (buf); hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 46
47 gridftpd char *skey_challenge(char *name, struct passwd *pwd, int pwok) { static char buf[128]; char sbuf[40]; struct skey skey; ftpd.c from gsi-wuftpd (gridftp), GT /* Display s/key challenge where appropriate. */ } if (pwd == NULL skeychallenge(&skey, pwd->pw_name, sbuf)) sprintf(buf, "Password required for %s.", name); else sprintf(buf, "%s %s for %s.", sbuf, pwok? "allowed" : "required", name); return (buf); hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 47
48 Code Quality Examples MyProxy Sloppy malloc return code handling GRAM More solid code hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 48
49 Things to do in long winter nights Proper code audit of Grid middleware Architecture review of Grid middleware Architecture & implementation review of Grid applications Puzzling over unsolved fundamental problems Investigate implications of serviceoriented architecture fancy hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 49
50 ? hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 50
51 References The Grid 2. Blueprint for a new Computing Infrastructure, Foster et al Hacking the Grid, talk given at 5 th Hope by Greg Newby hack.lu 2006 :: Security in Grid Computing :: Lisa Thalheim 51
Grid Computing. MCSN - N. Tonellotto - Distributed Enabling Platforms
Grid Computing 1 Resource sharing Elements of Grid Computing - Computers, data, storage, sensors, networks, - Sharing always conditional: issues of trust, policy, negotiation, payment, Coordinated problem
More informationGrids and Security. Ian Neilson Grid Deployment Group CERN. TF-CSIRT London 27 Jan
Grids and Security Ian Neilson Grid Deployment Group CERN TF-CSIRT London 27 Jan 2004-1 TOC Background Grids Grid Projects Some Technical Aspects The three or four A s Some Operational Aspects Security
More information30 Nov Dec Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy
Advanced School in High Performance and GRID Computing Concepts and Applications, ICTP, Trieste, Italy Why the Grid? Science is becoming increasingly digital and needs to deal with increasing amounts of
More informationGrid Computing Middleware. Definitions & functions Middleware components Globus glite
Seminar Review 1 Topics Grid Computing Middleware Grid Resource Management Grid Computing Security Applications of SOA and Web Services Semantic Grid Grid & E-Science Grid Economics Cloud Computing 2 Grid
More informationGrid Architectural Models
Grid Architectural Models Computational Grids - A computational Grid aggregates the processing power from a distributed collection of systems - This type of Grid is primarily composed of low powered computers
More informationGrid-CERT Services. Modification of traditional and additional new CERT Services for Grids
Grid-CERT Services Modification of traditional and additional new CERT Services for Grids Presentation at the Annual FIRST Conference Vancouver, Canada June 26, 2008 Antonio Liu 2000-2008 by PRESECURE
More informationHigh Performance Computing Course Notes Grid Computing I
High Performance Computing Course Notes 2008-2009 2009 Grid Computing I Resource Demands Even as computer power, data storage, and communication continue to improve exponentially, resource capacities are
More informationUsing the MyProxy Online Credential Repository
Using the MyProxy Online Credential Repository Jim Basney National Center for Supercomputing Applications University of Illinois jbasney@ncsa.uiuc.edu What is MyProxy? Independent Globus Toolkit add-on
More informationGlobus GTK and Grid Services
Globus GTK and Grid Services Michael Rokitka SUNY@Buffalo CSE510B 9/2007 OGSA The Open Grid Services Architecture What are some key requirements of Grid computing? Interoperability: Critical due to nature
More informationThe University of Oxford campus grid, expansion and integrating new partners. Dr. David Wallom Technical Manager
The University of Oxford campus grid, expansion and integrating new partners Dr. David Wallom Technical Manager Outline Overview of OxGrid Self designed components Users Resources, adding new local or
More informationEGEE and Interoperation
EGEE and Interoperation Laurence Field CERN-IT-GD ISGC 2008 www.eu-egee.org EGEE and glite are registered trademarks Overview The grid problem definition GLite and EGEE The interoperability problem The
More informationIntroduction to GT3. Introduction to GT3. What is a Grid? A Story of Evolution. The Globus Project
Introduction to GT3 The Globus Project Argonne National Laboratory USC Information Sciences Institute Copyright (C) 2003 University of Chicago and The University of Southern California. All Rights Reserved.
