Presentation is loading. Please wait.

Presentation is loading. Please wait.

Implementing Grid Security Concepts EU FP6 Projects AssessGrid & GridTrust Syed Naqvi 07 September 2007, Budapest - Hungary.

Similar presentations


Presentation on theme: "Implementing Grid Security Concepts EU FP6 Projects AssessGrid & GridTrust Syed Naqvi 07 September 2007, Budapest - Hungary."— Presentation transcript:

1 Implementing Grid Security Concepts EU FP6 Projects AssessGrid & GridTrust Syed Naqvi 07 September 2007, Budapest - Hungary

2 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary2 Acknowledgements AssessGrid Project Consortium Particularly -Stéphane Mouton -Karim Djemame GridTrust Project Consortium Particularly -Chritophe Ponsard -Philippe Massonet

3 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary3 Security Architecture Security Features or Services Assets Attackers/Intruders/ Malfeasors Requirements & Policies Security Mechanisms Security Architecture

4 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary4 Security Fundamentals Authentication Verification of the identity of a person or process Authorization Determination of what an entity is allowed to do Confidentiality Prevention of unauthorized disclosure of information Integrity Prevention of data from being inappropriately changed Availability Assuring the disposition of resources to the users

5 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary5 Security Fundamentals Authentication Challenge-response, biometric, certificates, tickets, UID Authorization Access Control, RBAC, CAS, … Confidentiality Bell-LaPadula Model Integrity Biba Model, Clark-Wilson Model Availability Security Policy

6 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary6 Grid Security - Specific Aspects Grid-specific Huge bunch of nodes, dynamic creation of VOs, … Virtual Paradigm Abstraction, Implementation Independent, … Adaptable Features Vision of OGSA Security Model Standard Security Practices Risks analysis, evaluation criteria, simulations, …

7 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary7 Some Misunderstandings Login/password is sufficient In-depth Security Cryptography is a silver bullet Availability, Denial of Service, … No security for non-confidential data Integrity, Availability, … Ideal Security is the Pre-condition of Use eBusiness Applications

8 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary8 Trust Requirements Identification, Access Control, Privacy, … User-based Trust Relationships If a user has the right to use sites A and B, the user should be able to use sites A and B together without requiring the security administrators from sites A and B to interact. Conflict of Interests may arise – Data isolation is to be assured Distributed Trust Evaluation The decentralized nature of administration makes it difficult to establish and propagate trust.

9 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary9 Non-History-based Trust Establishment If there is no trust among parties and there is no mechanism to build some trust based on a history of previous interactions. Delegation of trust Decentralized hierarchical administration, scalability of certificate issuing capacity, … Trust Requirements

10 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary10 Continuous monitoring of the changes to the trust level of each node Dynamic evaluation of the trust relationships, broadcast the presence of a malicious node in the environment, … Consideration of context and state Determination of the access control on the basis of users location and the state of the users environment. Trust Requirements

11 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary11 Analyses Requirements Analysis Functional requirements Non-functional requirements Goal-based Business Analysis Strategy Organisational capabilities Return on Investment

12 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary12 Risks Analysis Probability of loss(es) Associated costs (compensations etc.) Threats Analysis Potential threats/attacks Countermeasures Forensic Analysis Post-accident analysis Digital fingerprinting Analyses

13 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary13 Risk Management in Grids Grid technologies reached high level of development Large-scale Grid deployment needs Commercial Grid providers and services Working demonstrators in different areas Standardisation efforts for access and interoperability Early adopters underline core shortcomings Quality of Service guaranteed resource usage over time Security, Trust, and Dependability Service Level Agreements (SLAs) address shortcomings Definition of business relationship Forces development of QoS-aware middleware/OS

14 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary14 Service Level Agreements Specified amount and quality of resources over certain time mandatory to reach desired performance Delegation of particular resource capabilities over a defined time interval from resource owner to requester SLA as explicit statement of expectations and obligations in a business relationship between service provider and customer Service Level Agreement Terms R-Type: HW, OS, Compiler, Software Packages, … R-Quantity: Number CPUs, main memory, … R-Quality: CPU>2GHz, Network Bandwidth, … Deadline: Date, Time,… Policies: Demands on Security and Privacy, … Price for Resource Consumption (fulfilled SLA) Penalty Fee in case of SLA violation Contract Parties, Responsible Persons ID or Description of SLA Name Context Service Level Agreement

15 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary15 Grid Providers and SLAs SLAs needed, but providers are cautious about adoption Why? Business case risk Missing indicators QoS level to be offered? SLA violation and penalties due failures, DoS attacks, overloading Enough resources for Grid jobs? Fault tolerance available? Actions to be initiated? What is the risk of accepting an SLA?

16 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary16 Grid Brokers, Users and SLAs Reliability as selection criterion Trustable QoS level information? QoS? Reliability with respect to utilisation? QoS information service? Decision- support for job assignment? What is the risk of assigning an SLA?

17 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary17 Trust and Security for Next Generation Grids

18 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary18 GRIDTRUST Project Funded by the EU Framework Programme 6 (FP6) Specific Targeted Research Project (STREP) Coordinator: CETIC Project Reference: Project Cost: 3.86 M Project Funding: 2.2 M Start date: 01 June 2006 Duration: 36 months

19 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary19 Project Partners 5 countries 4 companies 3 research institutes 1 university

20 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary20 Partner Roles Partner Name Partner Country Partner Expertise CETIC Belgium Grid dissemination, Grid Applications Engineering, Security requirements STFC United Kingdom VO Management, Trust and reputation management, Grid Security, Grid Middleware IIT-CNR Italy Security, Usage control, Grid fabric and resource management VUA Netherlands Security, Fine grained access control, Grid, Distributed systems, privacy and forensic computing INT Italy Grid technology adaptor, P2P and distributed systems HP-EIC ItalyGrid technology adaptor, End user AGOS ItalyEnd user MOV SpainDistributed system technology provider, end user

21 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary21 GridTrust: Objectives and Expected Results General Objective: definition and management of security and trust in dynamic virtual organisations Expected results – « framework » composed of: environnement et analysis method at all levels of the NGG architecture A reference security architecture for Grids An open source reference implementation of the architecture, validated by several innovative business scenarios. GRID Service Middleware Layer NGG Architecture GRID Application Layer GRID Foundation Middleware Layer Network Operating System

22 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary22 Dynamic VOs Virtual organizations are distributed business processes Examples Supply chain (ex: Airbus) Distributed authoring Knowledge management Services Centralised or decentralised VO Management Avoid manual reconfiguration

23 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary23 Trust in Virtual Organisations Since VOs are based on sharing information and knowledge, there must be a high amount of trust among the partners. Especially since each partner contribute with their core competencies Collaboration Threats: Bad service (contract not respected) Attacks – loss of information Attacks – disruption of service Vulnerability to attacks (bad level of security at one of the partners) … Need for Trust and security mechanisms

24 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary24 Desired Self-Organization/ Self -Protection Behavior VO policy rules: Trust requirement: always all nodes sufficiently trusted Security should adapt -> avoid manual intervention of operator 3 If trust of node x < Min trust threshold Then replace node x 3 If trust of node x < Min trust threshold Then tighten security for node x

25 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary Trust and Security for Dynamic Virtual Organisations GRID Service Middleware Layer NGG Architecture GRID Application Layer GRID Foundation Middleware Layer Network Operating System Trust and Security Goals Self-* … … GridTrust Framework Services and Tools Resources OGSA Fine grained Continuous computational usage control Usage Control Policies Framework: -Method and policy refinement tools -Security architecture -Reference implementation VO Policies Dynamic VO VO Mngt … Secure res. broker Reputation service Usage Cont. service

26 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary26 Innovation in GridTrust UCON (improves state of the art: mutable attributes, obligations, continuous enforcement) Computational level Service level Combining Brokering and security Combining security with reputation Globus reputation used for service discovery and selection Here we want to to use reputation for authorization decision From Business security requirements to policies (NESSI- Grid challenge) Not innovation: Glue the separate VO management components together VOMS, CAS

