Presentation is loading. Please wait.

Presentation is loading. Please wait.

Grid Computing Security Mechanisms: the state-of-the-art

Published byAlexandrina Martin Modified over 6 years ago

Similar presentations

Presentation on theme: "Grid Computing Security Mechanisms: the state-of-the-art"— Presentation transcript:

1 Grid Computing Security Mechanisms: the state-of-the-art
A. Bendahmane, M. Essaaidi, A. El Moussaoui, A.Younes Information and Telecommunication Systems Laboratory Faculty of Sciences Tetouan, Morocco. ICMCS’2009

2 Outline Introduction Resources Level Solutions Service Level Solutions
Authentication & Authorization Level solutions Information Level Solutions Management Level Solutions Co03/05/2018nclusions ICMCS’2009

3 Introduction (Grid Computing?)
A collection of heterogeneous resources distributed over a local or wide area network, and available to an end user as a single large computing system deployment of grid technologies within the context of business and enterprise IT communities large-scale and distributed scientific computing computing power data access storage resources security has been a central issue in grid computing from the outset, and has been regarded as the most significant challenge for grid computing ICMCS’2009

4 Introduction (Security Mechanisms?)
As a result, novel security technologies have been evolving all the time within the grid computing researchers ICMCS’2009

5 Resources Level Solutions
Protecting the grid resources (grid nodes or Host, and communication network) Host Security Network Security Sandboxing Virtualization Hose service model Adaptive Firewall for the Grid Another way to secure the grid resources is through intrusion detection system (IDS) solution. ICMCS’2009

6 Service Level Solutions
DOS attack is one of the most important security threats existing in grid computing. Preventive solutions Reactive solutions Application filtering, location hiding, and the throttling techniques. Link testing, logging, ICMP traceback, and IP traceback. ICMCS’2009

7 Service Level Solutions (cont)
Advantages Disadvantages Preventive Simple implementation Static and cannot detect new attacks has significant effect on performance Reactive Has huge potential, can detect attackers Can be used as a DoS attack tool identification techniques are totally manual, and may span over months DoS attacks cannot be mitigated by one solution alone and multiple solutions should be employed to improve the effectiveness. ICMCS’2009

8 Authentication & Authorization Level solutions
ICMCS’2009

9 Authentication Authentication deals with verification of the identity of an entity within a network GSI (Grid Security Infrastructure) Kerberos LDAP ICMCS’2009

10 Authentication (cont)
GSI (Grid Security Infrastructure) Based on X.509 certificate Public private key pair Certificate Authority (CA) Requires a Public Key Infrastructure to make it a viable solution Implemented in all versions of Globus ICMCS’2009

11 Authentication (cont)
Kerberos Integration with GSI GSI does not accept Kerberos credentials as an authentication mechanism Gateways or translators which accept Kerberos credentials and convert it to GSI credentials and vice versa SSLK5/PKINIT GSI Kerberos KX.509/KCA ICMCS’2009

12 Authentication (cont)
LDAP is a naming service for the broadcast of system information which can then be used for authentication purpose. Several methods of authentication corresponding to various security levels are available in standard LDAP login/password X.509 certificate (SSL/TLS, SASL) coupled with Access Control Lists Integrating mechanisms of strong authentication like Kerberos or systems of one-time passwords ICMCS’2009

13 Authorization Authorization deals with the verification of an action that an entity can perform after that an authentication is performed successfully. Centralized Systems Decentralized Systems CAS, VOMS, EALS Akenti, PERMIS, Grid-MAP ICMCS’2009

14 Decentralized Systems
Authorization (cont) authoz Sys Parameters Centralized Systems Decentralized Systems CAS VOMS EALS Akenti PERMIS Grid-MAP Scalability High Medium Security GSI Passwords/ Certificates Inter-operability Use SAML Can use SAML SAML/ XACML May be complex in some cases minimal Revocation No Fast Can be Fast Have to be updated ICMCS’2009

15 Information Level Solutions
Information Level includes those security concerns that arise during the communication between two entities. Confidentiality Integrity Single Sign On ICMCS’2009

16 Information Level Solutions (cont)
GSI (in Globus Toolkit 4.0 or GT4) provide secure communication at two levels. Message Level Security Transport Level Security Encrypts the complete communication. Encrypts only the content of the SOAP message. Both are based on public-key cryptography ICMCS’2009

17 Information Level Solutions (cont)
Message Level Transport Level Technology WS-Security WS-SecureConversation SSL/TLS Confidentiality Yes Integrity Single Sign On No Performance Good if sending many messages Good if sending few messages Best ICMCS’2009

18 Management Level Solutions
Credentials are important in grid systems as they are used for accessing the Grid resources Mechanisms to securely store, access, and manage credentials in grid systems. Credential Management (CM) systems Credential repositories Credential federation Storing the credentials securely Generating new credentials on demand Sharing the credentials across different domains. ICMCS’2009

19 Thank you Conclusions Classification of the different security solutions in grid computing Grid security solutions have some fails and can’t protect against all types of attack. with the growth of the uses of grid computing technology in different domains, new types of attacks will arise. It is then necessary to develop more robust concepts of grid computing security. ICMCS’2009

20 Thank you ICMCS’2009

Download ppt "Grid Computing Security Mechanisms: the state-of-the-art"

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.
Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.
Grid Computing Security A Taxonomy Fletcher Liverance, 5 May 2009 IEEE Security & Privacy, 2007 Anirban Chakrabarti Anish Damodaran Shubhashis Sengupta.

Grid Computing Security A Taxonomy Fletcher Liverance, 5 May 2009 IEEE Security & Privacy, 2007 Anirban Chakrabarti Anish Damodaran Shubhashis Sengupta.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
CSC8320. Outline Content from the book Recent Work Future Work.

CSC8320. Outline Content from the book Recent Work Future Work.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
Supporting education and research Security and Authentication for the Grid Alan Robiette, JISC Development Group.

Supporting education and research Security and Authentication for the Grid Alan Robiette, JISC Development Group.

Similar presentations

Ads by Google