1 / 58

Advisor: Yeong -Sung Lin Presented by I- Ju Shih

Optimal response to attacks on the open science grid Mine Altunay , Sven Leyffer , Jeffrey T. Linderoth , Zhen Xie. Advisor: Yeong -Sung Lin Presented by I- Ju Shih. Agenda. Introduction and background Collaborations in open grids and collaboration network graph model

kiley
Download Presentation

Advisor: Yeong -Sung Lin Presented by I- Ju Shih

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Optimal response to attacks on the open science gridMine Altunay, Sven Leyffer, Jeffrey T. Linderoth, Zhen Xie Advisor: Yeong-Sung Lin Presented by I-Ju Shih

  2. Agenda • Introduction and background • Collaborations in open grids and collaboration network graph model • Estimating the threat levels • Modeling optimal response to network attacks • Responding by closing sites • Responding by closing and monitoring links • Numerical experience • Extensions and conclusions

  3. Agenda • Introduction and background • Collaborations in open grids and collaboration network graph model • Estimating the threat levels • Modeling optimal response to network attacks • Responding by closing sites • Responding by closing and monitoring links • Numerical experience • Extensions and conclusions

  4. Introduction and background • The emergence of open grid infrastructures, such as the Open Science Grid , TeraGrid and Earth System Grid, has enabled scientists to exploit unprecedented computing resources for data-intensive research opportunistically share the computing resources. • A common concern is that the increased openness may allow malicious attackers to spread more readily around the grid. • Thus, cybersecurity has become a growing concern especially in open grids.

  5. Introduction and background • Open grids seek to bring scientists together with the necessary computational powers by making institutional barriers transparent. • The security perimeters traditionally defined at institutional boundaries are ineffective against attacks on these grids. • Thus, we must understand how collaborations form in grids and how this collaboration affects the security of grid participants. We also must understand attack-spread patterns. • Gathering security information from different institutions is time consuming and prone to error.

  6. Introduction and background • This paper collects the necessary information ahead of time and build a collaboration network graph from the grid. Based on this collaboration network graph, this paper developed optimal response models. • Several researchers recently have conducted related work in modeling and simulation attacks over the Internet. • However, these studies did not investigate attack-spread patterns, and they omit the interactions among compromised hosts. • This paper’s model takes the collaboration network graph as input and uses optimization techniques to calculate the threat level for each grid participant.

  7. Introduction and background • This paper considers how to optimally respond to attacks in open grid environments. • This paper’s goal is to minimize the threat levels for all participants while maximizing the grid productivity.

  8. Agenda • Introduction and background • Collaborations in open grids and collaboration network graph model • Estimating the threat levels • Modeling optimal response to network attacks • Responding by closing sites • Responding by closing and monitoring links • Numerical experience • Extensions and conclusions

  9. Collaborations in open grids • A grid resource is a computing element or a storage element. • A grid site is defined as a collection of grid resources under a single administrative domain. • In grid computing, a science experiment is modeled as a Virtual Organization (VO). • The VO Management Service (VOMS) and the Community Authorization Service (CAS) are two tools developed to capture authorization-related collaboration rules for VOs. • Sites that wish to contribute to a VO contacts a VOMS or CAS server.

  10. Collaborations in open grids • A VO can access various resources, some of which are owned by the VO and dedicated to VO usage, some are owned by other parties, such as a grid site, but dedicated to the VO usage, some are owned by grid sites and shared across multiple VOs. • A realistic model should include both resources and scientists, and should indicate how they are interconnected. • The goal of this paper’s model is to demonstrate how an attack can spread across scientists and resources due to this interconnectedness.

  11. Collaborations in open grids

  12. Collaborations in open grids • four types of linkage between resources and humans: (1) two resources are linked because the same user can access to both resources.

  13. Collaborations in open grids • four types of linkage between resources and humans: (2) two users are linked because they use the same resource.

  14. Collaborations in open grids • four types of linkage between resources and humans: (3) two users are linked because they belong to the same VO.

  15. Collaborations in open grids • four types of linkage between resources and humans: (4) two resources are linked because they contribute to the same VO but there is no common user between them.

  16. Collaboration network graph model • Based on these 4 linkage types, this paper develops a collaboration network graph model. • This paper’s model in its initial phase considers only the linkage type 1, resources with common users. • The collaborations in grid is modeled as an undirected graph by , where ɛ is the set of edges {i, j} for i, j ϵS, and S represents the set of grid resources or grid site. An edge {i, j} exists if and only if there exists at least one common user between sites i and j. Site i Site j

  17. Collaboration network graph model • Existing grid models so far focus on so-called observable interactions. • The collaboration network graph model is that it captures non-obvious linkages between resources and scientists based on security assessment of observable interactions. • Based on this model, we can understand how a security threat can spread across the grid and how we can contain it most optimally.

  18. Collaboration network graph model • Data • This paper implemented the collaboration network graph model based on the data which received from the Open Science Grid. • The OSG has 150 registered grid resources, approximately 8000 users with 46 registered VOs. • For resources r1, r2 ϵ R(R is the set of grid resources), we consider r1 linked to r2 if r1 and r2 are both used by some user u ϵ U, where U is the set of scientists in OSG.

  19. Collaboration network graph model Site

  20. Agenda • Introduction and background • Collaborations in open grids and collaboration network graph model • Estimating the threat levels • Modeling optimal response to network attacks • Responding by closing sites • Responding by closing and monitoring links • Numerical experience • Extensions and conclusions

  21. Estimating the threat levels • Notation

  22. Estimating the threat levels • Notation

  23. Estimating the threat levels • Notation

  24. Estimating the threat levels • The threat level clearly depends on the collaboration network graph and the open grids, and we assume that sites where an attack has been detected have threat levels equal to one. • We let S be the set of all sites, and we assume that we are given a partition of S into compromised sites, Sc , and uncompromised sites, Su, and ɛ be the set of edges. • The weight of an edge {i, j} ϵ ɛ can be defined as the number of common users between site i and j.