27 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary27 From Business level security requirements to operational policies Business Trust and Security Requirements Service Trust and Security Policies Fine Grained Computational Usage Control Policies GRID Application Layer GRID Service Middleware Layer GRID Foundation Middleware Layer Network Operating System Layer Policy rule examples Confidentiality of client data Confidential data can only be used with a service that provides encryption with minimal key length Confidential data can only be sent over a secure socket to another trusted domain NGG Architecture Traceability of requirements to policies Derivation

28 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary28 GridTrust Framework Integrated in OGSA GridTrust Framework Application

29 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary29 From Access Control to Usage Control With access control technology Trusted usage of resources Access control under responsibility of software Correct usage under responsibility of service/resource user With usage control technology Trusted Usage of resources Access control is part of usage control under responsibility of software agent Correct usage -Policies respected under responsibility of software -Correct usage under responsibility of user

30 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary30 Updating reputation based on resource usage Gather low level resource usage information SLA violations Successful performance Update VO level reputation Reputation at different levels Service VO member VO as a whole Reputation based on past behavior History Performance

31 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary31 Experimentation - Innovative Business Case Studies Distributed Supply chain application domain Pharmacy Fish (EU and national regulations) Collaborative intra or inter-enterprise knowledge management Distributed authoring High-quality massive data transfers Many actors Can be viewed as a virtual organisation which implements a complex and articulated supply chain. Safe and reliable data transfer services, but the distant and virtual cooperation is limited

32 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary32 Advanced Risk Assessment and Management for Trustable Grids

33 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary33 AssessGrid AssessGrid Project Funded by the EU Framework Programme 6 (FP6) Specific Targeted Research Project (STREP) Coordinator: University of Paderborn Project Reference: Project Cost: 2.64 M Project Funding: 1.97 M Start date: 01 April 2006 Duration: 33 months

34 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary34 Project Partners

35 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary35 Partner Roles Partner Name Partner Country Partner Expertise TU Berlin Germany Fault-tolerant mechanisms, SLA negotiation, infrastructure analysis in the Grid Fabric PC 2 Germany Scheduling, SLAs, monitoring and data gathering in the Grid fabric, risk management ATOS Origin Spain Exploitation, implementation end-user interface: negotiation, workflows, connection to confidence service CETIC Belgium Requirements, verification, software quality, exploitation/dissemination ABO AKA FinlandMethods for risk assessment Uni. Leeds United Kingdom Broker layer: monitoring, SLA brokerage, workflows, risk adjustments with confidence service Wincor Nixdorf GermanyBusiness perspective, requirements, validation

36 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary Project Goals Risk indicators as core part of SLA assignment and acceptance Customised risk presentation for improved usability and trust Decision/planning/management-support for QoS-aware Grids Grid provider evaluation and competition

37 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary Proposed Architecture Generic, customisable, and interoperable open-source software for risk assessment, risk management, and decision-support in Grids Planning-based RMS Monitoring Consultant /Confidence service Risk assessment and management Ad-hoc risk management Provider/ Broker/ End-user perspective Integration in Grid fabric Integration in Grid service Broker service Integration in Grid middleware

38 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary Risk Assessment Research Challenges Methods and tools for monitoring, gathering, and aggregating relevant data Static and dynamic data utilisation Network-condition, overall Grid activity Specific business policies Methods for risk assessment Customised presentation of risk-related indicators Risk granularity End userBrokerProvider

39 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary Risk Management Research Challenges Develop concepts for using risk Estimate risk Risk-indicators for self-organising fault tolerance Risk-aware negotiations and SLAs Risk-based decision-support for capacity planning and infrastructure management Aggregation of risk-indicators for objective provider ranking and competition

40 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary40 System Overview Aim integrate a risk-aware Service Level Agreement (SLA) model into current Grid technology Risk awareness incorporated across three layers Therefore an architecture designed to give resource providers the capability to perform risk assessments prior to making offers give the broker the ability to assess the reliability of provider risk assessments rank offers from different resource providers, based on risk, price and penalty

