INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org EGEE Security Status – Biomed meeting – Valencia, January 27th, 2006 EGEE Security status.

Slides:



Advertisements
Similar presentations
GGF16, Athens AuthZ Interoperability Here and Now Workshop, 16 Feb 2006.
Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Data Management Expert Panel - WP2. WP2 Overview.
EGEE-II INFSO-RI Enabling Grids for E-sciencE The gLite middleware distribution OSG Consortium Meeting Seattle,
Enabling Grids for E-sciencE INFSO-RI GPSA grid portal for Bioinformatics, EGEE3 Athens, 20/04/ GPSA - Grid Protein Sequence Analysis on the.
INFSO-RI Enabling Grids for E-sciencE Security (JRA3) Åke Edlund, JRA3 Manager, KTH David Groep, EUGridPMA chair, NIKHEF EGEE 1.
Grid Data Management Assaf Gottlieb - Israeli Grid NA3 Team EGEE is a project funded by the European Union under contract IST EGEE tutorial,
Grid Security. Typical Grid Scenario Users Resources.
E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
INFSO-RI Enabling Grids for E-sciencE Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.
\ Grid Security and Authentication1. David Groep Physics Data Processing group Nikhef.
INFSO-RI Enabling Grids for E-sciencE FloodGrid application Ladislav Hluchy, Viet D. Tran Institute of Informatics, SAS Slovakia.
INFSO-RI Enabling Grids for E-sciencE gLite Data Management Services - Overview Mike Mineter National e-Science Centre, Edinburgh.
FESR Consorzio COMETA Grid Introduction and gLite Overview Corso di formazione sul Calcolo Parallelo ad Alte Prestazioni (edizione.
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
INFSO-RI Enabling Grids for E-sciencE Logging and Bookkeeping and Job Provenance Services Ludek Matyska (CESNET) on behalf of the.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
INFSO-RI Enabling Grids for E-sciencE Getting Started Guy Warner NeSC Training Team Induction to Grid Computing and the National.
EGEE-III INFSO-RI Enabling Grids for E-sciencE The Medical Data Manager : the components Johan Montagnat, Romain Texier, Tristan.
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
INFSO-RI Enabling Grids for E-sciencE Sofia, 22 March 2007 Security, Authentication and Authorisation Mike Mineter Training, Outreach.
EGEE-III INFSO-RI Enabling Grids for E-sciencE Nov. 18, EGEE and gLite are registered trademarks gLite Middleware Usage Dusan.
AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security Token Service Valéry Tschopp - SWITCH.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Introduction to GILDA and gaining access.
INFSO-RI Enabling Grids for E-sciencE GILDA Practicals : Security systems GILDA Tutors Singapore, 1st South East Asia Forum -- EGEE.
National Computational Science National Center for Supercomputing Applications National Computational Science Credential Management in the Grid Security.
Manish Mehta, CS 590L Authentication Services in Open Grid Services by Manish Mehta April 27, 2004.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Status report on Application porting at SZTAKI.
INFSO-RI Enabling Grids for E-sciencE gLite Data Management and Interoperability Peter Kunszt (JRA1 DM Cluster) 2 nd EGEE Conference,
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
Conference name Company name INFSOM-RI Speaker name The ETICS Job management architecture EGEE ‘08 Istanbul, September 25 th 2008 Valerio Venturi.
INFSO-RI Enabling Grids for E-sciencE EGEE is a project funded by the European Union under contract INFSO-RI Grid Accounting.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Web interface for Protein Sequence.
INFSO-RI Enabling Grids for E-sciencE The gLite File Transfer Service: Middleware Lessons Learned form Service Challenges Paolo.
INFSO-RI Enabling Grids for E-sciencE Introduction Data Management Ron Trompert SARA Grid Tutorial, September 2007.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Database authentication in CORAL and COOL Database authentication in CORAL and COOL Giacomo Govi Giacomo Govi CERN IT/PSS CERN IT/PSS On behalf of the.
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
FP7-INFRA Enabling Grids for E-sciencE EGEE Induction Grid training for users, Institute of Physics Belgrade, Serbia Sep. 19, 2008.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Data management in LCG and EGEE David Smith.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Command Line Grid Programming Spiros Spirou Greek Application Support Team NCSR “Demokritos”
INFSO-RI Enabling Grids for E-sciencE /10/20054th EGEE Conference - Pisa1 gLite Configuration and Deployment Models JRA1 Integration.
INFSO-RI Enabling Grids for E-sciencE EGEE-2 NA4 Biomed Bioinformatics in CNRS Christophe Blanchet Institute of Biology and Chemistry.
Ákos FROHNER – DataGrid Security n° 1 Security Group TODO
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
INFSO-RI Enabling Grids for E-sciencE Security (JRA3) Åke Edlund, JRA3 Manager, KTH David Groep, Security Expert, NIKHEF EGEE 1.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Interoperability Shibboleth - gLite Christoph.
INFSO-RI Enabling Grids for E-sciencE NPM Security Alistair K Phipps (NeSC) JRA4 Face To Face, CERN, Geneva.
EGEE is a project funded by the European Union under contract IST New VO Integration Fabio Hernandez ROC Managers Workshop,
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Study on Authorization Christoph Witzig,
EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Overview of gLite, the EGEE middleware Mike Mineter Training Outreach Education National.
CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Ake Edlund for JRA3 EGEE EU Review (CERN) May 23-24, 2006.
Grid Data Management Assaf Gottlieb Tel-Aviv University assafgot tau.ac.il EGEE is a project funded by the European Union under contract IST
EGEE-II INFSO-RI Enabling Grids for E-sciencE Authentication, Authorisation and Security Mike Mineter, National e-Science Centre.
EGEE-II INFSO-RI Enabling Grids for E-sciencE Authentication, Authorisation and Security Emidio Giorgio INFN Catania.
INFSO-RI Enabling Grids for E-sciencE JRA3 Åke Edlund On behalf of JRA3 EGEE 8th All-activity meeting January 18-19,
INFSO-RI Enabling Grids for E-sciencE Sofia, 17 March 2009 Security, Authentication and Authorisation Mike Mineter Training, Outreach.
2 nd EGEE/OSG Workshop Data Management in Production Grids 2 nd of series of EGEE/OSG workshops – 1 st on security at HPDC 2006 (Paris) Goal: open discussion.
Enabling Grids for E-sciencE Claudio Cherubino INFN DGAS (Distributed Grid Accounting System)
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Service to Encrypt Biological Data on Grid.
INFSO-RI Enabling Grids for E-sciencE Security needs in the Medical Data Manager EGEE MWSG, March 7-8 th, 2006 Ákos Frohner on behalf.
Authentication, Authorisation and Security
Grid Security M. Jouvin / C. Loomis (LAL-Orsay)
Presentation transcript:

INFSO-RI Enabling Grids for E-sciencE EGEE Security Status – Biomed meeting – Valencia, January 27th, 2006 EGEE Security status Remi Mollon, Christophe Blanchet Bioinformatics Centre of Lyon – PBIL Institute of Biology and Chemistry of Proteins IBCP – CNRS UMR 5086 Lyon – Gerland, France

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, Enabling Grids for E-sciencE INFSO-RI Outlines Bioinformatic requirements EGEE Security Overview Data Encryption Systems –JRA3 prototype on gLite –IBCP prototype on LCG-2 – … Benchmarks Data security status Next meetings

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, Enabling Grids for E-sciencE INFSO-RI Bioinformatic requirements Certificate management[DONE] –For all entities (like users, services, Web portals,...) –Renew and revoke mechanisms Fine grain access to data [IN PROGRESS] –Access Control Lists (ACL) support –The owner can do modifications Data encryption [IN PROGRESS] –Long-term storage of encrypted data –Transparent (unencrypted) access for authorized users Data anonymization [STOPPED] –Medical data (analyses, diagnoses, pictures,...) –Legislation problems in France According to Biomed requirement database, and Ake Edlund, JRA3 manager

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, Enabling Grids for E-sciencE INFSO-RI EGEE Security Overview (1) Main high-level security functionalities : –Single Sign On (SSO) [DONE]  A unique authentication to access to the entire grid –Data confidentiality and integrity (commercial context, patient's data,...) [IN PROGRESS] –Fine resource access control [IN PROGRESS]  Deny or grant access to a resource for a user, a group of users, a VO, a role,... –Pseudonymity [NOT STARTED]  Accessing the grid with a pseudonym instead of user real identity According to Ake Edlund, JRA3 manager

