View
216
Download
0
Tags:
Embed Size (px)
Citation preview
Military Technical Academy Bucharest, 2006
SECURITY FOR GRID SECURITY FOR GRID INFRASTRUCTURESINFRASTRUCTURES
- Grid Trust Model -- Grid Trust Model -
ADINA RIPOSANADINA RIPOSANDepartment of Applied InformaticsDepartment of Applied Informatics
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Introduction Introduction
to to
Grid SecurityGrid Security
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
The users of the Grid can be organized The users of the Grid can be organized dynamically into a number of dynamically into a number of
Virtual Organizations (VOs)Virtual Organizations (VOs), ,
consisting of consisting of resources, services, and peopleresources, services, and people
collaborating across collaborating across institutional, geographical, and political institutional, geographical, and political
boundaries,boundaries,
each with different each with different Policy RequirementsPolicy Requirements..
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
This sharing is, necessarily, This sharing is, necessarily, highly protectedhighly protected, , with resource providers and consumers with resource providers and consumers
defining clearly and carefully defining clearly and carefully
whatwhat is shared, is shared, whowho is allowed to share, is allowed to share, the conditionsthe conditions under which sharing under which sharing
occurs.occurs.
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Security ModelsSecurity Models
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
In order to achieve this goal in a trustworthy In order to achieve this goal in a trustworthy manner, manner,
two common solutionstwo common solutions were identified, and were identified, and
two basic concepts & modelstwo basic concepts & models were defined: were defined:
• ““Virtual OrganisationsVirtual Organisations (VO)” Model (VO)” Model • ““Federated Trust” ModelFederated Trust” Model
In practice it is often hard to distinguish the In practice it is often hard to distinguish the boundaries between the VO Model and the boundaries between the VO Model and the Federated Trust Model.Federated Trust Model.
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
The The trust anchorstrust anchors in the VO Model are: in the VO Model are: • the the Certification AuthoritiesCertification Authorities (which govern the (which govern the
authentication infrastructure) and authentication infrastructure) and • the the VOsVOs themselves (who self-govern the use of the themselves (who self-govern the use of the
resources that have been made available to them)resources that have been made available to them)
The The trust anchorstrust anchors in the Federated Trust Model in the Federated Trust Model are:are:• the the organisationsorganisations themselves themselves
The Federated Trust Model typically materialises as a The Federated Trust Model typically materialises as a more formal collaboration than that of Virtual more formal collaboration than that of Virtual Organizations. Organizations.
Here, an enumerable set of organisations join and Here, an enumerable set of organisations join and agree on common policies and processes. agree on common policies and processes.
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
We further chose the We further chose the VO Trust ModelVO Trust Model, this , this offering the most appropriate features for the offering the most appropriate features for the Grid infrastructure according to the real-life Grid infrastructure according to the real-life requirements. requirements.
Besides the trust model, Grid computing has Besides the trust model, Grid computing has traditionally honored a golden rule of thumb: traditionally honored a golden rule of thumb:
““Always retain local control” – Always retain local control” –
for example, any for example, any locally definedlocally defined access control access control policy takes precedence over any policy takes precedence over any “external” or “external” or centralisedcentralised policy. policy.
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
VO Trust ModelVO Trust Model
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Security tools are concerned with:Security tools are concerned with:
establishing the establishing the identityidentity of of usersusers or or servicesservices (authentication)(authentication), ,
protecting protecting communicationscommunications, and , and determining determining whowho is allowed to perform is allowed to perform whatwhat
actions actions (authorization),(authorization),
as well as with supporting functions such as:as well as with supporting functions such as:
managing managing user credentialsuser credentials,, and and maintaining maintaining group membershipgroup membership information. information.
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Grid computing research has produced Grid computing research has produced security security technologiestechnologies based based
not on direct inter-organizational trust not on direct inter-organizational trust relationships relationships
but rather on the use of the but rather on the use of the VO (Virtual Organisation)VO (Virtual Organisation)
as a as a bridgebridge among the entities participating in a among the entities participating in a particular community or function.particular community or function.
