Grid Security Infrastructure

Similar documents
Grids and Security. Ian Neilson Grid Deployment Group CERN. TF-CSIRT London 27 Jan

Security Architecture for Open Grid Services

Grid Computing Security: A Survey

UNICORE Globus: Interoperability of Grid Infrastructures

PRIVACY IN CONTENT DISTRIBUTION NETWORKS

Credential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003

FPKIPA CPWG Antecedent, In-Person Task Group

Boundary control : Access Controls: An access control mechanism processes users request for resources in three steps: Identification:

1. Federation Participant Information DRAFT

Responsible Officer Approved by

Canadian Access Federation: Trust Assertion Document (TAD)

GridSec: Trusted Grid Computing with Security Binding and Self-defense Against Network Worms and DDoS Attacks

A AAAA Model to Support Science Gateways with Community Accounts

Security in grid computing

Report for the GGF 15 Community Activity: Leveraging Site Infrastructure for Multi-Site Grids

(1) Jisc (Company Registration Number ) whose registered office is at One Castlepark, Tower Hill, Bristol, BS2 0JA ( JISC ); and

Network Working Group Request for Comments: 3820 Category: Standards Track. NCSA D. Engert ANL. L. Pearlman USC/ISI M. Thompson LBNL June 2004

Formal Methods for Assuring Security of Computer Networks

Authorization Strategies for Virtualized Environments in Grid Computing Systems

High Performance Computing Course Notes Grid Computing I

The Common Controls Framework BY ADOBE

Canadian Access Federation: Trust Assertion Document (TAD)

Security Digital Certificate Manager

Federated authentication for e-infrastructures

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

(2½ hours) Total Marks: 75

DIRAC Distributed Secure Framework

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

J. Basney, NCSA Category: Experimental October 10, MyProxy Protocol

Canadian Access Federation: Trust Assertion Document (TAD)

Federated Authentication for E-Infrastructures

THE GLOBUS PROJECT. White Paper. GridFTP. Universal Data Transfer for the Grid

The following security and privacy-related audits and certifications are applicable to the Lime Services:

UMA and Dynamic Client Registration. Thomas Hardjono on behalf of the UMA Work Group

Dynamic and Fine-Grained Authentication and Authorization Architecture for Grid Computing

SERVICE DESCRIPTION. Population Register Centre s online services

IBM. Security Digital Certificate Manager. IBM i 7.1

Chapter 3 Process Description and Control

Canadian Access Federation: Trust Assertion Document (TAD)

ECA Trusted Agent Handbook

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Efficient integrity checking technique for securing client data in cloud computing

ShibVomGSite: A Framework for Providing Username and Password Support to GridSite with Attribute based Authorization using Shibboleth and VOMS

SMart esolutions Information Security

T Yritysturvallisuuden seminaari

Canadian Access Federation: Trust Assertion Document (TAD)

SECURITY & PRIVACY DOCUMENTATION

Introduction to SciTokens

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Federated Access. Identity & Privacy Protection

itexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공

Management Information Systems. B15. Managing Information Resources and IT Security

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

Canadian Access Federation: Trust Assertion Document (TAD)

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Canadian Access Federation: Trust Assertion Document (TAD)

01.0 Policy Responsibilities and Oversight

Network Security Essentials

Canadian Access Federation: Trust Assertion Document (TAD)

DIRAC distributed secure framework

SAP Security in a Hybrid World. Kiran Kola

Grid Computing Security Implementation Challenges

Grid Computing Security Implementation Challenges

ING Public Key Infrastructure Technical Certificate Policy

An error will be returned by the services when invalid electronic requests are received.

Enhanced OpenID Protocol in Identity Management

EXAMINATION [The sum of points equals to 100]

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Wireless e-business Security. Lothar Vigelandzoon

Integrating Legacy Authorization Systems into the Grid: A Case Study Leveraging AzMan and ADAM

Canadian Access Federation: Trust Assertion Document (TAD)

Enforcing Trust in Pervasive Computing. Trusted Computing Technology.