More informationDeploying the TeraGrid PKI
Deploying the TeraGrid PKI Grid Forum Korea Winter Workshop December 1, 2003 Jim Basney Senior Research Scientist National Center for Supercomputing Applications University of Illinois jbasney@ncsa.uiuc.edu
More informationCredentials Management for Authentication in a Grid-Based E-Learning Platform
Credentials Management for Authentication in a Grid-Based E-Learning Platform Felicia Ionescu, Vlad Nae, Alexandru Gherega University Politehnica of Bucharest {fionescu, vnae, agherega}@tech.pub.ro Abstract
More informationUNICORE Globus: Interoperability of Grid Infrastructures
UNICORE : Interoperability of Grid Infrastructures Michael Rambadt Philipp Wieder Central Institute for Applied Mathematics (ZAM) Research Centre Juelich D 52425 Juelich, Germany Phone: +49 2461 612057
More informationLayered Architecture
The Globus Toolkit : Introdution Dr Simon See Sun APSTC 09 June 2003 Jie Song, Grid Computing Specialist, Sun APSTC 2 Globus Toolkit TM An open source software toolkit addressing key technical problems
More informationCredential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003
Credential Management in the Grid Security Infrastructure GlobusWorld Security Workshop January 16, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Credential Management Enrollment:
More informationIntroduction to SciTokens
Introduction to SciTokens Brian Bockelman, On Behalf of the SciTokens Team https://scitokens.org This material is based upon work supported by the National Science Foundation under Grant No. 1738962. Any
More informationTHE GLOBUS PROJECT. White Paper. GridFTP. Universal Data Transfer for the Grid
THE GLOBUS PROJECT White Paper GridFTP Universal Data Transfer for the Grid WHITE PAPER GridFTP Universal Data Transfer for the Grid September 5, 2000 Copyright 2000, The University of Chicago and The
More informationGrid Computing Fall 2005 Lecture 5: Grid Architecture and Globus. Gabrielle Allen
Grid Computing 7700 Fall 2005 Lecture 5: Grid Architecture and Globus Gabrielle Allen allen@bit.csc.lsu.edu http://www.cct.lsu.edu/~gallen Concrete Example I have a source file Main.F on machine A, an
More informationBy Ian Foster. Zhifeng Yun
By Ian Foster Zhifeng Yun Outline Introduction Globus Architecture Globus Software Details Dev.Globus Community Summary Future Readings Introduction Globus Toolkit v4 is the work of many Globus Alliance
More informationGLOBUS TOOLKIT SECURITY
GLOBUS TOOLKIT SECURITY Plamen Alexandrov, ISI Masters Student Softwarepark Hagenberg, January 24, 2009 TABLE OF CONTENTS Introduction (3-5) Grid Security Infrastructure (6-15) Transport & Message-level
More informationTravelling securely on the Grid to the origin of the Universe
1 Travelling securely on the Grid to the origin of the Universe F-Secure SPECIES 2007 conference Wolfgang von Rüden 1 Head, IT Department, CERN, Geneva 24 January 2007 2 CERN stands for over 50 years of
More informationGrid Computing Security
Anirban Chakrabarti Grid Computing Security With 87 Figures and 12 Tables Sprin g er Contents Preface Organization Acknowledgments v vi vii 1 Introduction 1 1.1 Background 1 1.2 Grid Computing Overview
More informationUNIT IV PROGRAMMING MODEL. Open source grid middleware packages - Globus Toolkit (GT4) Architecture, Configuration - Usage of Globus
UNIT IV PROGRAMMING MODEL Open source grid middleware packages - Globus Toolkit (GT4) Architecture, Configuration - Usage of Globus Globus: One of the most influential Grid middleware projects is the Globus
More informationAdvanced School in High Performance and GRID Computing November Introduction to Grid computing.
