Security and Certification Issues in Grid Computing - PowerPoint PPT Presentation

libitha
security and certification issues in grid computing l.
Skip this Video
Loading SlideShow in 5 Seconds..
Security and Certification Issues in Grid Computing PowerPoint Presentation
Download Presentation
Security and Certification Issues in Grid Computing

play fullscreen
1 / 40
Download Presentation
Security and Certification Issues in Grid Computing
182 Views
Download Presentation

Security and Certification Issues in Grid Computing

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Security and Certification Issuesin Grid Computing Ian Foster Mathematics and Computer Science Division Argonne National Laboratory and Department of Computer Science The University of Chicago http://www.mcs.anl.gov/~foster International Workshop on Certification and Security in E-Services (CSES 2002), Montreal, Canada, Aug 28

  2. Partial Acknowledgements • Grid computing, Globus Project, and OGSA • Carl Kesselman @ USC/ISI, Steve Tuecke @ANL • Talented team of scientists and engineers at ANL, USC/ISI, elsewhere (see www.globus.org) • Open Grid Services Architecture (OGSA) • Karl Czajkowski @ USC/ISI, Jeff Nick, Steve Graham, Jeff Frey @ IBM, www.globus.org/ogsa • Grid security, OGSA Security, CAS • Frank Siebenlist, Von Welch, Laura Pearlman • Support from DOE, NASA, NSF, IBM, Microsoft

  3. Overview • What is the Grid anyway? • And what’s it got to do with e-services? • Grid security & certification issues • Demands of virtual organizations—and Grid approach to addressing these demands • Implementation approach • Globus Toolkit & Grid Security Infrastructure • Open Grid Services Architecture (OGSA) • OGSA security architecture • Summary

  4. Overview • What is the Grid anyway? • And what’s it got to do with e-services? • Grid security & certification issues • Demands of virtual organizations—and Grid approach to addressing these demands • Implementation approach • Globus Toolkit & Grid Security Infrastructure • Open Grid Services Architecture (OGSA) • OGSA security architecture • Summary

  5. E-Science: The Original Grid Driver • Pre-electronic science • Theorize &/or experiment, in small teams • Post-electronic science • Construct and mine very large databases • Develop computer simulations & analyses • Access specialized devices remotely • Exchange information within distributed multidisciplinary teams • Need to manage dynamic, distributed infrastructures, services, and applications

  6. And Thus: The Grid “Resource sharing & coordinated problem solving in dynamic, multi-institutional virtual organizations”

  7. Human Models Grids at NASA: Aviation Safety Wing Models • Lift Capabilities • Drag Capabilities • Responsiveness Stabilizer Models Airframe Models • Deflection capabilities • Responsiveness Crew Capabilities - accuracy - perception - stamina - re-action times - SOPs Engine Models • Braking performance • Steering capabilities • Traction • Dampening capabilities • Thrust performance • Reverse Thrust performance • Responsiveness • Fuel Consumption Landing Gear Models

  8. Life Sciences: Telemicroscopy DATA ACQUISITION PROCESSING,ANALYSIS ADVANCEDVISUALIZATION NETWORK COMPUTATIONALRESOURCES IMAGING INSTRUMENTS LARGE DATABASES

  9. Galaxy cluster size distribution Chimera Virtual Data System + GriPhyN Virtual Data Toolkit + iVDGL Data Grid (many CPUs) Sloan Digital Sky Survey Analysis Size distribution of galaxy clusters? www.griphyn.org/chimera

  10. ~PBytes/sec ~100 MBytes/sec Offline Processor Farm ~20 TIPS There is a “bunch crossing” every 25 nsecs. There are 100 “triggers” per second Each triggered event is ~1 MByte in size ~100 MBytes/sec Online System Tier 0 CERN Computer Centre ~622 Mbits/sec or Air Freight (deprecated) Tier 1 FermiLab ~4 TIPS France Regional Centre Germany Regional Centre Italy Regional Centre ~622 Mbits/sec Tier 2 Tier2 Centre ~1 TIPS Tier2 Centre ~1 TIPS Caltech ~1 TIPS Tier2 Centre ~1 TIPS Tier2 Centre ~1 TIPS HPSS HPSS HPSS HPSS HPSS ~622 Mbits/sec Institute ~0.25TIPS Institute Institute Institute Physics data cache ~1 MBytes/sec 1 TIPS is approximately 25,000 SpecInt95 equivalents Physicists work on analysis “channels”. Each institute will have ~10 physicists working on one or more channels; data for these channels should be cached by the institute server Pentium II 300 MHz Pentium II 300 MHz Pentium II 300 MHz Pentium II 300 MHz Tier 4 Physicist workstations Data Grids for High Energy Physics

  11. Resource Sharing within “VOs” is Not Unique to Science! • Fragmentation of enterprise infrastructure • Driven by cheap servers, fast nets, ubiquitous Internet, eBusiness workloads • Need to configure distributed collections of services to deliver specified QoS • Virtualization • Emerging service infrastructure, utility computing models, economies of scale • Services dynamically instantiated across device spectrum • B2B, B2C, C2C interactions

  12. Distributed service management Resource & service aggregation Delivery of virtualized services with QoS guarantees Dynamic, secure service discovery & composition Virtualization andDistributed Service Management Larger, more integrated More connected Dynamically provisioned Less capable, integrated Less connected User service locus Device Continuum

  13. Grid Computing Grid Computing By M. Mitchell Waldrop May 2002 Hook enough computers together and what do you get? A new kind ofutility that offers supercomputer processing on tap.Is Internet history about to repeat itself?