The Grid Authentication System for Mobile Grid Environment

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

CIAM: Need for Identity Governance & Assurance. Yash Prakash VP of Products

Finding and Supporting Collaboration Needs and Opportunities

RADIAN6 SECURITY, PRIVACY, AND ARCHITECTURE

MINIMUM SECURITY CONTROLS SUMMARY

Canadian Access Federation: Trust Assertion Document (TAD)

Credentials Management for Authentication in a Grid-Based E-Learning Platform

Service Description NBN Co Platform Interfacing Service

Canadian Access Federation: Trust Assertion Document (TAD)

in a National Service Delivery Model 3 rd Annual Privacy, Access and Security Congress October 4, 2012

THEBES: THE GRID MIDDLEWARE PROJECT Project Overview, Status Report and Roadmap

InCommon Federation: Participant Operational Practices

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Cloud Under Control. HyTrust Two-Man Rule Solution Brief

Network Security Policy

IT ACCEPTABLE USE POLICY

Canadian Access Federation: Trust Assertion Document (TAD)

BoostMyShop.com Privacy Policy

National enote Registry Requirements Document. Version 1.0

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Canadian Access Federation: Trust Assertion Document (TAD)

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

IBM Security Intelligence on Cloud

CSE 127: Computer Security. Security Concepts. Kirill Levchenko

SAML-Based SSO Solution

Fuzzy Trust Integration for Security Enforcement in Grid Computing*

Transcription:

Grid Security Infrastructure On basis of works: An overview of the methods used to create a secure grid Mike Jones (The University of Manchester) Security Implications of Typical Grid Computing Usage Scenarios Marty Humphrey (Computer Science Department, University of Virginia) Mary R. Thompson (Distributed Security Research Group Lawrence, Berkeley National Laboratory Berkeley, CA) GridSec: Trusted Grid Computing Kai Hwang, Yu-Kwong Kwok, Shanshan Song and others (Internet and Grid Computing Laboratory, University of Southern California) The Security Architecture for Open Grid Services Nataraj Nagaratnam, Philippe Janson, John Dayka and others (IBM Corporation; Department of Computer Science, University of Chicago) CSE 720 Sergey Chernokozinskiy November 30, 2006

Introduction (motivation) Grid Security Infrastructure - is a specification for secret, tamper proof, delegatable communication between software in the grid computing environment There are many ways to access the resources of a Computational Grid, BUT all of them should be more or less secure, because: - very attractive data resources and compute resources; - problems in one place can spread rapidly within a Grid; - stolen password/key can be used anywhere in a Grid; Microsoft has developed a prototype of a grid-oriented security language - Security Policy Assertion Language, or SecPAL. Grids are becoming widely used in enterprises, as well as for sharing computing resources among academic research institutions. However, there is no single, widely used approach to dealing with grid security. A comprehensive set of Grid usage scenarios is presented with regard to security requirements such as authentication, authorization, integrity, and confidentiality.

Preconditions to user Grid sessions A Grid Session is roughly defined as the activities that a particular user might perform during a single workday. The following assumptions are made about the Grid Computing environment as a whole: Grid-wide Unique IDs Some Resources Will Require Local IDs Multiple Authentication Sources This should take place prior to a particular user engaging in GS: Allocation Requests on Per-Resource Basis Short-lived Credentials Per-Session Security Parameters

Usage scenarios 1. Immediate job execution 2. Job execution requiring advance scheduling 3. Job control 4. Accessing grid information services 5. Auditing use of Grid resources Grid user refers to the person who is attempting to access a resource; Principal is used to mean either human or process that has an identity associated with it and wants to make use of or to provide resources; Stakeholders are people or organizations who set the use policy for a resource; Grid gateway is a process which accepts remote requests to use resources; Grid resource gateway is the process that actually controls the use of the resource; Grid administrator is a Grid-aware person with responsibility for the overall functioning of the Grid;

Usage scenarios 1. Immediate job execution 2. Job execution requiring advance scheduling 3. Job control 4. Accessing grid information services 5. Auditing use of Grid resources

А user wishes to combine resources from multiple sites into a single, coordinated job for immediate execution. Large Data Store ACCESS Visualization Powerful compute engine

Immediate job execution (The security requirements) 1. If the set of candidate hosts has not been identified by the user, the super scheduler will need to interact with the Information Services component(s) of the Grid to identify the set of possible hosts. 2. The super scheduler must determine if the target user is allowed to execute on each of the target Grid machines, and, if so, the remaining allocations of the user. 3. A controlling agent or each remote job in a sequence needs to request resources on behalf of the user, perhaps through subsequent calls to a super scheduler. 4. Mutual authentication of user and Grid gateway on specified host needs to be done before a piece of the job is run there. 5. The grid gateway on a specified host must map the Grid ID to a local ID and submit the request to the resource gateway so that the job will run as the authorized local user. 6. The executing jobs may need to be given authorization to read and write remote files on behalf of the user.