1967-14 Advanced School in High Performance and GRID Computing 3-14 November 2008 Introduction to Grid computing. TAFFONI Giuliano Osservatorio Astronomico di Trieste/INAF Via G.B. Tiepolo 11 34131 Trieste
More informationA VO-friendly, Community-based Authorization Framework
A VO-friendly, Community-based Authorization Framework Part 1: Use Cases, Requirements, and Approach Ray Plante and Bruce Loftis NCSA Version 0.1 (February 11, 2005) Abstract The era of massive surveys
More informationThe LHC Computing Grid
The LHC Computing Grid Gergely Debreczeni (CERN IT/Grid Deployment Group) The data factory of LHC 40 million collisions in each second After on-line triggers and selections, only 100 3-4 MB/event requires
More informationEUROPEAN MIDDLEWARE INITIATIVE
EUROPEAN MIDDLEWARE INITIATIVE VOMS CORE AND WMS SECURITY ASSESSMENT EMI DOCUMENT Document identifier: EMI-DOC-SA2- VOMS_WMS_Security_Assessment_v1.0.doc Activity: Lead Partner: Document status: Document
More informationData Movement and Storage. 04/07/09 1
Data Movement and Storage 04/07/09 www.cac.cornell.edu 1 Data Location, Storage, Sharing and Movement Four of the seven main challenges of Data Intensive Computing, according to SC06. (Other three: viewing,
More informationGlobus Toolkit Firewall Requirements. Abstract
Globus Toolkit Firewall Requirements v0.3 8/30/2002 Von Welch Software Architect, Globus Project welch@mcs.anl.gov Abstract This document provides requirements and guidance to firewall administrators at
More informationGrid Middleware and Globus Toolkit Architecture
Grid Middleware and Globus Toolkit Architecture Lisa Childers Argonne National Laboratory University of Chicago 2 Overview Grid Middleware The problem: supporting Virtual Organizations equirements Capabilities
More informationIntroduction to Grid Computing
Milestone 2 Include the names of the papers You only have a page be selective about what you include Be specific; summarize the authors contributions, not just what the paper is about. You might be able
More informationIEPSAS-Kosice: experiences in running LCG site
IEPSAS-Kosice: experiences in running LCG site Marian Babik 1, Dusan Bruncko 2, Tomas Daranyi 1, Ladislav Hluchy 1 and Pavol Strizenec 2 1 Department of Parallel and Distributed Computing, Institute of
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationLeveraging the InCommon Federation to access the NSF TeraGrid
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University of Illinois at Urbana-Champaign jbasney@ncsa.uiuc.edu
More informationFederated Services for Scientists Thursday, December 9, p.m. EST
IAM Online Federated Services for Scientists Thursday, December 9, 2010 1 p.m. EST Rachana Ananthakrishnan Argonne National Laboratory & University of Chicago Jim Basney National Center for Supercomputing
More informationGatlet - a Grid Portal Framework
Gatlet - a Grid Portal Framework Stefan Bozic stefan.bozic@kit.edu STEINBUCH CENTRE FOR COMPUTING - SCC KIT University of the State of Baden-Württemberg and National Laboratory of the Helmholtz Association
More informationGrid Computing a new tool for science
Grid Computing a new tool for science CERN, the European Organization for Nuclear Research Dr. Wolfgang von Rüden Wolfgang von Rüden, CERN, IT Department Grid Computing July 2006 CERN stands for over 50
More informationOn the employment of LCG GRID middleware
On the employment of LCG GRID middleware Luben Boyanov, Plamena Nenkova Abstract: This paper describes the functionalities and operation of the LCG GRID middleware. An overview of the development of GRID
More informationAuthorization Strategies for Virtualized Environments in Grid Computing Systems
Authorization Strategies for Virtualized Environments in Grid Computing Systems Xinming Ou Anna Squicciarini Sebastien Goasguen Elisa Bertino Purdue University Abstract The development of adequate security
More informationA Roadmap for Integration of Grid Security with One-Time Passwords