VO (Virtual Organisation) = BRIDGEVO (Virtual Organisation) = BRIDGE
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Grid Solution: Grid Solution: Use Virtual Organization as BridgeUse Virtual Organization as Bridge
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Grid Security ChallengesGrid Security Challenges are driven by the need are driven by the need to support to support scalable, dynamic, distributedscalable, dynamic, distributed virtual organizations (VOs) virtual organizations (VOs)
– – collections of diverse and distributed collections of diverse and distributed individuals that seek to share and use diverse individuals that seek to share and use diverse resources in a resources in a coordinated fashioncoordinated fashion. .
We We cannotcannot, in general, assume , in general, assume
trust relationships between trust relationships between • the classical organization and the classical organization and • the VO or its external members. the VO or its external members.
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Grid security mechanismsGrid security mechanisms address these address these challenges by allowing a challenges by allowing a VOVO to be treated as to be treated as a a
policy domain overlaypolicy domain overlay
VO = POLICY DOMAIN OVERLAYVO = POLICY DOMAIN OVERLAY
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Complicating Grid security is the fact that Complicating Grid security is the fact that
new services (i.e., resources) new services (i.e., resources)
may be deployed and instantiatedmay be deployed and instantiated
DYNAMICALLYDYNAMICALLY
over a VO’s lifetimeover a VO’s lifetime
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Dynamic creation of servicesDynamic creation of services
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Dynamic creation of services –Dynamic creation of services –
Users must be able to create new Users must be able to create new servicesservices (e.g., “resources”)(e.g., “resources”) dynamicallydynamically, ,
without administrator intervention. without administrator intervention.
These services must be These services must be coordinatedcoordinated and must and must interact securelyinteract securely with other services. with other services.
=> We must be able to DINAMICALLY name the => We must be able to DINAMICALLY name the service with an service with an assertable identityassertable identity and to and to grant grant rightsrights to that identity without contradicting the to that identity without contradicting the governing local policy.governing local policy.
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Dynamic establishment of Dynamic establishment of
Trust DomainsTrust Domains
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Dynamic establishment of trust domains –Dynamic establishment of trust domains –
In order to In order to coordinate resourcescoordinate resources, ,
=> VOs need to => VOs need to establish trust :establish trust : • among among users and resourcesusers and resources in the VO, and also in the VO, and also• among among the VO’s resourcesthe VO’s resources, so that they can be , so that they can be
coordinated.coordinated.
These These trust domainstrust domains • can can span multiple organizationsspan multiple organizations, and , and • must must adapt dynamicallyadapt dynamically as participants as participants
join, join, are created, or are created, or leave the VOleave the VO
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Overview of the Overview of the
Security Architecture servicesSecurity Architecture services
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Overview of the Overview of the componentscomponents in the security in the security architecture and their architecture and their interactionsinteractions: : (typical request flow)(typical request flow)
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Logging and AuditingLogging and Auditing
Ensures: Ensures: monitoringmonitoring of system activities, and of system activities, and accountabilityaccountability in case of a security event in case of a security event
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
AuthenticationAuthentication
Credential storageCredential storage ensures proper security of ensures proper security of
(user-held) credentials(user-held) credentials Proxy certificatesProxy certificates enable single sign-on enable single sign-on TLS, GSI, WS-SecurityTLS, GSI, WS-Security and possibly other and possibly other
X.509 based transport or message-level X.509 based transport or message-level
security protocols ensure integrity, security protocols ensure integrity,
authenticity and (optionally) confidentialityauthenticity and (optionally) confidentiality EU GridPMAEU GridPMA establishes a common set of trust establishes a common set of trust
anchor for the authentication infrastructureanchor for the authentication infrastructure PseudonymityPseudonymity services addresses anonymity services addresses anonymity
