1 / 25

Secure Generic Connection Brokering SGCB enhancing secure submission of grid jobs across firewalls

Secure Generic Connection Brokering SGCB enhancing secure submission of grid jobs across firewalls. David Front, Lorne Levinson, Morton Taragin Weizmann Institute of Science, Rehovot Miron Livny, Se-Chang Son, University of Wisconsin, Madison Itzhak Ben-Akiva, Tel Aviv University, Tel Aviv.

seth-barr
Download Presentation

Secure Generic Connection Brokering SGCB enhancing secure submission of grid jobs across firewalls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Generic Connection Brokering SGCBenhancing secure submission of grid jobs across firewalls David Front, Lorne Levinson, Morton Taragin Weizmann Institute of Science, RehovotMiron Livny, Se-Chang Son, University of Wisconsin, MadisonItzhak Ben-Akiva, Tel Aviv University, Tel Aviv Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  2. Agenda • The problem • Requirements • Architecture • Performance, evaluation • References Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  3. The problem • In order to use (Grid) servers, incoming connections should be created • Organization security policies restrict connections to prevent malicious acts • Incoming connections are more threatening than outgoing connections • Hence, organization security managers object to allow incoming connections to grid domain firewalls Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  4. In addition, client’s firewall prevents Connections to client. No direct connection is possible 2 Client firewall The problem: 2 use cases (Grid) network applications fail to create incoming connections, because of organization security policy, enforced by firewall/s Serverfirewall Server’s firewall prevents Connections to server. Server may connect client. server client 1 Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  5. Requirements A solution to securely submit jobs across firewalls should: • Satisfy security managers: allow incoming connections, yet not violate security policies • Not require dynamic firewall changes • Support communication with standard sockets • Not require changes at communicating applications • Not require kernel changes • Supportvarious security schemes • Not require root privilege to install/run Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  6. SGCB architecture Generic Connection Brokering (GCB) Generic Connection Brokering (GCB)by Sechang Son and Miron Livny + Bypassby Douglas Thain and Miron Livny + Security layer for management messages: • Trivial security • GSI security Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  7. GCB use case 1: reversed TCP connection Serverfirewall A GCB management message server client broker 1 Register me Time 2 I want to connect server 3 Connect client connect() data Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  8. GCB use case 2: relayed TCP connection Serverfirewall A GCB management message server client 1 Register me 2 I want to connect server Time 3 Connect me Connect() broker 4 Connect me Connect() Data is relayed Clientfirewall Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  9. Firewalls holes without GCB Clientfirewall Serverfirewall Server incoming Client outgoing Holes for Server-client connections Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  10. Firewalls holes with GCB Clientfirewall Brokerfirewall Serverfirewall Server outgoing Broker incoming Client outgoing Holes for management messages Holes for Server-client connections Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  11. GCB socket SW layer GCB socket calls GCB_bind(), GCB_connect(), GCB_accept() ... GCB calls do whatever is needed to connect, such as: communicate with other entities reverse connection direction initiate standard socket calls: GCB calls replace standard socket calls at server and client applications call bind(), connect(), accept() … Standard socket calls Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  12. GCB layer: reversed TCP connection client machine broker machine server machine GCB_socket Time GCB_bind GCB_listen GCB_connect GCB_accept Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  13. GCB layer: relayed TCP connection GCB_socket Time GCB_bind GCB_listen GCB_connect GCB_accept Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  14. SGCB architecture - Bypass Applications must call GCB socket functions in order to use GCB Using Bypass avoids this need Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  15. 1Agent squeezes in between application and system calls 3 Agent intercepts, and runs agent code GCB_accept() 4 For example:call connect() connect() Bypass Bypass is a code generator software, for making C++ interposition agents. 2 Application issues a system call accept() call Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  16. Agent Agent GCB_socket GCB_bind GCB_listen GCB_connect GCB_accept GCB Bypass agent implements GCB seamlessly to applications Bypassing GCB Application Application broker socket bind Time listen connect accept Server Client Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  17. SGCB architecture - security GCB management messages are not secure: SGCB Security layer adds security Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  18. GCB: No management message security Server/Client Broker Connect Accept Time Data Data Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  19. SGCB security scheme 1: trivial security Applicable for management messages Server/Client Broker Connect Time Accept AUTH_assert userid@hostname AUTH_accept userid@hostname Data Data Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  20. SGCB security scheme 2: GSI security Applicable for GCB management messages Server/Client Broker Connect Time Accept AUTH_assert certificate AUTH_accept certificate Data decrypt encrypt Data decrypt encrypt Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  21. Broker location BrokerDMZ Server outgoing Broker incoming Client outgoing • A brokers has relaxed security policy, allowing incoming connections • It is recommended to locate a broker at a DMZ with no other computers Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  22. GCB TCP performancepassing across a private network GCB does not cause a big time penalty Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  23. Evaluation SGCB does satisfy its requirements, however: Scalability: The broker is a potential traffic bottleneck. Brokering of up to thousands machines, yet to be tested Robustness: The broker is a single point of failure Complexity: Adding SGCB and Bypass SW layers to a grid application adds complexity and causes a debugging challenge Experimental: Globus problems with GCB and bypass Applicability: SGCB is relevant for GT2 more than for GT3 Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  24. Status SGCB works with test applications: creates Bypass’ed connections across firewalls with trivial or GSI security. SGCB support for Globus is under development Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

  25. References • Globus Toolkit Firewall Requirements:Von Welch http://www-fp.globus.org/security/firewalls/Globus%20Firewall%20Requirements-5.pdf • GCB: Recovering Internet Symmetry in Distributed Computing,Sechang Son and Miron Livny, Computer Science Department, University of Wisconsin http://www.cs.wisc.edu/condor/doc/CCGRID2003.pdf • Bypass: Douglas Thain and Miron Livny http://www.cs.wisc.edu/condor/bypass/ • SGCB user guide:David Front www.weizmann.ac.il/~dfront/sgcb.htm • SSH tunnels and Globus (alternative attitude to connect across firewalls):Globus Grid and Firewalls: Issues and Solutions in a Utility Data Center Environment1, Sven Graupner, Carsten Reimann, HP Laboratories Palo Alto, HPL-2002-278, October 2nd , 2002 http://www.hpl.hp.com/techreports/2002/HPL-2002-278.pdf Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003

More Related