A Roadmap for Integration of Grid Security with One-Time Passwords April 18, 2004 Jim Basney, Von Welch, Frank Siebenlist jbasney@ncsa.uiuc.edu, franks@mcs.anl.gov, vwelch@ncsa.uiuc.edu 1 Introduction
More informationUsing MATLAB on the TeraGrid. Nate Woody, CAC John Kotwicki, MathWorks Susan Mehringer, CAC
Using Nate Woody, CAC John Kotwicki, MathWorks Susan Mehringer, CAC This is an effort to provide a large parallel MATLAB resource available to a national (and inter national) community in a secure, useable
More informationImplementing GRID interoperability
AFS & Kerberos Best Practices Workshop University of Michigan, Ann Arbor June 12-16 2006 Implementing GRID interoperability G. Bracco, P. D'Angelo, L. Giammarino*, S.Migliori, A. Quintiliani, C. Scio**,
More informationApplication Firewalls
Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed
More informationManaging Grid Credentials
Managing Grid Credentials Jim Basney http://www.ncsa.uiuc.edu/~jbasney/ Senior Research Scientist Grid and Security Technologies National Center for Supercomputing Applications
More informationFederated access to Grid resources
Federated access to Grid resources http://tinyurl.com/loubf Keith Hazelton (hazelton@wisc.edu) Internet2 Middleware Architecture Comm. for Ed. APAN, Singapore, 19-July-06 Topics http://tinyurl.com/loubf
More informationGSI Online Credential Retrieval Requirements. Jim Basney
GSI Online Credential Retrieval Requirements Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Online Credential Retrieval Defined Client Server Authenticate Request Credential Verify
More informationMost Common Security Threats (cont.)
Most Common Security Threats (cont.) Denial of service (DoS) attack Distributed denial of service (DDoS) attack Insider attacks. Any examples? Poorly designed software What is a zero-day vulnerability?
More informationTutorial 1: Introduction to Globus Toolkit. John Watt, National e-science Centre
Tutorial 1: Introduction to Globus Toolkit John Watt, National e-science Centre National e-science Centre Kelvin Hub Opened May 2003 Kelvin Building Staff Technical Director Prof. Richard Sinnott 6 RAs
More informationS.No QUESTIONS COMPETENCE LEVEL UNIT -1 PART A 1. Illustrate the evolutionary trend towards parallel distributed and cloud computing.
VALLIAMMAI ENGNIEERING COLLEGE SRM Nagar, Kattankulathur 603203. DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING Year & Semester : IV & VII Section : CSE -1& 2 Subject Code : CS6703 Subject Name : Grid
More informationAn Introduction to the Grid
1 An Introduction to the Grid 1.1 INTRODUCTION The Grid concepts and technologies are all very new, first expressed by Foster and Kesselman in 1998 [1]. Before this, efforts to orchestrate wide-area distributed
More informationglite Grid Services Overview
The EPIKH Project (Exchange Programme to advance e-infrastructure Know-How) glite Grid Services Overview Antonio Calanducci INFN Catania Joint GISELA/EPIKH School for Grid Site Administrators Valparaiso,
More informationGrid Programming: Concepts and Challenges. Michael Rokitka CSE510B 10/2007
Grid Programming: Concepts and Challenges Michael Rokitka SUNY@Buffalo CSE510B 10/2007 Issues Due to Heterogeneous Hardware level Environment Different architectures, chipsets, execution speeds Software
More informationUsability, Security and Privacy
Usability, Security and Privacy Computer Science and Telecommunications Board Butler Lampson Microsoft Research July 21, 2009 1 Usable Security: Things Are Really Bad Users don t know how to think about
More informationEnabling Grids for E-sciencE. EGEE security pitch. Olle Mulmo. EGEE Chief Security Architect KTH, Sweden. INFSO-RI
EGEE security pitch Olle Mulmo EGEE Chief Security Architect KTH, Sweden www.eu-egee.org Project PR www.eu-egee.org EGEE EGEE is the largest Grid infrastructure project in the World? : 70 leading institutions
More informationRisk and Security Management for Distributed Supercomputing with Grids
Risk and Security Management for Distributed Supercomputing with Grids Urpo Kaila Funet CERT & CSC 2006-09-22 19th TF-CSIRT Meeting,Espoo, Finland Agenda Grid s and supercomputing Some
More informationGrid Authentication and Authorisation Issues. Ákos Frohner at CERN
Grid Authentication and Authorisation Issues Ákos Frohner at CERN Overview Setting the scene: requirements Old style authorisation: DN based gridmap-files Overview of the EDG components VO user management:
More informationIntroduction to Grid Technology
Introduction to Grid Technology B.Ramamurthy 1 Arthur C Clarke s Laws (two of many) Any sufficiently advanced technology is indistinguishable from magic." "The only way of discovering the limits of the
More informationGrid Computing Fall 2005 Lecture 16: Grid Security. Gabrielle Allen
Grid Computing 7700 Fall 2005 Lecture 16: Grid Security Gabrielle Allen allen@bit.csc.lsu.edu http://www.cct.lsu.edu/~gallen Required Reading Chapter 16 of The Grid (version 1), freely available for download
More informationDistributed Data Management with Storage Resource Broker in the UK
Distributed Data Management with Storage Resource Broker in the UK Michael Doherty, Lisa Blanshard, Ananta Manandhar, Rik Tyer, Kerstin Kleese @ CCLRC, UK Abstract The Storage Resource Broker (SRB) is
More informationglobus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory
globus online Globus Nexus Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory Computation Institute (CI) Apply to challenging problems Accelerate by building the research
More informationGrid Security Infrastructure
Grid Computing Competence Center Grid Security Infrastructure Riccardo Murri Grid Computing Competence Center, Organisch-Chemisches Institut, University of Zurich Oct. 12, 2011 Facets of security Authentication
More informationMQ Jumping... Or, move to the front of the queue, pass go and collect 200
MQ Jumping.... Or, move to the front of the queue, pass go and collect 200 Martyn Ruks DEFCON 15 2007-08-03 One Year Ago Last year I talked about IBM Networking attacks and said I was going to continue
More informationThe Globus Toolkit Lecture of the course of Complements of Enabling Platforms
The Globus Toolkit Lecture of the course of Complements of Enabling Platforms Master in Computer Science and Networking - SSSUP, UNIPI Gianmarco Saba Contents 1 Introduction to the Globus Toolkit....................
More informationThe DNS. Application Proxies. Circuit Gateways. Personal and Distributed Firewalls The Problems with Firewalls
Network Security - ISA 656 Application Angelos Stavrou August 20, 2008 Application Distributed Why move up the stack? Apart from the limitations of packet filters discussed last time, firewalls are inherently
More informationGrid Computing Security: A Survey
Grid Computing Security: A Survey Basappa B. Kodada, Shiva Kumar K. M Dept. of CSE Canara Engineering College, Mangalore basappabk@gmail.com, shivakumarforu@rediffmail.com Abstract - This paper provides
More informationProblems for Resource Brokering in Large and Dynamic Grid Environments
Problems for Resource Brokering in Large and Dynamic Grid Environments Cătălin L. Dumitrescu Computer Science Department The University of Chicago cldumitr@cs.uchicago.edu (currently at TU Delft) Kindly
More informationISTITUTO NAZIONALE DI FISICA NUCLEARE
ISTITUTO NAZIONALE DI FISICA NUCLEARE Sezione di Perugia INFN/TC-05/10 July 4, 2005 DESIGN, IMPLEMENTATION AND CONFIGURATION OF A GRID SITE WITH A PRIVATE NETWORK ARCHITECTURE Leonello Servoli 1,2!, Mirko
More informationTrusted Intermediaries
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationInteroperable job submission and management with GridSAM, JMEA, and UNICORE
Available online at http://www.ges2007.de This document is under the terms of the CC-BY-NC-ND Creative Commons Attribution Interoperable job submission and management with GridSAM, JMEA, and UNICORE D.