and privacy concernsand privacy concerns
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
AuthorizationAuthorization
Attribute authoritiesAttribute authorities enable VO managed enable VO managed
access controlaccess control Policy assertion servicesPolicy assertion services enable the enable the
consolidation and central administration of consolidation and central administration of
common policycommon policy Authorization frameworkAuthorization framework enables for local enables for local
collection, arbitration, customisation and collection, arbitration, customisation and
reasoning of policies from different reasoning of policies from different
administrative domains, as well as integration administrative domains, as well as integration
with service containers and legacy serviceswith service containers and legacy services
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
DelegationDelegation
Allows for an Allows for an entityentity (user or resource)(user or resource)
to empower another to empower another entityentity (local or remote)(local or remote)
with the necessary with the necessary permissionspermissions
=> to act on its behalf=> to act on its behalf
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Data key managementData key management
Enables long-term distributed Enables long-term distributed
storage of datastorage of data
for applications with for applications with
privacyprivacy or or
confidentialityconfidentiality concerns concerns
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
Site proxySite proxy
Enables applications Enables applications to communicateto communicate
despite despite heterogenousheterogenous and and non-transparentnon-transparent
network accessnetwork access
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
SandboxingSandboxing
Isolates a resourceIsolates a resource from the from the local sitelocal site infrastructure hosting the resource, infrastructure hosting the resource,
mitigating mitigating attacksattacks and and malicious/wrongful usemalicious/wrongful use
In case of SCAVENGE existing desktops, In case of SCAVENGE existing desktops,
a a protective “SANDBOX”protective “SANDBOX” should be implemented on should be implemented on the Grid member-machines, so that:the Grid member-machines, so that:
• It cannot cause any disruption to the It cannot cause any disruption to the donating donating machinemachine if it encounters a problem during execution. if it encounters a problem during execution.
• Rights to accessRights to access files and other resources on the grid files and other resources on the grid machine from inside the Grid machine from inside the Grid may be restrictedmay be restricted..
=> The protection is ensured BOTH for the => The protection is ensured BOTH for the donating donating machinemachine and for the and for the Grid systemGrid system
(2-ways protection)(2-ways protection)
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
GSI Conceptual Details: GSI Conceptual Details:
Public Key Cryptography Public Key Cryptography Digital SignaturesDigital Signatures CertificatesCertificates Mutual AuthenticationMutual Authentication Confidential CommunicationConfidential Communication Securing Private KeysSecuring Private Keys Delegation and Single Sign-OnDelegation and Single Sign-On
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
The The Grid Security Infrastructure (GSI)Grid Security Infrastructure (GSI) provides provides security mechanisms i.e. authentication and security mechanisms i.e. authentication and communication over an open network. communication over an open network.
GSI supports a GSI supports a number of featuresnumber of features that a Grid user that a Grid user requires requires • Authenticate using a single sign-on mechanism Authenticate using a single sign-on mechanism • Delegation (through proxies) Delegation (through proxies) • Integration with local security systems Integration with local security systems • Trust-based relationships, using Trust-based relationships, using Certificate Certificate
Authority (CA)Authority (CA)
GSI is based on GSI is based on public-key encryptionpublic-key encryption (using X.509 (using X.509 certificates) and certificates) and SSL SSL
The GSI implementation in Globus adheres to the The GSI implementation in Globus adheres to the IETF GSS-API standardIETF GSS-API standard
Military Technical Academy BucharMilitary Technical Academy Bucharest, 2006est, 2006
CONCLUSION:CONCLUSION:
GSI Key features:GSI Key features:• Authenticate using a Authenticate using a single sign-onsingle sign-on
mechanism mechanism • DelegationDelegation (through proxies - my_proxy) (through proxies - my_proxy) • Trust-based relationships, using Trust-based relationships, using Certificate Certificate
Authority (CA)Authority (CA)
GSI is based on GSI is based on public-key encryptionpublic-key encryption (using (using X.509 certificates) and X.509 certificates) and SSLSSL