Security requirements analysis for large scale distributed systems
This presentation is the property of its rightful owner.
Sponsored Links
1 / 25

Security Requirements Analysis for Large-scale Distributed Systems PowerPoint PPT Presentation


  • 133 Views
  • Uploaded on
  • Presentation posted in: General

Security Requirements Analysis for Large-scale Distributed Systems. Syed Naqvi 1 , Olivier Poitou 1 , Philippe Massonet 1 , Alvaro Arenas 2 1 Centre of Excellence in Information and Communication Technologies (CETIC) {syed.naqvi, olivier.poitou, [email protected]

Download Presentation

Security Requirements Analysis for Large-scale Distributed Systems

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Security requirements analysis for large scale distributed systems

Security Requirements Analysis for Large-scale Distributed Systems

Syed Naqvi1, Olivier Poitou1, Philippe Massonet1, Alvaro Arenas2

1Centre of Excellence in Information and Communication Technologies (CETIC)

{syed.naqvi, olivier.poitou, [email protected]

2CCLRC Rutherford Appleton Laboratory

[email protected]


Outline

Outline

  • Introduction

  • Grid Security Requirements

  • Solutions for these Requirements

  • Conclusions

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Security requirements analysis for large scale distributed systems

Outline

  • Introduction

  • Grid Security Requirements

  • Solutions for these Requirements

  • Conclusions

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Functional view of grid data management

Functional View of Grid Data Management

taken from www.twgrid.org

Application

Location based on

data attributes

MetadataService

Planner:

Data location,

Replica selection,

Selection of compute

and storage nodes

Replica Location

Service

Location of one or

more physical replicas

Information Services

State of grid resources,

performance measurements

and predictions

Security and Policy

Executor:

Initiates

data transfers and

computations

Data Movement

Data Access

Compute Resources

Storage Resources

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Security requirements analysis for large scale distributed systems

FileStamp – Distributed File System

  • Decentralized multi-writer file system

    • Based on a Peer-to-Peer technology

    • Self managing data storage location

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Security requirements analysis for large scale distributed systems

FileStamp Architecture

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Security requirements analysis for large scale distributed systems

  • File Redundancy

  • Dynamic replica regeneration

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Security requirements analysis for large scale distributed systems

FileStamp – File Transfer

  • BitTorrent Technology

  • Moreover transfers can be interrupted and restarted from the last transferred bytes

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Security requirements analysis for large scale distributed systems

Outline

  • Introduction

  • Grid Security Requirements

  • Solutions for these Requirements

  • Conclusions

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Generic requirements

Generic Requirements

  • Authentication

    • Each party establishes a level of trust in the identity of the other party

    • Authentication protocol sets up a secure communication channel between the authenticated parties

  • Authorization

    • Allows access to resources based on policies attached to each service.

    • VOs introduce challenging management & policy issues

      • Complex relationships between local site policies and the goals of VO

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Generic requirements1

Generic Requirements

  • Availability

    • Legitimate users have access when they need it

    • Replication: well-known technique for improving availability in distributed systems

      • Total network load is also decreased if replicas & requests are reasonably distributed

  • Confidentiality

    • Assures that information does not reach unauthorized individuals, entities, or processes.

    • Achievable by a mechanism for ensuring access control

    • Confidentiality requirements include point-to-point transport as well as store-and-forward mechanisms.

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Generic requirements2

Generic Requirements

  • Integrity

    • Assurance that information can only be accessed or modi-fied by those authorized to do so.

    • Nontrivial problem

      • especially when storage hardware and networks are not perfect

  • Traceability

    • Mechanism of observing the various actions taken by the different actors

    • Used to develop audit trails

    • Events are recorded in log files

    • Can be used to determine the responsibility of incidents

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Specific requirements

Specific Requirements

  • Resilience

    • Provides an abstraction layer to hide the architectural changes from the overall security architecture

    • Security architecture should remain intact and should deliver the promised level of security even if its composition changes over time.

      • Grid links and nodes are very dynamic in nature and may change over the time.

  • Data Lifecycle Management (DLM)

    • Lifecycle is the time from the moment data is created until it is deleted or stored indefinitely.

    • Security assurances require spanning the entire lifecycle of data.

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Specific requirements1

Specific Requirements

  • Fault-tolerance

    • Highly desirable feature especially for large data files transfer.

    • Overlay networks provide caching of transfers.