  14. Challenging Technical Requirements • Dynamic formation and management of virtual organizations • Discovery & online negotiation of access to services: who, what, why, when, how • Configuration of applications and systems able to deliver multiple qualities of service • Management of distributed state within infrastructures, services, and applications • Open, extensible, evolvable infrastructure

  15. Challenging Technical Requirements • Dynamic formation and management of virtual organizations • Discovery & online negotiation of access to services: who, what, why, when, how • Configuration of applications and systems able to deliver multiple qualities of service • Management of distributed state within infrastructures, services, and applications • Open, extensible, evolvable infrastructure Security and Certification Issues

  16. Overview • What is the Grid anyway? • And what’s it got to do with e-services? • Grid security & certification issues • Demands of virtual orgs—and Grid approach to addressing these demands • Implementation approach • Globus Toolkit & Grid Security Infrastructure • Open Grid Services Architecture (OGSA) • OGSA security architecture • Summary

  17. Grid Security & Certification • Challenges include • Dynamic group membership and trust relationships within virtual organizations • Complex computational structures extending beyond client-server: delegation • Mission-critical apps and valuable resources • Issues include • Cross-certification • Mechanisms and credentials • Distributed authorization • Secure logging and audit

  18. No Cross- Domain Trust Trust Mismatch Cross “Certification” Issue Certification Certification Authority Authority Domain B Domain A Policy Policy Authority Authority Task Server Y Server X Sub-Domain A1 Sub-Domain B1

  19. Cross-Certification • Cross-certification at corporate level difficult • Legal implications, liability, bureaucracy • Address trust at user/resource level! • Many business relationships do not require involvement of President/CEO … • Virtual organization as bridge • Federate through mutually trusted services • Local policy authorities rule … • Assertions language for trust relationships • WS-Trust, WS-Federation, WS-Policy

  20. Certification Authority Authority Policy Policy Authority Authority Sub-Domain B1 Sub-Domain A1 Domain B Task Server X Server Y Grid Solution:Use Virtual Organization as Bridge No Cross- Domain Trust Certification Domain A Federation Service common mechanism Virtual Organization Domain

  21. Mechanism and Credential Issue • Different mechanisms & credentials • X.509 vs Kerberos, SSL vs GSSAPI, X.509 vs. X.509 (different domains) • X.509 attribute certs vs SAML assertions • Need for common mechanism • GSI-SecureConversation • Need for credential federation services • Obtain X.509 creds with Kerberos ticket • Obtain Kerberos ticket with X.509 creds • Cross X.509 or Kerberos domains/realms

  22. Example:Kerberos-X.509 Federation • Requestor: Kerberos realm • Server: X.509-based domain (only authenticates requestors with X.509 creds) • VO provides Kerberos-CA federation service • Has Kerberos identity within requestor’s realm • Kerb-CA cert is trusted within server-side VO • Kerb-CA issues (short-lived) X.509-certs that assert requestor’s Kerberos principal name • Requestor’s runtime is “X.509-enabled” • Server’s access control policy within the VO is based on requestor’s Kerberos principal name

  23. Kerberos-X.509 Federation Service Kerberos Realm X.509 Domain Kerberos-CA Svc Policy Authority Kerberos Ticket trusts Krb-CA issued certs enforcement on requestor's X.509 cert principal name X.509 secured protocol Requestor Server Virtual Organization Domain

  24. Grid Authorization/Policy Issue • Resources may not know foreign requestors • Impairs fine-grained policy admin • Outsource policy admin to req’s sub-domain • Enables fine-grained policy • “Community Authorization Service” (CAS) • Resource owner sets course-grained policy rules for foreign domain on “CAS-identity” • CAS sets policy rules for its local users • Requestors obtain capabilities from their local CAS that get enforced at the resource

  25. Community Authorization Service Domain A Domain B Sub-Domain B1 Sub-Domain A1 Policy Authority Community Authorization Svc enforcement CAS identity on CAS-identity and "trusted" requestor's capabilities capability assertions request + CAS assertions Server Requestor Virtual Organization Domain

  26. Security Services & VO Requestor's Service Provider's Domain Domain Trust Trust Service Service Attribute Authorization Authorization Attribute Service Service Service Service Audit/ Audit/ Privacy Privacy Secure-Logging Secure-Logging Service Service Service Service Credential Credential Validation Validation Service Service Bridge/ Translation Service Service Requestor WS-Stub Secure Conversation WS-Stub Provider Application Application Credential Credential Validation Validation Service Service Authorization Authorization Service Service Attribute Attribute Service Service Trust Trust Service Service VO Domain

