Grid security issues
1 / 10

Grid Security Issues - PowerPoint PPT Presentation

  • Uploaded on

Grid Security Issues. Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine. Grid Security Issues. Grid Security Issues can be partitioned into three main categories - Architecture level; - Infrastructure level; Management level.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Grid Security Issues' - taro

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Grid security issues

Grid Security Issues

Shelestov Andrii

Space Research Institute NASU-NSAU, Ukraine

Grid security issues1
Grid Security Issues

  • Grid Security Issues can be partitioned into three main categories

  • - Architecture level;

  • - Infrastructure level;

  • Management level.

  • Architecture security issues are related to the whole architecture of the Grid.

  • They are referred to:

    • Information security - data confidentiality and integrity

    • Authorization - resource level authorization

    • Service - service level security issues

  • Infrastructure security issues are related to network and host components, which constitutethe grid infrastructure. These problems can be divided into the next sub-categories:

    • Host level - data protection, job starvation, and host availability

    • Network - access control, secure routing and multicasting

  • Management Security issues are related to the next categories

    • Credential management

    • Trust management

    • Monitoring

  • Grid security issues general picture
    Grid Security Issues. General picture

    Architecture related issues 1 2
    Architecture Related Issues 1/2

    Information security

    This kind of security related to the information exchanged between different hosts or between hosts and users

    • Existing solutions

      • Grid Security Infrastructure (GSI) defines Security Standards for Grid and based on a concept of theVirtual Organization (VO)

        • Secure Communication: Based on PKI; assuming the existence of authorized CA; X.509 certificates;and SSL/TLS protocols for data encryption

    • Integration with Kerberos

      • Kerberos is one of the most popular authentication systems used in enterprises

      • Current version of GSI does not support Kerberos-based interaction

        • but Kerberosgateway can provide a bridge with GSI gateway and vice versa

    Architecture related issues 2 2
    Architecture Related Issues 2/2

    • Authorization

      • Particularly important for systems, where the resources are shared between multiple departments or organizations

      • Existing Solutions

        • VO Level Components: centralized authorization systems for an entire VO

          • Examples: Community Authorization Service (CAS) Virtual Organization Membership Service (VOMS), and Enterprise Authorization and Licensing System (EALS)

        • Resource Level Components: implements the decision to authorize the access to a set of resources

          • Examples: Akenti, Privilege and Role Management Infrastructure Standards Validation (PERMIS), and the GridMap solution

    Infrastructure related issues 1 1
    Infrastructure Related Issues 1/1

    • Host and Network level Solutions provides data protection via

      • virtualization – VM deployment on the physical machine

      • sandboxing – mechanism which traps system calls and sandboxes the applications to prevent them from accessing data and memory based on certain policies

      • Access Control & Isolation:Adaptive Grid Firewalls(AGF)

    Management related issues 1 3
    Management Related Issues 1/3

    • Credential Management

      • becomes very important in a grid context asthere are multiple different systems which require varied credentials to accessthem

    • Solutions

      • Credential Repositories:to move the responsibilities of credential storage from theuser to these systems; examples include smart cards, virtual smart cards, and MyProxy Online CredentialRepository

      • Credential Federation Systems: used for managing credentials across multiple systems, domains, and realms; examples include VCMan (a specific solution for grid and Community Authorization Service (CAS)), KX.509 is a protocol which provides interoperability between X.509 and Kerberos systems

    Management related issues 2 3
    Management Related Issues 2/3

    • Trust Management

      • crucial in a dynamic grid scenario where grid nodes and users join and leave the system

    • Existing Solutions

      • Reputation Based: based on trust metrics derived from local and global reputation of a system or an entity; examples include PeerTrust, XenoTrust, NICE, Secure Grid Outsourcing (SeGO) systems

      • Policy Based: different entities or components constituting the system, exchange and manage credentials to establish the trust relationships based on certain policies; examples include PeerTrust Trust Negotiation and TrustBuilder

    Management related issues 3 3
    Management Related Issues 3/3

    • Monitoring

      • Essential in grid scenarios primarily for two reasons

        • different organizations or departments can be charged based on their usage

        • resource related information can be logged for auditing or compliance purposes

    • Existing Solutions

      • System Level: open source and popular system monitoring tools include Orca, Mon, Aide, Tripwire, etc.

      • Cluster Level: include Ganglia from University of Berkeley and Hawkeye from University of Wisconsin Madison

      • Grid Level: R-GMA, Globus Monitoring and Discovery Systems (MDS), Management of Adaptive Grid Infrastructure (MAGI), and GlueDomains


    Grid is the middleware, which supports different and up-to-date security mechanisms:

    • Uses the digital certificates (X.509 and KX.509 (Kerberos))

    • Supports delegation of the rights based on proxy certificates

    • Supports different level security mechanisms

    • Gives the VO possibilities

    • Provides Single Sign On registration

    • Supports encryption on the transport or message level (TLS/MLS protocols)

    • Can use different realizations of third parties security components