1 / 25

GT 4 Security Goals & Plans

GT 4 Security Goals & Plans. Sam Meder (meder@mcs.anl.gov). The Ultimate Goal. Enable secure cross-organizational interactions Least privilege rights delegation Support for multiple mechanisms -> translation Virtual Organization security fabric Membership Policy etc …. No Cross-

aisha
Download Presentation

GT 4 Security Goals & Plans

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GT 4 Security Goals & Plans Sam Meder (meder@mcs.anl.gov)

  2. The Ultimate Goal • Enable secure cross-organizational interactions • Least privilege rights delegation • Support for multiple mechanisms -> translation • Virtual Organization security fabric • Membership • Policy • etc • …

  3. No Cross- Domain Trust Trust Mismatch Mechanism Mismatch Multi-Institution Issues Certification Certification Authority Authority Domain B Domain A Policy Policy Authority Authority Task Server Y Server X Sub-Domain A1 Sub-Domain B1

  4. Why Grid Security is Hard • Resources being used may be valuable & the problems being solved sensitive • Both users and resources need to be careful • Dynamic formation and management of virtual organizations (VOs) • Large, dynamic, unpredictable… • VO Resources and users are often located in distinct administrative domains • Can’t assume cross-organizational trust agreements • Different mechanisms & credentials • X.509 vs Kerberos, SSL vs GSSAPI, X.509 vs. X.509 (different domains), • X.509 attribute certs vs SAML assertions

  5. Why Grid Security is Hard… • Interactions are not just client/server, but service-to-service on behalf of the user • Requires delegation of rights by user to service • Services may be dynamically instantiated • Standardization of interfaces to allow for discovery, negotiation and use • Implementation must be broadly available & applicable • Standard, well-tested, well-understood protocols; integrated with wide variety of tools • Policy from sites, VO, users need to be combined • Varying formats • Want to hide as much as possible from applications!

  6. The Grid Trust solution • Instead of setting up trust relationships at the organizational level (lots of overhead, possible legalities - expensive!) set up trust at the user/resource level • Virtual Organizations (VOs) for multi-user collaborations • Federate through mutually trusted services • Local policy authorities rule • Users able to set up dynamic trust domains • Personal collection of resources working together based on trust of user

  7. Certification Authority Authority Policy Policy Authority Authority Sub-Domain B1 Sub-Domain A1 Domain B Task Server X Server Y Grid Solution:Use Virtual Organization as Bridge No Cross- Domain Trust Certification Domain A Federation Service GSI Virtual Organization Domain

  8. Effective Policy GoverningAccess Within A Collaboration

  9. Use Delegation toEstablish Dynamic Distributed System ComputeCenter Service Rights VO ComputeCenter

  10. Service Goal is to do this with arbitrary mechanisms ComputeCenter X.509AC X.509/SSL SAMLAttribute X.509AC Kerberos/ WS-Security Rights VO ComputeCenter SAMLAttribute

  11. Security ofGrid Brokering Services • It is expected brokers will handle resource coordination for users • Each Organization enforces its own access policy • User needs to delegate rights to broker which may need to delegate to services • QoS/QoP Negotiation and multi-level delegation

  12. Propagation of Requester’s Rights through Job Scheduling and Submission Process Virtualization complicates Least Privilege Delegation of Rights Dynamically limit the Delegated Rights more as Job specifics become clear Trust parties downstream to limit rights for you…or let them come back with job specifics such that you can limit them

  13. Grid Security must address… • Trust between resources without organization support • Bridging differences between mechanisms • Authentication, assertions, policy… • Allow for controlled sharing of resources • Delegation from site to VO • Allow for coordination of shared resources • Delegation from VO to users, users to resources • ...all with dynamic, distributed user communities and least privilege.

  14. Authentication service: An authentication service is concerned with verifying proof of an asserted identity. Identity mapping service: The identity mapping service provides the capability of transforming an identity that exists in one identity domain into a identity within another identity domain. Authorization service: The authorization service is concerned with resolving a policy based access control decision. Credential Conversion service: The credential conversion service provides credential conversion between one type of credential to another type or form of credential. Audit service: The audit service is responsible for producing records, which track security relevant events. Profile service: The profile service is concerned with managing service requestor’s preferences and data which may not be directly consumed by the authorization service. Privacy service: The privacy service is primarily concerned with the policy driven classification of personally identifiable information (PII). VO Policy service: The VO policy service is concerned with the management of policies. … Functional Capabilities

  15. Security Components

  16. Grid Security Services call-outs

  17. Grid Security Services with VO

  18. Interaction with other Grid Services • All Grid services layered on Security Services • All interactions are subject to policy enforcement • Grid Security Services leverage other Services • Use of registries/databases/QoS/discovery/migration/meta-data-publication/fail-over/mirroring/provisioning/etc. • Security Policy derived from higher level agreements • Enforcement is means to meet “business” objectives • New agreements subject to governing security policy • existing access restriction override any new agreement Security Services can not be seen in isolation!

  19. GT 4 (3.9.2) Existing Features • Authentication • GSI Secure Message • Based on earlier WS-Security draft • Support for signing and encrypting using X.509 certificates and X.509 Proxy Certificates • Per message • GSI Secure Conversation • Based on proprietary protocol (predates WS-SecureConversation) • GSSAPI • SSL + delegation + proxy cetificates • (Kerberos) • Session based

  20. GT 4 (3.9.2) Existing Features • Authorization • Host • Self • Identity • Gridmap • Custom

  21. GT 4 Plans-Authentication • Move to WSS4J • Web Services Security 1.0 • WS-I Basic Security Profile • Support for Username/Password • Move to WS-Trust/WS-SecureConversation • Make GSI-Secure Conversation compliant with latest drafts • (Introduce secure Username/Password session protocol (based on AuthA)) • (https – XML Security performance…)

  22. GT 4 Plans - Delegation • Delegation Service • Using WSRF • Delegated credentials modeled as resources • Lifetime management using WS-ResourceLifetime • Allows decoupling of delegation from authentication • No problem with WS-I Basic Security Profile • Pushes delegation handling to application level • Requires modification of application protocol

  23. GT 4 Plans - Authorization • CAS WSRF port • Integration of new authorization framework developed at KTH • XACML engine • Management interface • Chaining of authorization decisions • Per method granularity

  24. GT 4 Plans – Authorization (cont.) • Port of SAML authorization callout • Based on work in OGSA Authz WG • Requires schema for resource id • CAS enabled grid services • Integration of SAML based CAS assertions with XACML engine • Will lead to generic SAML/XACML delegation of rights framework

  25. GT 4 Plans - MyProxy • Inclusion of MyProxy • Non-WS to begin with

More Related