  27. Secure Logging and Audit • Robust, secure audit infrastructure is essential for commercial Grid deployment • Natural audit “code-points” in OGSA runtime • User’s credentials, authorization decisions, invoked portTypes, parameter values, etc. • Allows for secure logging transparent and independent from applications • Standard call-outs to external security services • More relevant audit code-points • XML facilitates audit-entry filtering & mgmt

  28. Transparent Audit Code-Points All service invocations and policy decisions within stubs are “natural” audit code-points

  29. Overview • What is the Grid anyway? • And what’s it got to do with e-services? • Grid security & certification issues • Demands of virtual organizations—and Grid approach to addressing these demands • Implementation approach • Globus Toolkit, Grid Security Infrastruct. • Open Grid Services Architecture (OGSA) • OGSA security architecture • Summary

  30. The Grid World: Current Status • Many major Grid projects in scientific & technical computing/research & education • Open source Globus Toolkit™ a de facto standard for major protocols & services • Simple protocols & APIs for authentication, discovery, access, etc.: infrastructure • Information-centric design • Large user and developer base • Multiple commercial support providers • Global Grid Forum: community & standards • Emerging Open Grid Services Architecture

  31. Grid Security Infrastructure • Uniform authentication & authorization mechanisms in multi-institutional setting • Single sign-on, delegation, identity mapping • Public key tech, SSL/TLS, X.509, GSS-API • Internet/GGF drafts document extensions • Supporting infrastructure • Certificate Authorities • Online credential repository • Kerberos-X.509 federation server • Etc., etc., etc.

  32. Single sign-on via “grid-id” & generation of proxy cred. Or: retrieval of proxy cred. from online repository Remote process creation requests* GSI-enabled GRAM server Authorize Map to local id Create process Generate credentials Ditto GSI-enabled GRAM server Process Process Communication* Local id Local id Kerberos ticket Restricted proxy Remote file access request* Restricted proxy User Proxy GSI-enabled FTP server Proxy credential Authorize Map to local id Access file * With mutual authentication GSI in Action: “Create Processes at A and B that Communicate & Access Files at C” User Site B (Unix) Site A (Kerberos) Computer Computer Site C (Kerberos) Storage system

  33. Grid Evolution:Open Grid Services Architecture • Goals • Refactor Globus protocol suite to enable common base and expose key capabilities • Service orientation to virtualize resources and unify resources/services/information • Embrace key Web services technologies for standard IDL, leverage commercial efforts • Result = standard interfaces & behaviors for distributed system mgmt: the Grid service • Standardization within Global Grid Forum • Open source & commercial implementations

  34. GridService (required) … other interfaces … (optional) Service data access Explicit destruction Soft-state lifetime Standard: - Notification - Authorization - Service creation - Service registry - Manageability - Concurrency + application-specific interfaces The Grid Service =Interfaces/Behaviors + Service Data Service data element Service data element Service data element Binding properties: - Reliable invocation - Authentication Implementation Hosting environment/runtime (“C”, J2EE, .NET, …)

  35. WS Security ArchitectureCurrent/Proposed Specifications WS-Secure Conversation WS-Federation WS-Authorizatn Composable architecture “only use what you need” WS-Policy WS-Trust WS-Privacy today WS-Security time SOAP Foundation

  36. Grid Security and OGSA • OGSA security roadmap defines a set of required services and indicates for each if • Is provided by WS Security specs • May be provided by WS Security specs • Requires standardized profile/mechanisms and/or extensions for WS Security specs • Addresses, for example • GSISecureConversation • Standardized policy services • Standardized audit services • Etc., etc., etc.

  37. OGSA Security Components Intrusion Credential and Access Control Secure Audit & Identity Translation Detection Conversations Non-repudiation Enforcement ( ) Single Logon Anti-virus Management Mapping Authorization Service/End-point Privacy Policy Policy Rules Policy Policy Management (authorization, privacy, federation, etc) Policy Expression and Exchange Trust Model Secure Logging User Management Bindings Security Key (transport, protocol, message security) Management

  38. Overview • What is the Grid anyway? • And what’s it got to do with e-services? • Grid security & certification issues • Demands of virtual organizations—and Grid approach to addressing these demands • Implementation approach • Globus Toolkit & Grid Security Infratructure • Open Grid Services Architecture (OGSA) • OGSA security architecture • Summary

  39. Summary • The Grid: resource sharing & coordinated problem solving in virtual organizations • Challenging security & cert. requirements • OGSA security architecture addresses Grid certification, federation, bridging issues • Leverages WS Security standards & OGSA • Standardized security services, profiles, and mechanisms • Open source Globus Toolkit and commercial implementations

  40. For More Information • The Globus Project™ • www.globus.org • Technical articles • www.mcs.anl.gov/~foster • Open Grid Services Arch. • www.globus.org/ogsa • Global Grid Forum • www.gridforum.org • Chicago, Oct 15-17