Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign.

Slides:



Advertisements
Similar presentations
Scaling TeraGrid Access A Testbed for Attribute-based Authorization and Leveraging Campus Identity Management
Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 7: Troubleshoot Security Settings and Local Security.
Operating Systems Operating system is the “executive manager” of all hardware and software.
Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.
Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.
Science Gateways on the TeraGrid Von Welch, NCSA (with thanks to Nancy Wilkins-Diehr, SDSC for many slides)
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
National Center for Supercomputing Applications MyProxy and GSISSH Update Von Welch National Center for Supercomputing Applications University of Illinois.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign This material is based upon work supported by the National Science.
04/27/2010 Acceptance Test 1. Our Client… Dr. Timoth C. Lederman Professor of Computer Science Siena College And To All Other Guests 04/27/2010 Acceptance.
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.
UNICORE UNiform Interface to COmputing REsources Olga Alexandrova, TITE 3 Daniela Grudinschi, TITE 3.
TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.
NID Password Change Frequency PIC Submission dated 7/10/13 University Audit and Finance & Accounting Tax.
TeraGrid ’06 National Center for Supercomputing Applications Managing Credentials on the TeraGrid with MyProxy Jim Basney.
Network, Operations and Security Area Tony Rimovsky NOS Area Director
National Computational Science National Center for Supercomputing Applications National Computational Science MyProxy: An Online Credential Repository.
Customized cloud platform for computing on your terms !
TeraGrid Information Services December 1, 2006 JP Navarro GIG Software Integration.
Building service testbeds on FIRE D5.2.5 Virtual Cluster on Federated Cloud Demonstration Kit August 2012 Version 1.0 Copyright © 2012 CESGA. All rights.
Scaling Account Creation and Management through the TeraGrid User Portal Contact: Eric Roberts
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) Grid Engine Riccardo Rotondo
User Manager for Domains.  Manages the user accounts in a domain  It is located in the PDC  While User Manager exists in each NT machine, but it is.
Copyright 2000 eMation SECURITY - Controlling Data Access with
ISG We build general capability Introduction to Olympus Shawn T. Brown, PhD ISG MISSION 2.0 Lead Director of Public Health Applications Pittsburgh Supercomputing.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
Chapter 13 Users, Groups Profiles and Policies. Learning Objectives Understand Windows XP Professional user accounts Understand the different types of.
Common Servers in a Workplace Environment Brandon Reynolds Computer Electronic Networking Dept. of Technology, Eastern Kentucky University.
Installation and Development Tools National Center for Supercomputing Applications University of Illinois at Urbana-Champaign The SEASR project and its.
U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
Federated Environments and Incident Response: The Worst of Both Worlds? A TeraGrid Perspective Jim Basney Senior Research Scientist National Center for.
PRESENTED BY PIERRE PHAN NETWORK SPECIALIST IUSD-WTC 10/22/12 PaperCut 101.
© Mahindra Satyam 2009 Configuration Management QMS Training.
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
NEES Cyberinfrastructure Center at the San Diego Supercomputer Center, UCSD George E. Brown, Jr. Network for Earthquake Engineering Simulation NEES TeraGrid.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.
Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.
Presented by: Tony Rimovsky TeraGrid Account Management Tony Rimovsky, Area Director for Network Operations and Security
Portal Update Plan Ashok Adiga (512)
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
TeraGrid Gateway User Concept – Supporting Users V. E. Lynch, M. L. Chen, J. W. Cobb, J. A. Kohl, S. D. Miller, S. S. Vazhkudai Oak Ridge National Laboratory.
Ad Hoc VO Akylbek Zhumabayev Images. Node Discovery vs. Registration VO Node Resource User discover register Resource.
PRESENTATION TITLE Presented by: Xxxx Xxxxx. Providence Health & Services Very large Catholic healthcare system 33 hospitals in AK, CA, MT, OR, WA 65,000.
User-Facing Projects Update David Hart, SDSC April 23, 2009.
GSI: Security On Teragrid A Introduction To Security In Cyberinfrastructure By Dru Sepulveda.
ISG We build general capability Introduction to Olympus Shawn T. Brown, PhD ISG MISSION 2.0 Lead Director of Public Health Applications Pittsburgh Supercomputing.
Security Solutions Rachana Ananthakrishnan University of Chicago.
Network, Operations and Security Area Tony Rimovsky NOS Area Director
TeraGrid User Portal Eric Roberts. Outline Motivation Vision What’s included? Live Demonstration.
The Gateway Computational Web Portal Marlon Pierce Indiana University March 15, 2002.
Attribute-based Authentication for Gateways Jim Basney Terry Fleury Stuart Martin JP Navarro Tom Scavo Nancy Wilkins-Diehr.
Gateway Security Summit, January 28-30, 2008 Welcome to the Gateway Security Summit Nancy Wilkins-Diehr Science Gateways Area Director.
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
How to develop a VoIP softphone in C# by using OZEKI VoIP SIP SDK This presentation demonstrates the first steps concerning to how to develop a fully-functional.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
THE STEPS TO MANAGE THE GRID
Network Services.
Chapter 27: System Security
HC Hyper-V Module GUI Portal VPS Templates Web Console
Risks of Wireless Access Points
Quality Center (QC) 11 Training Global IT QA Testing Team 2013
Federated Environments and Incident Response: The Worst of Both Worlds
A Grid Authorization Model for Science Gateways
TeraGrid Identity Federation Testbed Update I2MM April 25, 2007
User Profile Management
Presentation transcript:

Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign

Teragrid Security Working Group Security-WG –Members of Security Teams at TG sites What we do –Review/formulate TG wide security policies –Security related implementation issues Software, services, policy Security-WG guides –TG sites ( Resource providers ) –Users Contact information

RP’S and Gateways Account creation Approval and setup –Done at each RP level

Portal AAA Requirements Portals may have a mix of community users and standard users (e.g. a LEAD portal may have LEAD community users and Kelvin) ・ Must keep time accurate audit logs of their users and be able to map actions back to specific identities Must have contact information for community users; at a minimum an address ・ Should provide a common interface to all TG resources and sites. Must document how it authenticates portal users and how it maps portal users to TeraGrid usage.

Portal requirements Estimated maximum number of processors/nodes a job could use Estimated maximum run time a job could use Estimated short-term storage requirements per user per job Estimated long-term storage requirements per user (if non-dynamic) Logging of requester's IP, date stamp, and username on the portal Names and paths to each script on the RP cluster that can be run by IP of the portal machine, especially if portal is on TG network

RP requirements Restricted shell Chrooted environment Restrictions on account's job submissions (job size/run time) Securing Globus job submissions via GUMS/WSGRAM sudo Using OS tools such as PAM, access.conf, limits.conf, etc. Restricting trust of portal machine Restricting interactive portal logins on RP login machines

Security concerns prevailing Community accounts –Tracking users and job submissions –Auditing and accouting issues are addressed Process script & executions Storage Data confidentiality & integrity

Security practices Account registrations Data validations Passwords (setup/reset etc ) Lock down portals

Comm shell & gateways account lock down Shared accounts are security problem To mitigate the potential of absue by placing restrictions on what an account can execute Applications are restricted to directory goverend by a conf file Uses another adminstrative account to add/modify applications More details

Questions References – – index.html#s-wsgram-admin-configsudo – – – –Aashish Sharma ( –Security-wg (

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.