More informationJ. Basney, NCSA Category: Experimental October 10, MyProxy Protocol
GWD-E J. Basney, NCSA Category: Experimental October 10, 2005 MyProxy Protocol Status of This Memo This memo provides information to the Grid community. Distribution is unlimited. Copyright Notice Copyright
More informationDay 1 : August (Thursday) An overview of Globus Toolkit 2.4
An Overview of Grid Computing Workshop Day 1 : August 05 2004 (Thursday) An overview of Globus Toolkit 2.4 By CDAC Experts Contact :vcvrao@cdacindia.com; betatest@cdacindia.com URL : http://www.cs.umn.edu/~vcvrao
More informationIBM Tivoli Directory Server
Build a powerful, security-rich data foundation for enterprise identity management IBM Tivoli Directory Server Highlights Support hundreds of millions of entries by leveraging advanced reliability and
More informationThe Grid: Processing the Data from the World s Largest Scientific Machine
The Grid: Processing the Data from the World s Largest Scientific Machine 10th Topical Seminar On Innovative Particle and Radiation Detectors Siena, 1-5 October 2006 Patricia Méndez Lorenzo (IT-PSS/ED),
More informationInterfacing Operational Grid Security to Site Security. Eileen Berman Fermi National Accelerator Laboratory
Interfacing Operational Grid Security to Site Security Eileen Berman Fermi National Accelerator Laboratory Introduction Computing systems at Fermilab belong to one of two large enclaves The General Computing
More informationGrid Security: The Globus Perspective
Grid Security: The Globus Perspective GlobusWORLD 2005 Feb 7-11, Boston, MA Frank Siebenlist - ANL (franks@mcs.anl.gov) Von Welch - NCSA (welch@ncsa.uiuc.edu) http://www.globus.org/ Outline Part One: Von
More informationSymantec VIP Quick Start Guide. Helping your users. Version 1.0. Author Maren Peasley Symantec. All rights reserved.
Version 1.0 Author Maren Peasley 2017 Symantec. All rights reserved. Table of Contents Introduction... 2 Design and topology considerations... 3 VIP Self-Service Portal: Internal only... 4 VIP Self-Service
More informationClassification and Characterization of Core Grid Protocols for Global Grid Computing
1 Classification and Characterization of Core Grid s for Global Grid Computing Harshad B. Prajapati and Vipul K. Dabhi Abstract Grid computing has attracted many researchers over a few years, and as a
More informationGROWL Scripts and Web Services
GROWL Scripts and Web Services Grid Technology Group E-Science Centre r.j.allan@dl.ac.uk GROWL Collaborative project (JISC VRE I programme) between CCLRC Daresbury Laboratory and the Universities of Cambridge
More informationGrid Computing. Grid Computing 2
Grid Computing Mahesh Joshi joshi031@d.umn.edu Presentation for Graduate Course in Advanced Computer Architecture 28 th April 2005 Objective Overview of the concept and related aspects Some practical implications
More informationGlobus Online: File Transfer Made Easy!
Globus Online: File Transfer Made Easy! Matteo Lanati matteo.lanati@lrz.de Initiative for Globus in Europe Leibniz Supercomputing Centre Outline Introduction and acknowledgments Motivation Demo session
More informationSecurity in distributed metadata catalogues
Security in distributed metadata catalogues Nuno Santos 1, and Birger Koblitz 2 1 Distributed Systems Laboratory, Swiss Federal Institute of Technology (EPFL), Lausanne, Switzerland 2 European Organization
More informationIntroduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.
