1 / 10

Grid Security Issues

Grid Security Issues. Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine. Grid Security Issues. Grid Security Issues can be partitioned into three main categories - Architecture level; - Infrastructure level; Management level.

taro
Download Presentation

Grid Security Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine

  2. Grid Security Issues • Grid Security Issues can be partitioned into three main categories • - Architecture level; • - Infrastructure level; • Management level. • Architecture security issues are related to the whole architecture of the Grid. • They are referred to: • Information security - data confidentiality and integrity • Authorization - resource level authorization • Service - service level security issues • Infrastructure security issues are related to network and host components, which constitutethe grid infrastructure. These problems can be divided into the next sub-categories: • Host level - data protection, job starvation, and host availability • Network - access control, secure routing and multicasting • Management Security issues are related to the next categories • Credential management • Trust management • Monitoring

  3. Grid Security Issues. General picture

  4. Architecture Related Issues 1/2 Information security This kind of security related to the information exchanged between different hosts or between hosts and users • Existing solutions • Grid Security Infrastructure (GSI) defines Security Standards for Grid and based on a concept of theVirtual Organization (VO) • Secure Communication: Based on PKI; assuming the existence of authorized CA; X.509 certificates;and SSL/TLS protocols for data encryption • Integration with Kerberos • Kerberos is one of the most popular authentication systems used in enterprises • Current version of GSI does not support Kerberos-based interaction • but Kerberosgateway can provide a bridge with GSI gateway and vice versa

  5. Architecture Related Issues 2/2 • Authorization • Particularly important for systems, where the resources are shared between multiple departments or organizations • Existing Solutions • VO Level Components: centralized authorization systems for an entire VO • Examples: Community Authorization Service (CAS) Virtual Organization Membership Service (VOMS), and Enterprise Authorization and Licensing System (EALS) • Resource Level Components: implements the decision to authorize the access to a set of resources • Examples: Akenti, Privilege and Role Management Infrastructure Standards Validation (PERMIS), and the GridMap solution

  6. Infrastructure Related Issues 1/1 • Host and Network level Solutions provides data protection via • virtualization – VM deployment on the physical machine • sandboxing – mechanism which traps system calls and sandboxes the applications to prevent them from accessing data and memory based on certain policies • Access Control & Isolation:Adaptive Grid Firewalls(AGF)

  7. Management Related Issues 1/3 • Credential Management • becomes very important in a grid context asthere are multiple different systems which require varied credentials to accessthem • Solutions • Credential Repositories:to move the responsibilities of credential storage from theuser to these systems; examples include smart cards, virtual smart cards, and MyProxy Online CredentialRepository • Credential Federation Systems: used for managing credentials across multiple systems, domains, and realms; examples include VCMan (a specific solution for grid and Community Authorization Service (CAS)), KX.509 is a protocol which provides interoperability between X.509 and Kerberos systems

  8. Management Related Issues 2/3 • Trust Management • crucial in a dynamic grid scenario where grid nodes and users join and leave the system • Existing Solutions • Reputation Based: based on trust metrics derived from local and global reputation of a system or an entity; examples include PeerTrust, XenoTrust, NICE, Secure Grid Outsourcing (SeGO) systems • Policy Based: different entities or components constituting the system, exchange and manage credentials to establish the trust relationships based on certain policies; examples include PeerTrust Trust Negotiation and TrustBuilder

  9. Management Related Issues 3/3 • Monitoring • Essential in grid scenarios primarily for two reasons • different organizations or departments can be charged based on their usage • resource related information can be logged for auditing or compliance purposes • Existing Solutions • System Level: open source and popular system monitoring tools include Orca, Mon, Aide, Tripwire, etc. • Cluster Level: include Ganglia from University of Berkeley and Hawkeye from University of Wisconsin Madison • Grid Level: R-GMA, Globus Monitoring and Discovery Systems (MDS), Management of Adaptive Grid Infrastructure (MAGI), and GlueDomains

  10. Conclusions Grid is the middleware, which supports different and up-to-date security mechanisms: • Uses the digital certificates (X.509 and KX.509 (Kerberos)) • Supports delegation of the rights based on proxy certificates • Supports different level security mechanisms • Gives the VO possibilities • Provides Single Sign On registration • Supports encryption on the transport or message level (TLS/MLS protocols) • Can use different realizations of third parties security components

More Related