Upload
dustin
View
27
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Implementing Grid Security Concepts EU FP6 Projects AssessGrid & GridTrust. Syed Naqvi [email protected]. 07 September 2007, Budapest - Hungary. Acknowledgements. AssessGrid Project Consortium Particularly Stéphane Mouton Karim Djemame GridTrust Project Consortium Particularly - PowerPoint PPT Presentation
Citation preview
Implementing Grid Security Concepts
EU FP6 Projects
AssessGrid & GridTrustSyed Naqvi
07 September 2007, Budapest -
Hungary
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
2
Acknowledgements Acknowledgements
AssessGrid Project Consortium
• Particularly
- Stéphane Mouton
- Karim Djemame
GridTrust Project Consortium
• Particularly
- Chritophe Ponsard
- Philippe Massonet
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
3
Security ArchitectureSecurity Architecture
SecurityFeatures
orServices
AssetsAssets
Attackers/Intruders/Malfeasors
Requirements& Policies
SecurityMechanisms
Security Architecture
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
4
Security FundamentalsSecurity Fundamentals
AuthenticationVerification of the identity of a person or process
AuthorizationDetermination of what an entity is allowed to doDetermination of what an entity is allowed to do
ConfidentialityPrevention of unauthorized disclosure of information
IntegrityPrevention of data from being inappropriately changed
AvailabilityAssuring the disposition of resources to the users
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
5
Security FundamentalsSecurity Fundamentals
AuthenticationChallenge-response, biometric, certificates, tickets, UID
AuthorizationAccess Control, RBAC, CAS, …Access Control, RBAC, CAS, …
ConfidentialityBell-LaPadula Model
IntegrityBiba Model, Clark-Wilson Model
AvailabilitySecurity Policy
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
6
Grid Security - Specific Aspects
Grid-specificHuge bunch of nodes, dynamic creation of VOs, …
Virtual ParadigmAbstraction, Implementation Independent, …
Adaptable FeaturesVision of OGSA Security Model
Standard Security PracticesRisks analysis, evaluation criteria, simulations, …
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
7
Some Some MisunderstandingsMisunderstandings
Login/password is sufficientIn-depth Security
Cryptography is a silver bulletAvailability, Denial of Service, …
No security for non-confidential dataIntegrity, Availability, …
Ideal Security is the Pre-condition of UseeBusiness Applications
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
8
Trust RequirementsTrust Requirements
Identification, Access Control, Privacy, …
User-based Trust RelationshipsIf a user has the right to use sites A and B, the user should be able to use sites A and B together without requiring the security administrators from sites A and B to interact.Conflict of Interests may arise – Data isolation is to be assured
Distributed Trust EvaluationThe decentralized nature of administration makes it difficult to establish and propagate trust.
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
9
Non-History-based Trust EstablishmentIf there is no trust among parties and there is no mechanism to build some trust based on a history of previous interactions.
Delegation of trustDecentralized hierarchical administration, scalability of certificate issuing capacity, …
Trust RequirementsTrust Requirements
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
10
Continuous monitoring of the changes to the trust level of each node
Dynamic evaluation of the trust relationships, broadcast the presence of a malicious node in the environment, …
Consideration of context and stateDetermination of the access control on the basis of user’s location and the state of the user’s environment.
Trust RequirementsTrust Requirements
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
11
Analyses
Requirements AnalysisFunctional requirements
Non-functional requirements
Goal-based
Business AnalysisStrategy
Organisational capabilities
Return on Investment
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
12
Risks AnalysisProbability of loss(es)
Associated costs (compensations etc.)
Threats AnalysisPotential threats/attacks
Countermeasures
Forensic AnalysisPost-accident analysis
Digital fingerprinting
Analyses
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
13
Risk Management in Grids
Grid technologies reached high level of development
Large-scale Grid deployment needsCommercial Grid providers and services
Working demonstrators in different areas
Standardisation efforts for access and interoperability
Early adopters underline core shortcomings Quality of Service guaranteed resource usage over time
Security, Trust, and Dependability
Service Level Agreements (SLAs) address shortcomings
Definition of business relationship
Forces development of QoS-aware middleware/OS
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
14
Service Level AgreementsSpecified amount and quality of resources over certain time mandatory to reach desired performance
Delegation of particular resource capabilities over a defined time interval from resource owner to requesterSLA as explicit statement of expectations and obligations in a business relationship between service provider and customer
Se
rvic
e L
ev
el A
gre
eme
nt
Terms R-Type: HW, OS, Compiler, Software Packages, …R-Quantity: Number CPUs, main memory, …R-Quality: CPU>2GHz, Network Bandwidth, … Deadline: Date, Time,…Policies: Demands on Security and Privacy, …
Price for Resource Consumption (fulfilled SLA)Penalty Fee in case of SLA violation
Contract Parties, Responsible Persons
ID or Description of SLAName
Context
Se
rvice
Le
vel A
gre
eme
nt
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
15
Grid Providers and SLAs
SLAs needed, but providers are cautious about adoptionWhy? Business case risk
Missing indicators QoS level to be
offered?
