Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 The GIDS project A Grid-based, federated Intrusion Detection System to secure the D-Grid.

Similar presentations


Presentation on theme: "1 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 The GIDS project A Grid-based, federated Intrusion Detection System to secure the D-Grid."— Presentation transcript:

1 1 Nils gentschen Felde & Felix von EyeOGF28 München, The GIDS project A Grid-based, federated Intrusion Detection System to secure the D-Grid infrastructure Nils gentschen Felde, Felix von Eye

2 2 Nils gentschen Felde & Felix von EyeOGF28 München, The MNM Team Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften

3 3 Nils gentschen Felde & Felix von EyeOGF28 München, Grid-related projects European projects –Deployment of Remote Instrumentation Infrastructure (DORII) –Open Grid Forum Europe (OGF-Europe) –European Grid Initiative (EGI) –EMANICS - Management Solutions for Next Generation Networks –g-Eclipse German projects –Horizontale Integration des Ressourcen- und Dienst-Monitoring im D-Grid (D-MON) –Authentication and Authorization Infrastructure for VO Management (AAI/VO) –Ein Grid-basiertes, föderiertes Intrusion Detection System zur Sicherung der D-Grid Infrastruktur (GIDS) Previous research projects –Interoperabilität und Integration der VO-Management Technologien im D-Grid (IVOM) –VO-Management im D-Grid –Monitoring und Accounting im D-Grid

4 4 Nils gentschen Felde & Felix von EyeOGF28 München, Project overview Partners: Associated Partners: Start: Duration:36 months Project leader:LRZ/LMU –www.grid-ids.dewww.grid-ids.de

5 5 Nils gentschen Felde & Felix von EyeOGF28 München, Usage scenario of Grids Intend Loose coupling of autonomous providers Hiding heterogeneity Functionalities Job-Scheduling Storage... Management User/VO-management Monitoring Accounting... Users grouped in Virtual Organizations (VO) With respect to scientific affiliation Not regarding real organizations any more Scientific environment Generous resource sharing Security management neglected Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C

6 6 Nils gentschen Felde & Felix von EyeOGF28 München, Security considerations in Grids Grid- Middleware Coupling resources Abstracted by middleware Collaborative use of distributed resources Security considerations Isolated view on domains Security is based on trustworthiness of resource providers Resource- provider A Resource- provider B Resource- provider D Resource- provider C FW IDS Uplink Admin Anti-Vir

7 7 Nils gentschen Felde & Felix von EyeOGF28 München, Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C Example: attack scenario Break-in at one site suffices Access to Grid-middleware Access to all resources! Example: –Compromised SSH private key, i.e. well-known SSL vulnerabilities –Grid-wide login attempts inter-organizational! –Only global event correlation yields success

8 8 Nils gentschen Felde & Felix von EyeOGF28 München, Goal State of the art –IDS for autonomous systems –Distributed IDS: always based on total trust –No concept of customers Now –Stepping towards a Grid-wide solution –Conception of an IDS for Grids (GIDS) First glance challenges –Inter-organizational system –Autonomous partners –Heterogeneity –GIDS as a service with user-specific views Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C

9 9 Nils gentschen Felde & Felix von EyeOGF28 München, Vision: GIDS as a federation Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C Intent: –New service in the Grid Surveying the Grid with respect to security Reporting thereof –Economical use of The service The Grid itself Idea: –Grid-wide consolidation of security-relevant data –Derivation of security reports

10 10 Nils gentschen Felde & Felix von EyeOGF28 München, Methodology Analysis Architecture design Prototypical implementation Evaluation Conclusion

11 11 Nils gentschen Felde & Felix von EyeOGF28 München, Analysis: Methodology Threat analysis –Attack goals and risks –Classification of possible attackers Attack patterns Origin of attack (positional and organizational) Types of attacks in Grids Use-case driven requirements analysis –User groups and customers –Information providers Requirements induced by Grids –Generic requirements –Cooperation patterns –Trust relationships Classes of requirements: Functional Non-functional Security requirements Organizational and privacy data protection Requirements related to detection capabilities

12 12 Nils gentschen Felde & Felix von EyeOGF28 München, Methodology Analysis Architecture design (work in progress) Prototypical implementation Evaluation Conclusion

13 13 Nils gentschen Felde & Felix von EyeOGF28 München, Architecture overview GIDS-/IDMEF-bus IDSGIDS-agentIDSGIDS-agent GIDS-operator GIDS GIDS-agent portal Resource- provider A Resource- provider X

14 14 Nils gentschen Felde & Felix von EyeOGF28 München, IDSFW Resource-provider agent GIDS- DB … Admin store data in filtering data & reports aggregation/ correlation data & reports local (G)IDS- instance store reports in resporting to data & reports anonymization/ pseudonymization data & reports store data and reports in GIDS-agent GIDS-/IDMEF-bus

15 15 Nils gentschen Felde & Felix von EyeOGF28 München, Methodology Analysis Architecture design Prototypical implementation (work in progress) Evaluation Conclusion

16 16 Nils gentschen Felde & Felix von EyeOGF28 München, Example: Grid-wide event correlation Reminder –Break-in at one site is sufficient –Access to Grid-middleware Access to all resources! Example: –Compromised user account in context of a VO –VO may use selected resources Possibility of detection –Grid-wide event correlation –i.e. faulting login attempts Resource- provider C Resource- provider D Resource- provider B Resource- provider A Grid- Middleware

17 17 Nils gentschen Felde & Felix von EyeOGF28 München, Failing login attempts GIDS-/IDMEF-bus IDSGIDS-agentIDSGIDS-agent GIDS-operator GIDS GIDS-agent portal Resource- provider A Resource- provider X login- attempt TCP... has VO-members SSH-private-key

18 18 Nils gentschen Felde & Felix von EyeOGF28 München, Exemplary Dataflow GIDS-/IDMEF-bus IDSGIDS-agentIDSGIDS-agent GIDS-operator GIDS GIDS-agent portal Resource- provider A Resource- provider X has VO-members SSH-private-key login- attempt

19 19 Nils gentschen Felde & Felix von EyeOGF28 München, IDSFW Correlation agent GIDS- DB … Admin store data in filtering data & reports aggregation/ correlation data & reports local (G)IDS- instance store reports in resporting to data & reports anonymization/ pseudonymization data & reports store data and reports in GIDS-agent GIDS-/IDMEF-bus login- attempt correlation- alarm

20 20 Nils gentschen Felde & Felix von EyeOGF28 München, Methodology Analysis Architecture design Prototypical implementation Evaluation ( To be done!) Conclusion

21 21 Nils gentschen Felde & Felix von EyeOGF28 München, Methodology Analysis Architecture design Prototypical implementation Evaluation Conclusion

22 22 Nils gentschen Felde & Felix von EyeOGF28 München, Conclusion Challenge: Conception of an GIDS Proceeding: –Analysis: Threats, use cases, requirements induced by Grids –Design of a generic GIDS architecture –Development of privacy-protection concept –Prototype later: Production ready –Evaluation: Simulation und measurements in D-Grid Results: –Catalogue of criteria to evaluate IDS for their use in Grids –Generic GIDS architecture –Privacy-protection concept –GIDS in production for D-Grid

23 23 Nils gentschen Felde & Felix von EyeOGF28 München, Further research question Management aspects –Specification of processes as in e.g. ISO20000 or ITIL –Special challenges in inter-organizational environments Attack detection –Which analysis techniques are appropriate in Grids, which arent? –Implication of dynamics in Grids in regard to attack detection methods –Valuable use of additionally available information in Grids (e.g. (job-)monitoring or VO-management systems) Compliance –Enhancing the GIDS by making use of trust-level management data

24 Nils gentschen Felde & Felix von EyeOGF28 München, Thank you! Project details: Contact: Nils gentschen Felde 24


Download ppt "1 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 The GIDS project A Grid-based, federated Intrusion Detection System to secure the D-Grid."

Similar presentations


Ads by Google