41 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary41 Usage Scenarios Broker as a mediator End-user submits SLA request to broker Once end-user selects SLA offer Brokers responsibility ends End-user interacts directly with provider Broker as a contractor Acts as a virtual provider End-user agrees SLA with broker Broker agrees SLAs with provider(s) Useful to map workflows to resources Direct SLA negotiation end-user – provider End-user submits SLA request to provider End-user can query brokers confidence service

42 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary42 Scenario 1: User-Provider Neg. Get Template Fill Template - - Job description - - Max. PoF - - Min. Penalty Create Offer - Set Price SLA Request SLA Offer CommitContract RMS: Resource Management System PoF: Probability of Failure

43 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary43 Scenario 2a: Broker = Mediator Template Subscription Get Templates

44 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary44 SLA Request SLA Offer Evaluate Reliability Scenario 2a: Broker = Mediator

45 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary45 Commit Scenario 2a: Broker = Mediator

46 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary46 Scenario 2b: Broker=Contractor

47 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary47 Architectural Overview End-user Portal Broker Risk Assessor Confidence Service Workflow Assessor Provider Negotiation Manager Scheduler Risk Assessor Consultant Service

48 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary48 End-User Layer – Portal Architecture Presentation of SLA templates, requests, offers of Probability of Failure (PoF) and reliability information of status of executing and pending jobs SLA violations and compensation (penalties) specific to user role (end user, administrator) Follows the MVC (Model View Controller) design pattern Based on GridSphere portal architecture

49 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary49 Broker Layer SLA Processor: Agreement and AgreementFactory WebService Resource Filter: Find suitable resource providers that are likely to respond Offer Manager: Used if broker acts as provider

50 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary50 Broker layer: SLA Offers Published risk enables End-users to compare different SLA offers Risk of failure, price, and penalty fee Brokers Reliability measure classifies which offers are reliable

51 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary51 Grid Fabric Layer Negotiation Manager - -Checks whether request complies to template - -Initiation of file transfers Scheduler - -Creates tentative schedules for requests - -Planning-based scheduling Consultant Service - -Statistical data - -Data mining methods Risk Assessor Assesses PoF for SLA offers

52 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary52 Current Implementation Status Grid Portal First prototype deployed at Atos (Spain) Broker – Confidence Service Queries data which enables Risk Assessor to calculate the providers basic confidence measure (all SLAs) Deployed as WSRF service on the White Rose Grid (UK)

53 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary53 Current Implementation Status Resource Provider - Consultant Service First prototype of the consultant service uses monitoring information collected by Ganglia/Nagios Deployed as WSRF service at PC2 (Germany) WS-Agreement implementation AssessGrid – uses Globus 4 Fraunhofer Institute – based on Axis 2

54 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary54 SUMMARY

55 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary55 Security and Trust issues are of paramount importance for the success of Grid endeavour. Comprehensive solutions are needed to cope with the challenges of providing security and trust assurances to the various actors of Grids. These solutions should include both the conventional parameters (authentication, authorisation, …) as well as contemporary parameters (negotiations, assessments, …) The intrinsic nature of Grid should always be kept in mind (loose coupling, scalability, heterogeneity, …) while designing security and trust architectures.

56 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary56 GridTrust project aims helping (business) users setup, operate, evolve dynamic VOs based on framework that provides tools and methodology to reason about trust, security and privacy properties along NGG architecture AssessGrid project aims providing a framework for supporting risk assessment and management throughout the Grid infrastructure There is always room for improving existing infrastructures and exploring novel frontiers. We are working on these issues and are looking for partners to join hands with us.

57 07 Sep. 2007CoreGRID Summer School 2007, Budapest, Hungary57 Thank You


Download ppt "Implementing Grid Security Concepts EU FP6 Projects AssessGrid & GridTrust Syed Naqvi 07 September 2007, Budapest - Hungary."

Similar presentations


Ads by Google