Trusted Intermediaries CSC/ECE 574 Computer and Network Security Topic 7. Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center () Representative solution:
More informationMoving Application Security into the Network
Moving Application Security into the Network Steven M. Bellovin smb@cs.columbia.edu http://www.cs.columbia.edu/ smb Dept. of Computer Science, Columbia University Steven M. Bellovin January 18, 2005 1
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Final Exam Review Instructor: Dr. Kun Sun Topics covered by Final Topic before Midterm 10% Topic after Midterm 90% Date: 12/13/2017 7:30am 10:15am Place: the same
More informationCloud Computing. Up until now
Cloud Computing Lecture 4 and 5 Grid: 2012-2013 Introduction. Up until now Definition of Cloud Computing. Grid Computing: Schedulers: Condor SGE 1 Summary Core Grid: Toolkit Condor-G Grid: Conceptual Architecture
More informationGrid Challenges and Experience
Grid Challenges and Experience Heinz Stockinger Outreach & Education Manager EU DataGrid project CERN (European Organization for Nuclear Research) Grid Technology Workshop, Islamabad, Pakistan, 20 October
More informationUGP and the UC Grid Portals
UGP and the UC Grid Portals OGF 2007 Documentation at: http://www.ucgrid.org Prakashan Korambath & Joan Slottow Research Computing Technologies UCLA UGP (UCLA Grid Portal) Joins computational clusters
More informationCILogon Project
CILogon Project GlobusWORLD 2010 Jim Basney jbasney@illinois.edu National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by
More informationDomain Isolation Planning Guide for IT Managers
Domain Isolation Planning Guide for IT Managers Microsoft Corporation Published: March 28, 2005 Author: James R. Morey Editor: Rosanne Newland Abstract Designed for enterprise IT managers who are investigating
More informationCOMPUTE CANADA GLOBUS PORTAL
COMPUTE CANADA GLOBUS PORTAL Fast, user-friendly data transfer and sharing Jason Hlady University of Saskatchewan WestGrid / Compute Canada February 4, 2015 Why Globus? I need to easily, quickly, and reliably
More informationIvane Javakhishvili Tbilisi State University High Energy Physics Institute HEPI TSU
Ivane Javakhishvili Tbilisi State University High Energy Physics Institute HEPI TSU Grid cluster at the Institute of High Energy Physics of TSU Authors: Arnold Shakhbatyan Prof. Zurab Modebadze Co-authors:
More informationGrid Scheduling Architectures with Globus
Grid Scheduling Architectures with Workshop on Scheduling WS 07 Cetraro, Italy July 28, 2007 Ignacio Martin Llorente Distributed Systems Architecture Group Universidad Complutense de Madrid 1/38 Contents
More informationLast time. User Authentication. Security Policies and Models. Beyond passwords Biometrics
Last time User Authentication Beyond passwords Biometrics Security Policies and Models Trusted Operating Systems and Software Military and Commercial Security Policies 9-1 This time Security Policies and
More informationSecurity Considerations for Cloud Readiness
Application Note Zentera Systems CoIP Platform CoIP Defense-in-Depth with Advanced Segmentation Advanced Segmentation is Essential for Defense-in-Depth There is no silver bullet in security a single solution
More informationg-eclipse A Framework for Accessing Grid Infrastructures Nicholas Loulloudes Trainer, University of Cyprus (loulloudes.n_at_cs.ucy.ac.
g-eclipse A Framework for Accessing Grid Infrastructures Trainer, University of Cyprus (loulloudes.n_at_cs.ucy.ac.cy) EGEE Training the Trainers May 6 th, 2009 Outline Grid Reality The Problem g-eclipse
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationGSI-based Security for Web Services
GSI-based Security for Web Services Sriram Krishnan, Ph.D. sriram@sdsc.edu Topics Covered High-level Overview Message and Transport Level Security Authentication and Authorization Implementation details
More information