SLA violation and penalties due failures, DoS attacks, overloading
Enough resources for
Grid jobs?
Fault tolerance available?
Actions to be initiated?
What is the risk of accepting an SLA?
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
16
Grid Brokers, Users and SLAs
Reliability as selection criterion
Trustable QoS level
information?
QoS?
Reliability with respect to utilisation?
QoS information service?
Decision-support for job assignment?
What is the risk of assigning an SLA?
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
17
Trust and Security for Next Generation Grids
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
18
GRIDTRUST Project
Funded by the EU Framework Programme 6 (FP6)
Specific Targeted Research Project (STREP)
Coordinator: CETIC
Project Reference: 033817
Project Cost: 3.86 M€
Project Funding: 2.2 M€
Start date: 01 June 2006
Duration: 36 months
www.gridtrust.eu
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
19
Project PartnersProject Partners
5 countries4 companies3 research institutes1 university
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
20
Partner RolesPartner RolesPartnerName
PartnerCountry
Partner Expertise
CETICBelgium
Grid dissemination, Grid Applications Engineering, Security requirements
STFCUnited
Kingdom
VO Management, Trust and reputation management, Grid Security, Grid
Middleware
IIT-CNRItaly
Security, Usage control, Grid fabric and resource management
VUA NetherlandsSecurity, Fine grained access control, Grid,
Distributed systems, privacy and forensic computing
INTItaly
Grid technology adaptor, P2P and distributed systems
HP-EIC Italy Grid technology adaptor, End user
AGOS Italy End user
MOVSpain
Distributed system technology provider, end user
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
21
GridTrust: Objectives and GridTrust: Objectives and Expected ResultsExpected Results
General Objective: definition and management of security and trust in dynamic virtual organisations
Expected results – « framework » composed of:
environnement et analysis method at all levels of the NGG architecture A reference security architecture for GridsAn open source reference implementation of the architecture, validated by several innovative business scenarios.
GRID Service Middleware
Layer
NGG Architecture
GRID Application
Layer
GRID Foundation Middleware
Layer
Network Operating
System
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
22
Dynamic VOsDynamic VOs
“ Virtual organizations are distributed business processes”
1 54
3
2
3’
Examples Supply chain (ex: Airbus) Distributed authoring Knowledge management
Services
Centralised or decentralised VO ManagementAvoid manual reconfiguration
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
23
Trust in Virtual Trust in Virtual OrganisationsOrganisations
“Since VOs are based on sharing information and knowledge, there must be a high amount of trust among the partners. Especially since each partner contribute with their core competencies”
1 54
3
2
CollaborationThreats:• Bad service (contract not respected)• Attacks – loss of information• Attacks – disruption of service• Vulnerability to attacks (bad level of security at one of the partners)• …
Need for Trust and security mechanisms
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
24
Desired Self-Organization/ Self -Protection Behavior
VO policy rules:1 54
3
2
Trust requirement: always all nodes sufficiently trusted
Security should adapt -> avoid manual intervention of operator
3’ •If trust of node x < Min trust threshold Then replace node x
3 •If trust of node x < Min trust threshold Then tighten security for node x
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
Trust and Security for Dynamic Virtual Organisations
GRID Service
Middleware Layer
NGG Architecture
GRID Application
Layer
GRID Foundation Middleware
Layer
Network Operating
System
Trust and SecurityGoals
Self-* …
…
GridTrust Framework Services and Tools
Resources
OGSA
Fine grained Continuous computational usage control
UsageControl Policies
Framework:Framework:
-Method and -Method and policy refinement policy refinement toolstools
-Security -Security architecturearchitecture
-Reference -Reference implementationimplementation
VO Policies
Dynamic VO VO Mngt
…Secure res. broker
Reputationservice
Usage Cont. service
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
26
Innovation in GridTrustInnovation in GridTrust
UCON (improves state of the art: mutable attributes, obligations, continuous enforcement)
Computational levelService level
Combining Brokering and securityCombining security with reputation
Globus reputation used for service discovery and selectionHere we want to to use reputation for authorization decision
From Business security requirements to policies (NESSI-Grid challenge)Not innovation: Glue the separate VO management components together
VOMS, CAS
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
27
From Business level security requirements to operational
policies
Business Trust and Security
Requirements
Service Trust and Security Policies
Fine Grained Computational Usage
Control Policies
GRID Application
Layer
GRID Service Middleware
Layer
GRID Foundation Middleware
Layer
Network Operating
System Layer
Policy rule examples
Confidentiality of client data
Confidential data can only be used with a
service that provides encryption with
minimal key length
Confidential data can only be sent
over a secure socket to another trusted
domain
NGG Architecture
Traceability of requirements to policies
Derivation
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
28
GridTrust Framework Integrated in OGSA
Grid
Tru
st Fram
ewo
rkG
ridT
rust F
ramew
ork
ApplicationApplication
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
29
From Access Control to Usage Control
With access control technologyTrusted usage of resources
• Access control under responsibility of software• Correct usage under responsibility of service/resource
user
With usage control technologyTrusted Usage of resources
• Access control is part of usage control under responsibility of software agent
• Correct usage- Policies respected under responsibility of software- Correct usage under responsibility of user
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
30
Updating reputation based on resource usage
Gather low level resource usage informationSLA violationsSuccessful performance
Update VO level reputationReputation at different levels
• Service• VO member• VO as a whole
Reputation based on past behavior • History • Performance
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
31
Experimentation - Innovative Business Case
StudiesDistributed Supply chain application domain
Pharmacy
Fish (EU and national regulations)
Collaborative intra or inter-enterprise knowledge management
Distributed authoringHigh-quality massive data transfers
Many actors
Can be viewed as a virtual organisation which implements a complex and articulated supply chain.
Safe and reliable data transfer services, but the distant and virtual cooperation is limited
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
32
Advanced Risk Assessment and Management for Trustable Grids
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
33
AssessGrid AssessGrid Project
Funded by the EU Framework Programme 6 (FP6)
Specific Targeted Research Project (STREP)
Coordinator: University of Paderborn
Project Reference: 031772
Project Cost: 2.64 M€
Project Funding: 1.97 M€
Start date: 01 April 2006
Duration: 33 months
www.assessgrid.eu
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
34
Project PartnersProject Partners
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
35
Partner RolesPartner Roles
PartnerName
PartnerCountry
Partner Expertise
TU BerlinGermany
Fault-tolerant mechanisms, SLA negotiation, infrastructure analysis in the Grid Fabric
PC2
GermanyScheduling, SLAs, monitoring and data
gathering in the Grid fabric, risk management
ATOSOrigin
Spain
Exploitation, implementation end-user interface:
negotiation, workflows, connection to confidence service
CETICBelgium
Requirements, verification, software quality, exploitation/dissemination
ABO AKA Finland Methods for risk assessment
Uni. Leed
s
UnitedKingdom
Broker layer: monitoring, SLA brokerage, workflows, risk adjustments with
confidence service
WincorNixdorf
GermanyBusiness perspective, requirements,
validation
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
Project GoalsProject Goals
Risk indicators as core part of SLA assignment and acceptance
Customised risk presentation for improved usability and trust
Decision/planning/management-support for QoS-aware Grids
Grid provider evaluation and competition
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
Proposed ArchitectureProposed Architecture
Generic, customisable, and interoperable open-source software for risk assessment, risk management,
and decision-support in Grids
Planning-based RMS
Monitoring
Consultant /Confidence service
Risk assessment
and management
Ad-hoc risk management
Pro
vider/ B
roker/ E
nd
-user
persp
ective
Integration in Grid fabric
Integration in Grid service
Broker service
Integration in Grid middleware
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
Risk AssessmentRisk Assessment
Research ChallengesMethods and tools for monitoring, gathering, and aggregating relevant data
• Static and dynamic data utilisation• Network-condition, overall Grid activity• Specific business policies
Methods for risk assessmentCustomised presentation of risk-related indicators
Risk granularity
End user Broker Provider
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
Risk ManagementRisk Management
Research Challenges
Develop concepts for using risk
Estimate risk
Risk-indicators for self-organising fault tolerance
Risk-aware negotiations and SLAs
Risk-based decision-support for capacity planning and infrastructure management
Aggregation of risk-indicators for objective provider ranking and competition
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
40
System OverviewSystem OverviewAim
integrate a risk-aware Service Level Agreement (SLA) model into current Grid technology
Risk awareness incorporated across three layers
Therefore an architecture designed togive resource providers the capability to perform risk assessments prior to making offersgive the broker the ability to
• assess the reliability of provider risk assessments• rank offers from different resource providers, based on risk, price and
penalty
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
41
Usage ScenariosUsage Scenarios
Broker as a mediatorEnd-user submits SLA request to broker
Once end-user selects SLA offer• Broker’s responsibility ends
• End-user interacts directly with provider
Broker as a contractorActs as a virtual provider
End-user agrees SLA with broker
Broker agrees SLAs with provider(s)
Useful to map workflows to resources
Direct SLA negotiation end-user – providerEnd-user submits SLA request to provider
End-user can query broker’s confidence service
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
42
Scenario 1: User-Provider Neg.
Get Template
Fill Template- Job description- Max. PoF- Min. Penalty
Create Offer- Set Price
SLA Request
SLA Offer
CommitContract
RMS: Resource Management System PoF: Probability of Failure
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
43
Scenario 2a: Broker = Mediator
Template Subscription
Get Templates
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
44
SLA Request
SLA Offer
Evaluate Reliability
Scenario 2a: Broker = Mediator
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
45
Commit
Scenario 2a: Broker = Mediator
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
46
Scenario 2b: Broker=Contractor
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
47
Architectural Overview
End-userPortal
BrokerRisk Assessor
Confidence Service
Workflow Assessor
ProviderNegotiation Manager
Scheduler
Risk Assessor
Consultant Service
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
48
End-User Layer – Portal Architecture
Presentationof SLA templates, requests, offersof Probability of Failure (PoF) and reliability informationof status of executing and pending jobsSLA violations and compensation (penalties)specific to user role (end user, administrator)
Follows the MVC (Model View Controller) design patternBased on GridSphere portal architecture
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
49
Broker LayerBroker Layer
• SLA Processor: Agreement and AgreementFactory WebService
• Resource Filter:Find suitable resource providers that are likely to respond
• Offer Manager:Used if broker acts as provider
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
50
Broker layer: SLA OffersBroker layer: SLA Offers
Published risk enables End-users to compare different SLA offers
Risk of failure, price, and penalty fee
Broker’s Reliability measure classifies which offers are reliable
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
51
Grid Fabric LayerGrid Fabric Layer
• Negotiation Manager
- Checks whether request complies to template
- Initiation of file transfers
• Scheduler
- Creates tentative schedules for requests
- Planning-based scheduling
• Consultant Service
- Statistical data
- Data mining methods
• Risk Assessor
• Assesses PoF for SLA offers
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
52
Current Implementation Status
Grid PortalFirst prototype deployed at Atos (Spain)
Broker – Confidence ServiceQueries data which enables Risk Assessor to calculate the providers basic confidence measure (all SLAs)
Deployed as WSRF service on the White Rose Grid (UK)
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
53
Current Implementation Status
Resource Provider - Consultant ServiceFirst prototype of the consultant service uses monitoring information collected by Ganglia/Nagios
Deployed as WSRF service at PC2 (Germany)
WS-Agreement implementationAssessGrid – uses Globus 4
Fraunhofer Institute – based on Axis 2
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
54
SUMMARY
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
55
Security and Trust issues are of paramount importance for the success of Grid endeavour.
Comprehensive solutions are needed to cope with the challenges of providing security and trust assurances to the various actors of Grids.
These solutions should include both the conventional parameters (authentication, authorisation, …) as well as contemporary parameters (negotiations, assessments, …)
The intrinsic nature of Grid should always be kept in mind (loose coupling, scalability, heterogeneity, …) while designing security and trust architectures.
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
56
GridTrust project aims helping (business) users setup, operate, evolve dynamic VOs based on framework that provides tools and methodology to reason about trust, security and privacy properties along NGG architecture
AssessGrid project aims providing a framework for supporting risk assessment and management throughout the Grid infrastructure
There is always room for improving existing infrastructures and exploring novel frontiers.
We are working on these issues and are looking for partners to join hands with us.
07 Sep. 2007 CoreGRID Summer School 2007, Budapest, Hungary
57
Thank You