    • But caching reduces performance of the overall data transfer.

      • Amount of data that can be cached is dependent on the storage policies at the intermediate network points.

    • The caching and other techniques do not consider security parameters

    • Appropriate negotiations protocol is indispensable to negotiate the terms and conditions of security before moving or (temporarily) storing data.

    • Negotiations process should not take its toll on the system’s performance.

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Security requirements analysis for large scale distributed systems

Outline

  • Introduction

  • Grid Security Requirements

  • Solutions for these Requirements

  • Conclusions

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Authentication

Authentication

  • Current authentication mechanism

    • File owner issues a certificate for the write access to the file.

    • Authentication of the certificate is performed by the DHT (Distributed Hash Table) nodes and FS (File System) clients.

      • Both signatures are verified when storing/ retrieving a UCB (User Certificate Block)

    • This certificate has some major problems:

      • It always gives write permission even if the user only requires read permission.

      • It’s format is not standardized!

      • It renders compatibility problem with existing standard credentials (X.509, Kerberos, etc.)

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Authentication1

Version

Serial Number

Signature Algorithm

Issuer Name

x509 v3 Bodypart

Validity

X.509

version 3

Subject Name

Certificate

Signature Algorithm

Subject Public Key

Signature of CA

Issuer Unique ID (v2)

Subject unique ID (v2)

Extensions (v3)

Digital

Signature

Authentication

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Authorization

Authorization

  • FileStamp employ local mapping of the user

    • Like UNIX authorization matrix

  • The mapping serves as an access control check

    • Access to the resource is denied if the user is not listed in the local mapping configuration

    • local policy management and enforcement mechanisms constrain the user’s actions to those allowed by local policy

  • Easy for site administrators to understand and configure

    • Shortcomings: scalability, lack of expressiveness, consistency of policies

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Authorization through cas

Policy statement

Community

Signature

Authorization (through CAS)

CAS Server

User proxy

CAS-maintained

community policy

database

What rights does

the community

grant to this user?

Resource Server

Client

What local policy applies to this user?

User proxy

Local policy

information

Policy statement

Does the policy statement authorize the request?

Community

Signature

Is this request authorized for the community?

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Availability confidentiality integrity

Availability, Confidentiality, Integrity

Complex but strong solution

Simple yet fragile solution

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Resilience fault tolerance through ws agreement

Factory

Negotiation

create()

Ops:

terminate(limits)

negotiate(...)

...

SDEs:

negotiate()

Terms

Status

Related

Agrmts.

Negotiator

Factory

Agreement

create()

Ops:

terminate(limits)

inspect(query)

...

SDEs:

inspect()

Terms

Status

Related

Agrmts.

Manager

Factory

create()

Policy

Application Instance

foo()

Consumer

Provider

Resilience & Fault-tolerance (through WS Agreement)

  • Target is to maintain an optimal number of replicas of a data set

  • Key issues:

  • Determine optimal number of replicas

  • How efficiently the system recognizes faulty nodes

  • How transparent data is migrated

  • FileStamp should be able to negotiate the terms of security parameters with the nodes

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Data lifecycle management through hsm

Data Lifecycle Management (through HSM)

  • VO security policy should explicitly mention the desired lifecycle of the data being managed by the FileStamp

    • FileStamp should indicate the stage where the data generated by the VO operations should be destroyed from the storage devices

  • FileStamp should also employ some secure storage management technique such as HSM (Hierarchical Storage Management)

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Security requirements analysis for large scale distributed systems

Outline

  • Introduction

  • Grid Security Requirements

  • Solutions for these Requirements

  • Conclusions

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Conclusions

Conclusions

  • Global connectivity of computing and storage resources opens up the possibility of misusing information to a degree never seen before

  • The objective to facilitate use of these resources by protecting them against any misuse must, however, be realistic given the current technical infrastructure

  • Security technologies be integrated from the inception stage rather than considering them as add-on optional features

  • The risk and threat pictures are always changing, and their analysis needs to be continuously updated

  • REMEMBER

  • Security is not a product – Security is a process!

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


Future work

Future Work

  • Formalising the FileStamp Security Requirements using the KAOS methodology

    • Obstacle model

    • Extending KAOS with templates for security requirements

  • Deriving Security Policies from the Security Requirements

  • Policy Refinement

    • Exploiting againg features from KAOS (e.g. goal refinement)

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies


  • Login