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, Enabling Grids for E-sciencE INFSO-RI EGEE Security Overview (2) Low-level security functionalities : –Monitoring & Logging [DONE]  Analysis : pre-event and post-event  Prevention : scan, attack and intrusion detection  Identification : responsibilization and non-repudiation –Authentication [DONE]  Trusted Third Party (TTP)  X.509 certificates with a Public Key Infrastructure (PKI) –Authorization [IN PROGRESS]  Virtual Organization (VO) – the Biomed VO for example user group with a common goal who want to share their resources  Delegation with proxy certificates : act on the behalf of someone else  VO Membership Service (VOMS) Management of VOs, roles, permissions,... According to Ake Edlund, JRA3 manager

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, Enabling Grids for E-sciencE INFSO-RI EGEE Security Overview (3) –Isolation  At local system level : [IN PROGRESS] Minimize user application consequences Local Credential MAPping Service (LCMAPS)  At network level : [FROZEN] Avoid virus/worm propagation, DDoS attacks,... Dynamic Connectivity Service –Encryption key management  User keys (tied to X.509 certificates) [DONE] manage by users themselves, or by dedicated service (MyProxy)  Data keys : long-term encrypted data storage Single key store [DONE] Techniques “M-of-N” [NONE] According to Ake Edlund, JRA3 manager

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, Enabling Grids for E-sciencE INFSO-RI Data encryption systems JRA3 MDMIBCP EncFile AvalaibilitygLite 1.5 on PPS LCG2 on production, not depend of a platform CipherAES, 256bits keys DecryptionExplicitImplicit EncryptionExplicit Enc/decrypt locationRAMRAM, on-the-fly Key StoreHydra AMGAPostgreSQL M-of-N techniqueNoneShamir share algorithm IntegrationC++ API Transparent to users, catch I/O calls DeployementMDM experience Web portal and all its programs Link key to dataLFN+MetadataLFN AuthorizationgLiteLCG2

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, Enabling Grids for E-sciencE INFSO-RI Data encryption systems And other ones… –Third development from UPV Some details from Ignacio …

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, Enabling Grids for E-sciencE INFSO-RI EncFile Benchmarks

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, Enabling Grids for E-sciencE INFSO-RI Status of data security Anybody can get the list of all files (all VOs) on a SE –Just need to know the LRC_ENDPOINT « lcg-infosites --vo biomed lrc », from GOOGLE, keywords « LRC egee biomed » local-replica-catalog Anybody can get the list of LFNs of a VO –Just need to know the RMC_ENDPOINT change “edg-local-replica-catalog” by “edg-replica-metadata-catalog” From GOOGLE, keywords: « RMC egee biomed » edg-replica-metadata-catalog /services/edg-local-replica-catalog Some lcg-xx commands do not require nor proxy nor valid certificate. –Anybody can list/change/remove any LFN/alias « How anybody can do what he wants with all files stored on the EGEE grid: reality of data security on the EGEE grid »

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, Enabling Grids for E-sciencE INFSO-RI Status of data security (2) Some LCG commands don't require a valid proxy certificate –All commands that manage aliases: anybody can modify any file aliases –All commands that list elements (replica, GUID): anybody can list file entities –Even some core commands managing files ! –Sometimes the '--vo' parameter is taken as truth without any further checks

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, Enabling Grids for E-sciencE INFSO-RI Status of data security (3) Tests between 2 Vos: biomed and dteam –One file gridified with dteam VO –Then manipulated with biomed VO –Alias was deleted, and a new one was added with biomed VO (!!) –Odd listing command behaviour  lcg-la, lcg-lg, lcg-lr –2 independent catalogs  LRC = {(GUID, SFN)}  RMC = {(GUID, LFN)}  a GUID can be associated with a VO in the LRC and another in the RMC

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, Enabling Grids for E-sciencE INFSO-RI Next meetings Next MWSG : March 7-8 at Cern –Biomed attendees: R. Mollon, C. Blanchet “Authorization” session at next GGF16 in Athens (February 13-17) –Biomed attendees: R. Mollon, C. Blanchet (co-organizer) –Agenda: –Abstract:  “This workshop will consider short-term (now and next two years) Grid Authorization and Policy implementations, requirements and issues. It will investigate what improvements can be made to encourage and facilitate interoperability between Grid operational infrastructures. It will also consider lessons learned from today's implementations for the Grid security standards activities in GGF for the longer-term future. The workshop will highlight the Life Science perspective with requirements from the biomed VO in EGEE and in the overall biomedical community. »

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.