  25. Estimating the threat levels • This paper assumes that the threat ti to site i from a connected site j, is proportional to the product of the threat level and load of site j. • Hence, the threat level at site i can now be obtained by solving the following system:

  26. Estimating the threat levels • This paper gives a sufficient condition that ensures that the threat levels (ti) are between zero and one.

  27. Agenda • Introduction and background • Collaborations in open grids and collaboration network graph model • Estimating the threat levels • Modeling optimal response to network attacks • Responding by closing sites • Responding by closing and monitoring links • Numerical experience • Extensions and conclusions

  28. Modeling optimal response to network attacks • Local security contacts can respond to an attack by shutting down or monitoring parts of a network. • This response has two competing goals: 1. Reduce the threat to ‘‘uncompromised” sites as much as possible. 2. Minimize the impact of the response on the remaining grid or maximizing the utility of the grid.

  29. Modeling optimal response to network attacks • Responding by closing sites • This paper models the closure of a site (all edges associated with it are closed) with a binary decision variable: • And define the utility of the network as the total number of users (might not be unique users) that can continue to use the network:

  30. Modeling optimal response to network attacks • Responding by closing sites • This paper assumes that closing a site stops the spread of an attack from that site. • only the threat level for those open sites is interesting to us, we can modify Eq. (4.2) as • Hence, the threat level for any closed sites is set explicitly to 0.

  31. Modeling optimal response to network attacks • Responding by closing sites • To avoid the solution of a multiobjective integer optimization problem, this paper adds a constraint on the maximum allowable threat level,tj <= Tj, j ϵ Su. • This approach corresponds to goal programming in multiobjective optimization and allows us to trace the Pareto set of solution of the multiobjective optimization problem. • Thus, we have one objective (network utility) and one constraint (threat level). A

  32. Modeling optimal response to network attacks • Responding by closing sites • But the objective and the constraint both contain the bilinear term xixj, which is nonconvex. We can easily linearize this term by introducing new variables uij defined as • We then exploit the binary domain of xi and xj to linearize this equation:

  33. Modeling optimal response to network attacks • Responding by closing sites • The bilinear term xixj can be avoided by introducing new variable uij, but there is still a bilinear term tjuij in threat level. • In addition, the set of constraints for vij, as in (4.5), can be tightened as follows:

  34. Modeling optimal response to network attacks • Responding by closing sites • Keep up as many as possible sites even if they were compromised, with the criterion that the threat for each uncompromised open site i is still less than the threshold Ti. • Before shutting down any uncompromised site, it should be better to shut down some compromised sites and check to see whether this action will save the uncompromised site.

  35. Modeling optimal response to network attacks • Responding by closing sites • first optimal response model can be summarized as the following mixed-integer program (MIP):

  36. Modeling optimal response to network attacks • Responding by closing and monitoring links • A downside of this model is that we introduce more binary variables (two per link rather than one per node in the network). • This paper models the two actions (shutting down or monitoring a link) with two binary decision variables.

  37. Modeling optimal response to network attacks • Responding by closing and monitoring links • we can monitor only those links that are open. • In the case where both end points of a link are compromised sites, we strengthen this constraint to • an upper bound on the number of links that can be monitored, which becomes a resource constraint of the form

  38. Modeling optimal response to network attacks • Responding by closing and monitoring links • The utility of the network is again defined as the total number of users who can continue to use the network, which now becomes • If we close a connection, then we stop the spread of an attack along that link. If we monitor a connection, then this paper assume that the threat level is reduced by a constant factor (1-D) for some discount rate 0 < D < 1.

  39. Modeling optimal response to network attacks • Responding by closing and monitoring links • a new set of variables • We can now exploit the binary domain of the variables yij and zij to derive the following equivalent linear formulation:

  40. Modeling optimal response to network attacks • Responding by closing and monitoring links • This paper models the second objective (minimize the threat level) as a constraint, and obtain the following MIP:

  41. Agenda • Introduction and background • Collaborations in open grids and collaboration network graph model • Estimating the threat levels • Modeling optimal response to network attacks • Responding by closing sites • Responding by closing and monitoring links • Numerical experience • Extensions and conclusions

  42. Numerical experience • This paper constructed two data sets for numerical experiments. The first data set is a toy problem (TOY), and the next data set is derived from usage data from the Open Science Grid for periods December 15–21, 2008 (OSG). • For each data set this paper chooses 1, 2, 3, or 4 compromised sites and hence obtained total eight problem instances.

  43. Numerical experience

  44. Numerical experience

  45. Numerical experience

  46. Numerical experience

  47. Numerical experience • In reality, it may be much more complicated, but for simplification in testing the models, this paper sets • This paper implemented models in the modeling language GAMS and used the MIP solver CPLEX to solve the resulting problems. • The numerical experiments were conducted on a desktop Linux machine with Intel Core2 DUO CPU 6300 @ 1.86 GHz, 1 GB RAM.

  48. Numerical experience • First model (4.8) the number of binary variables equals the number of uncompromised sites (plus 1 for the additional variable p), and the optimal solution can be reached quickly.

  49. Numerical experience • The next model (4.11) improves the usability ratio, as shown in Table 7.

  50. Numerical experience closed link Link is monitored compromised site the site needed to be shut down

More Related