А user wishes to combine resources from multiple sites into a single, coordinated job for immediate execution. Scheduler Intruder Large Data Store ACCESS Visualization Powerful compute engine

А user wishes to combine resources from multiple sites into a single, coordinated job for immediate execution. Malicious program Malicious program Large Data Store Scheduler Intruder ACCESS Important data Visualization Powerful compute engine

Usage scenarios 1. Immediate job execution 2. Job execution requiring advance scheduling 3. Job control 4. Accessing grid information services 5. Auditing use of Grid resources

If the large data flow from an instrument must be processed in real time, it may require the advance reservation (or co-scheduling) of data storage, network bandwidth and possibly compute cycles. Large Data Store ACCESS Visualization Powerful compute engine

Job execution requiring advance scheduling Advance reservations require: 1. Delegation of the user s rights to a super scheduler and bandwidth broker to make the reservations on behalf of the user. 2. Assurance that if a user has been granted a reservation for the future, he/she will have access at the time the reservation is claimed. 3. Bandwidth reservations usually require service agreements for priority bandwidth between ISP s and compute sites. This implies that a bandwidth broker needs to know at reservation time that user s connection will come from an authorized site. A user directly interacts with the individual resource gateways to claim the reservation: 1. The user must be able to identify himself as the entity that made the reservation. 2. The user should still have access to all the resources that he has reserved, except in extreme cases. 3. In the case of a user losing access to a resource, a check should be made of advance reservations in his name.

Usage scenarios 1. Immediate job execution 2. Job execution requiring advance scheduling 3. Job control 4. Accessing grid information services 5. Auditing use of Grid resources

Job control Job control (standard requirement of users with long-running remote jobs) - is the ability to disconnect from a job and then at a later time and possibly from a different location reattach to it. Two types of job control: Monitoring Steering (a user may control, who may connect to a job) Includes: 1. A user must be able to set the access policy to his own resources or jobs. 2. The potential collaborator must be able to authenticate to the computation itself. 3. In the case of a forced termination, the system administrator must detect the outof-control process and trace its origin to a particular Grid user. 4. Alternatively, Grid monitoring software might detect the out-of-control process and notify the system administrator. 5. The system administrator should be able to inform the Grid Administrators that the process is about to be terminated. 6. The Grid Administrators must be able to terminate the individual components of the job directly or indirectly on each site. 7. The job owner must be notified by the Grid Administrator that his job has been terminated.

Usage scenarios 1. Immediate job execution 2. Job execution requiring advance scheduling 3. Job control 4. Accessing grid information services 5. Auditing use of Grid resources

Accessing grid information services Many services require carefully controlled access to information regarding the services they provide, their current status, and who can use them. 1. Authentication should take place between the user and the information services. 2. The information services should implement the access control policy as desired by the service. 3. When publishing information, confidentiality or message integrity on the communication from the publisher to the information services could be required by the publisher.

Accessing grid information services with CAS (Community Authorization Service) Mike Jones scheme from An overview of the methods used to create a secure grid

Usage scenarios 1. Immediate job execution 2. Job execution requiring advance scheduling 3. Job control 4. Accessing grid information services 5. Auditing use of Grid resources

Auditing use of Grid resources 1. The resource gateway server must keep an nonforgeable log of all access by unique user identification and time of access. 2. The format of the entries to this log must be negotiated between the system administrator and the resource gateway. 3. Access to this log should be carefully restricted, but stakeholders need to be able to see the entries for their resources. 4. There is a need to identify a stakeholder with a resource. 5. To accomplish real-time intrusion detection, the resource gateway needs recognize and signal especially troublesome resource access requests in additions to logging.

Main aspects of Grid Security General Security: Protection Hackers securing your system from the outside world Viruses securing your system from rogue software Physical securing your console access and hardware Mutual Identification Knowing the entities you are dealing with Authorisation Knowing/assigning the entitlements of these entities Accounting Knowing what authorised (and unauthorised) actions were done by whom Privacy Respecting and enforcing access rights to data Observing Licences, Integrity Data storage, Backups, Longevity Based on Mike Jones An overview of the methods used to create a secure grid

GridSec infrastructure for building selfdefense capabilities to protect Grid sites Kai Hwang, Yu-Kwong Kwok, Shanshan Song, Min Cai Yu Chen, Ying Chen, Runfang Zhou, and Xiaosong Lou

Components of Grid Security Model Nataraj Nagaratnam, Philippe Janson, John Dayka, Anthony Nadalin, Frank Siebenlist, Von Welch, Ian Foster, Steve Tuecke

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback