Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Published bySebastian Weeks Modified over 10 years ago

Similar presentations

Presentation on theme: "Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab"— Presentation transcript:

1 Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab welu@cs.indiana.eduwelu@cs.indiana.edu, {keahey,tfreeman,franks}@mcs.anl.gov Making your workspace secure: establishing trust with VMs in the Grid

2 Virtual Workspace in the Grid Virtual Workspace (VW) Definition: Workspace is an execution environments that can be made available dynamically in the Grid Software environment Resource allocation Examples: A physical machine configured as a service node (e.g., headnode) for a community cluster A set of virtual machines configured as an Open Science Grid cluster A set of physical machines configured with Xen hypervisor Virtual machines (VMs) as workspace implementation Good isolation properties Customizable software Fine-grained enforcement of resource allocation Ability of serialization and migration Acceptable performance cost (Xen) Hardware Hypervisor Guest OS App Guest OS App

3 Security Challenge of Virtual Workspace VW Hosts prohibit VMs from misusing resource maliciously; For example, a badly configured VM might get compromised and used to launch a DOS from a site VW Owners concern the integrity and confidentiality of the VM image, that is the VM image does not get used or otherwise compromised by un-trusted parties storing or transferring that image. The VM image is usually composed of multiple partitions, each partition may be provided by a different "issuer" and be associated with different security requirements concern that VM execute only on trusted hosts and the host won't jeopardize data or computations taking place inside the VM. VW Users how do I establish trust with a running VM? trust in the VM has to be rooted in both VM image (owner) and VM host

4 System Architecture Implementation Xen, Globus Toolkit 4 GSI provides the basic infrastructure for authentication and authorization Workspace Meta data XML document: containing the hardware, software, networking, security and other configuration of a VW VW Configuration Service Workspace Service request a workspace Workspace manage activities within the workspace Owner of VW User of VW Workspace Meta-data Deploy Manage monitor

5 VW Security Meta-data A Virtual Machine consists of several files (VM disk partitions, RAM image, configuration files), each of them may have different security requirements (Integrity, Confidentiality or Open) Be provided by different entities, e.g. A community partition may be issued by a given community and contain a specific version of community software An application partition may be provided by an application developer A data partition may be provided by a special interest group and be confidential Be used as part of many images Stored and transported through potentially un-trusted areas Meta-data for partition is extended with XML Signature or Encryption element to represent the signature and related key or certificate of the protected A resolvable URI that can be used to locate a partition Security Meta-data makes the security of a VW image be independent of the intermediate storage service and transferring layers. …

6 GridFTP Http … … Virtual Workspace Meta-Data OSG Software version Key partition Application Application data Virtual Workspace Partitions VW Security Meta-data

7 VW Host Credential How do we assign credential to the VM? Trust has to be rooted in both the VM image (VM owner) and the VM host (hypervisor) Scheme 1: Assign a static credential to a VM image VM issuer provides a credential partition, always encrypted Partition can be decrypted only by a host from a trusted set Credential does not change during VM lifetime Scheme 2: Generate a credential on deployment Name the VM as VM X on resource Y Resource Proxy Certificate: which is a short term GSI X509 proxy Certificate generated dynamically by the hypervisor at deployment time based on verifying the VM attestation After migration, the certificate is revoked at old host and regenerated at new host. user can attest the virtual machine and the host machine.

8 Deploying a Secure VW Host Creds VW Creds Virtual Workspace Hypervisor VW User Third-Party Storage Services VW Owner Metadata Verification Partition Load Signature Verification Partition Decryption Private key partition OSG software partition App data partition App software partition Creds Assign Key Load Workspace Service 1 2 3 456 7 9 10 Data flow Control flow 1: owner builds authen & author with Workspace service 2: sends the VW meta-data 3: checks the integrity of the meta data 4: loads each partition of the VW to local site according the security meta-data 5: loads the key or certificate according the security metadata 6: verifies the partition signature or decrypts the partition 7: generates the proxy cred for VW 8. builds and starts the VW. 9: user builds authen,& author with VW 10: user accesses VW 8

9 Performance Impact Security Configuration –No-security conf: all the partitions are not protected –Signed partitions conf: all the partitions are signed by providers –Private data conf: all the software partitions are signed by providers, except the user data partitions encrypted by the user self –Private key conf: all the partitions are signed by providers, except the VW key partition is encrypted by the VW owner.

10 Conclusion GSI provides the mechanism to build trust between VW host and VW owner Security meta-data is an End-to-End VW data integrity and confidentiality solution between the VW host and VW owner without any dependence on the transportation and storage system. With Resource Proxy Certificate user can attest the VW and the running host. Performance impact to the VW deployment brought by the security functionality is significant, but still acceptable (deploying a VW with 3G signed partitions needs no more then 3 mins) The performance impact mainly caused by the partitions with big size, and Encryption is much more expensive than the signature calculation. To minimize the overhead, it is desirable –Reduce the granularity of a partition –keep the big software partition be read-only and on site for reusing. –the encryption would better be applied on small size data partitions. Further optimization will be developed based on fast security implementation, cache and differentiate transferring For more information visit http://workspace.globus.org/

Download ppt "Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab"

Similar presentations

Introduction of Grid Security

Introduction of Grid Security
Open Science Grid Living on the Edge: OSG Edge Services Framework Kate Keahey Abhishek Rana.

Open Science Grid Living on the Edge: OSG Edge Services Framework Kate Keahey Abhishek Rana.
A Scalable Approach to Deploying and Managing Appliances Kate Keahey Rick Bradshaw, Narayan Desai, Tim Freeman Argonne National Lab, University of Chicago.

A Scalable Approach to Deploying and Managing Appliances Kate Keahey Rick Bradshaw, Narayan Desai, Tim Freeman Argonne National Lab, University of Chicago.
Virtualization, Cloud Computing, and TeraGrid Kate Keahey (University of Chicago, ANL) Marlon Pierce (Indiana University)

Virtualization, Cloud Computing, and TeraGrid Kate Keahey (University of Chicago, ANL) Marlon Pierce (Indiana University)
On-Demand Virtual Workspaces: Quality of Life in the Grid Kate Keahey Argonne National Laboratory.

On-Demand Virtual Workspaces: Quality of Life in the Grid Kate Keahey Argonne National Laboratory.
Virtual Appliances for Scientific Applications Kate Keahey Argonne National Laboratory University of Chicago.

Virtual Appliances for Scientific Applications Kate Keahey Argonne National Laboratory University of Chicago.
Virtualization: Towards More Flexible and Efficient Grids Kate Keahey Argonne National Laboratory.

Virtualization: Towards More Flexible and Efficient Grids Kate Keahey Argonne National Laboratory.
Working Spaces: Virtual Machines in the Grid Kate Keahey Argonne National Laboratory Tim Freeman, Frank Siebenlist

Working Spaces: Virtual Machines in the Grid Kate Keahey Argonne National Laboratory Tim Freeman, Frank Siebenlist
Enabling Cost-Effective Resource Leases with Virtual Machines Borja Sotomayor University of Chicago Ian Foster Argonne National Laboratory/

Enabling Cost-Effective Resource Leases with Virtual Machines Borja Sotomayor University of Chicago Ian Foster Argonne National Laboratory/
Workspaces for CE Management Kate Keahey Argonne National Laboratory.

Workspaces for CE Management Kate Keahey Argonne National Laboratory.
The VM deployment process has 3 major steps: 1.The client queries the VM repository, sending a list of criteria describing a workspace. The repository.

The VM deployment process has 3 major steps: 1.The client queries the VM repository, sending a list of criteria describing a workspace. The repository.
Division of Labor: Tools for Growing and Scaling Grids Tim Freeman, Kate Keahey, Ian Foster, Abhishek Rana, Frank Wuerthwein, Borja Sotomayor.

Division of Labor: Tools for Growing and Scaling Grids Tim Freeman, Kate Keahey, Ian Foster, Abhishek Rana, Frank Wuerthwein, Borja Sotomayor.
From Sandbox to Playground: Dynamic Virtual Environments in the Grid Kate Keahey Argonne National Laboratory Karl Doering University.

From Sandbox to Playground: Dynamic Virtual Environments in the Grid Kate Keahey Argonne National Laboratory Karl Doering University.
Virtual Workspaces in the Grid Kate Keahey Argonne National Laboratory Ian Foster, Tim Freeman, Xuehai Zhang, Daniel Galron.

Virtual Workspaces in the Grid Kate Keahey Argonne National Laboratory Ian Foster, Tim Freeman, Xuehai Zhang, Daniel Galron.
GT4 Architectural Security Review December 17th, 2004.

GT4 Architectural Security Review December 17th, 2004.
Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.

Secure Virtual Machine Execution Under an Untrusted Management OS Chunxiao Li Anand Raghunathan Niraj K. Jha.
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.

Virtual Machine Technology Dr. Gregor von Laszewski Dr. Lizhe Wang.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Ensuring Operating System Kernel Integrity with OSck By Owen S. Hofmann Alan M. Dunn Sangman Kim Indrajit Roy Emmett Witchel Kent State University College.

Similar presentations

Ads by Google