1 / 20

Grid Computing Security Mechanisms: the state-of-the-art

Grid Computing Security Mechanisms: the state-of-the-art. A. Bendahmane, M. Essaaidi, A. El Moussaoui, A.Younes Information and Telecommunication Systems Laboratory Faculty of Sciences Tetouan, Morocco. Outline. Introduction Resources Level Solutions Service Level Solutions

nanji
Download Presentation

Grid Computing Security Mechanisms: the state-of-the-art

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grid Computing Security Mechanisms: the state-of-the-art A. Bendahmane, M. Essaaidi, A. El Moussaoui, A.Younes Information and Telecommunication Systems Laboratory Faculty of Sciences Tetouan, Morocco. ICMCS’2009

  2. Outline • Introduction • Resources Level Solutions • Service Level Solutions • Authentication & Authorization Level solutions • Information Level Solutions • Management Level Solutions • Co30/08/2014nclusions ICMCS’2009

  3. Introduction (Grid Computing?) • A collection of heterogeneousresources distributed over a local or wide area network, and available to an end user as a single large computing system • deployment of grid technologies within the context of business and enterprise IT communities • large-scale and distributed scientific computing • computing power • data access • storage resources security has been a central issue in grid computing from the outset, and has been regarded as the most significant challenge for grid computing ICMCS’2009

  4. Introduction (Security Mechanisms?) • As a result, novel security technologies have been evolving all the time within the grid computing researchers ICMCS’2009

  5. Resources Level Solutions • Protecting the grid resources (grid nodes or Host, and communication network) Host Security Network Security Sandboxing Virtualization Hose service model Adaptive Firewall for the Grid Another way to secure the grid resources is through intrusion detection system (IDS) solution. ICMCS’2009

  6. Service Level Solutions • DOS attack is one of the most important security threats existing in grid computing. Preventive solutions Reactive solutions Application filtering, location hiding, and the throttling techniques. Link testing, logging, ICMP traceback, and IP traceback. ICMCS’2009

  7. Service Level Solutions (cont) DoS attacks cannot be mitigated by one solution alone and multiple solutions should be employed to improve the effectiveness. ICMCS’2009

  8. Authentication & Authorization Level solutions ICMCS’2009

  9. Authentication • Authentication deals with verification of the identity of an entity within a network • GSI (Grid Security Infrastructure) • Kerberos • LDAP ICMCS’2009

  10. Authentication (cont) • GSI (Grid Security Infrastructure) • Based on X.509 certificate • Public private key pair • Certificate Authority (CA) • Requires a Public Key Infrastructure to make it a viable solution • Implemented in all versions of Globus ICMCS’2009

  11. Authentication (cont) • Kerberos • Integration with GSI • GSI does not accept Kerberos credentials as an authentication mechanism Gateways or translators which accept Kerberos credentials and convert it to GSI credentials and vice versa SSLK5/PKINIT GSI Kerberos KX.509/KCA ICMCS’2009

  12. Authentication (cont) • LDAP is a naming service for the broadcast of system information which can then be used for authentication purpose. • Several methods of authentication corresponding to various security levels are available in standard LDAP • login/password • X.509 certificate • (SSL/TLS, SASL) coupled with Access Control Lists • Integrating mechanisms of strong authentication like Kerberos or systems of one-time passwords ICMCS’2009

  13. Authorization • Authorization deals with the verification of an action that an entity can perform after that an authentication is performed successfully. Centralized Systems Decentralized Systems CAS, VOMS, EALS Akenti, PERMIS, Grid-MAP ICMCS’2009

  14. Authorization (cont) ICMCS’2009

  15. Information Level Solutions • Information Level includes those security concerns that arise during the communication between two entities. • Confidentiality • Integrity • Single Sign On ICMCS’2009

  16. Information Level Solutions (cont) • GSI (in Globus Toolkit 4.0 or GT4) provide secure communication at two levels. Message Level Security Transport Level Security Encrypts the complete communication. Encrypts only the content of the SOAP message. Both are based on public-key cryptography ICMCS’2009

  17. Information Level Solutions (cont) ICMCS’2009

  18. Management Level Solutions • Credentials are important in grid systems as they are used for accessing the Grid resources Mechanisms to securely store, access, and manage credentials in grid systems. Credential Management (CM) systems Credential repositories Credential federation • Storing the credentials securely • Generating new credentials on demand • Sharing the credentials across different domains. ICMCS’2009

  19. Thank you Conclusions • Classification of the different security solutions in grid computing • Grid security solutions have some fails and can’t protect against all types of attack. • with the growth of the uses of grid computing technology in different domains, new types of attacks will arise. It is then necessary to develop more robust concepts of grid computing security. ICMCS’2009

  20. Thank you ICMCS’2009

More Related