1 / 32

Secure Distributed Objects for Grid Applications

Laurent Baduel, Arnaud Contes, Denis Caromel OASIS team http://www.inria.fr/oasis ProActive http://proactive.objectweb.org. Secure Distributed Objects for Grid Applications. Outline. Context ProActive overview Abstract Deployment model Security Model Security Entities

mariah
Download Presentation

Secure Distributed Objects for Grid Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Laurent Baduel, Arnaud Contes, Denis Caromel OASIS team http://www.inria.fr/oasis ProActive http://proactive.objectweb.org Secure Distributed Objects for Grid Applications

  2. Outline • Context • ProActive overview • Abstract Deployment model • Security Model • Security Entities • Security Policies • Example • Conclusion

  3. The ProActive Middleware A Java API + Tools for Parallel & Distributed Computing • A uniform framework : Active Object (AO) pattern • one thread, owns passive objects, remotely accessible • Programming model : • groups, mobility, components, security • A formal model • Determinism, Insensitivity to deployment

  4. Deployment Model • Virtual Nodes : • Identified as a string name, used in program source, configured (mapped) in an XML descriptor file • 2 distinct steps : Development Source Code Deployment XML Descriptor Active Objets  VN VN  Runtimes (JVMs)  Hosts

  5. A ProActive Application Virtual Node 1 Passive object Virtual Node 3 Active object Virtual Node 2

  6. Multiple Deployment Issues Different Deployments  Different Security Policies One Host Cluster Grid

  7. Issues & Goals • Authentication of Computers, Users, and Applications • Creation, connection to, and monitoring of activities • Authentication, Integrity and Confidentiality (AIC) of communications • Several levels of security policies: users, resource providers, administrators Main objective : Facilitate the use and the management of security features by removing them from the source code

  8. Outline • Context • ProActive overview • Abstract Deployment model • Security Model • Security Entities • Security Policies • Example • Conclusion

  9. Security Entity Model • Generic definition, composed of a security manager and a protected object • Subject of security policies • Transparent for the protected object (meta object protocol) • No supposition on the protected object (runtimes, nodes, active objects, …) • Hierarchical structure

  10. Security Entities • Security Manager: • Entity ID • Security Policies • Session Manager Negotiation protocol • Security Manager: • Entity ID • Security Policies • Session Manager Secured communications Normal communications Protected Object

  11. Application Authentication • SPKI : • Certificate chain • No Certificate Authority Application certificate User certificate certificates for active objects, nodes Certificate chain

  12. Hierarchical Security Policies Dn D0 Accept Deny Accept Deny Accept Deny Accept Deny Accept Deny Runtime VN AO Administrator policy • Security policy is defined according all matching rules from: • Domains / Runtime • Virtual Node • Active Object Application-level policy Final Security policy Resource provider policy

  13. Interactions: JVMCreation NodeCreation CodeLoading ObjectCreation ObjectMigration Request Reply Listing Entities: Domain User Virtual Node Object Security Rule Entities -> Entities : Interactions # Security Attributes • Attributes: • Authentication • Integrity • Confidentiality • Each attribute can be: • Allowed • Optional • Disallowed

  14. DescriptorSecurity Model • A key principle: • Specify security policies in the XML deployment, NOT IN SOURCE CODE ! • In program source: • Virtual Node (VN, a string name) • In XML descriptors: • List of policy rules between virtual nodes, runtimes, domains, …

  15. Security Example • 2 domains GridA & GridB with security policies • Domain [GridA] -> Domain [GridB] : Q,P,M # [+A,+I,+C] • Domain [GridB] -> Domain [GridA] : Q,P,M # [+A,+I,+C] • Application : • 2 Virtual Nodes (vn1,vn2) • 2 Active objects

  16. Descriptor with Security VirtualNodes: vn1, vn2 SECURITY: VN [vn1] -> VN [vn2] : Q,P # [?A,?I,?C] VN [vn1] -> VN [vn2] : M # Forbidden VN [vn2] -> VN [vn1] : Q,P # [?A,?I,?C] VN [vn2] -> VN [vn1] : M # Forbidden Domain [GridA] -> Domain [GridB] : Q,P,M # [+A,+I,+C] Domain [GridB] -> Domain [GridA] : Q,P,M # [+A,+I,+C] Mapping: vn1 --> GridAComputers, GridBComputers vn2 --> GridAComputers JVMs: /…/

  17. Example: std. code, no security /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vn1"); vn2 = proActiveDescriptor.getVirtualNode("vn2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2);

  18. Example Domain GridA Domain GridB Policy rules database VN1 Runtime VN2

  19. Example Domain GridA Domain GridB Policy rules database VN1 Runtime VN2

  20. Example Rose Daliah Domain GridA Domain GridB Policy rules database VN1 Runtime VN2

  21. Example Rose Daliah Domain GridA Domain GridB Migration : - same VN - same domain Can I migrate to the next VN1 node ? Policy rules database VN1 Runtime VN2

  22. Example Rose Daliah Domain GridA Domain GridB Migration : - same VN - same domain 1 - Retrieve VN policy 2 - migration allowed Policy rules database VN1 Runtime VN2

  23. Example Rose Daliah Domain GridA Domain GridB Migration : - same VN - same domain Policy rules database VN1 Runtime VN2

  24. Example Rose Daliah Negotiated Policy: Rose -> Daliah : [?A,?I,?C] Domain GridA Domain GridB Migration : - same VN - same domain Receive a method call : Daliah -> Rose : [?A,?I,?C] Perform a method call Rose -> Daliah : [?A,?I,?C] Policy rules database VN1 Runtime VN2

  25. Example Rose Daliah Domain GridA Domain GridB Migration : - same VN - same domain VN1 Runtime Policy rules database VN2

  26. Example Rose Daliah Domain GridA Domain GridB Migration : - same VN - other domain Can I migrate to the next VN1 node on GridB domain? Policy rules database VN1 Runtime VN2

  27. Example Rose Daliah Domain GridA Domain GridB Migration : - same VN - other domain 1- VN1 policy -> none 2- GridA -> GridB : [+A,+I,+C] 3- migration with [+A,+I,+C] Policy rules database VN1 Runtime VN2

  28. Example Rose Daliah Domain GridA Domain GridB Migration : - same VN - other domain Policy rules database VN1 Runtime VN2

  29. Example Rose Daliah Negotiated Policy: Rose -> Daliah : [+A,+I,+C] Domain GridA Domain GridB Method call : - other VN - other domain From Rose --> Daliah Receive a method call : Daliah -> Rose : [+A,+I,+C] Perform a method call Rose -> Daliah : [+A,+I,+C] Policy rules database VN1 Runtime VN2

  30. Example Rose Daliah Domain GridA Domain GridB Migration : - other VN From Rose --> Daliah NO ! Migration to VN2 ? VN1 -> VN2 : [-M] Policy rules database VN1 Runtime VN2

  31. Conclusion • Transparent to application • Take care of a hierarchy of security policies • Security can be adapted to application deployment

  32. Thank you for your time Questions ?

More Related