Presentation is loading. Please wait.

Presentation is loading. Please wait.

Grid Computing Security Mechanisms: the state-of-the-art

Similar presentations


Presentation on theme: "Grid Computing Security Mechanisms: the state-of-the-art"— Presentation transcript:

1 Grid Computing Security Mechanisms: the state-of-the-art
A. Bendahmane, M. Essaaidi, A. El Moussaoui, A.Younes Information and Telecommunication Systems Laboratory Faculty of Sciences Tetouan, Morocco. ICMCS’2009

2 Outline Introduction Resources Level Solutions Service Level Solutions
Authentication & Authorization Level solutions Information Level Solutions Management Level Solutions Co03/05/2018nclusions ICMCS’2009

3 Introduction (Grid Computing?)
A collection of heterogeneous resources distributed over a local or wide area network, and available to an end user as a single large computing system deployment of grid technologies within the context of business and enterprise IT communities large-scale and distributed scientific computing computing power data access storage resources security has been a central issue in grid computing from the outset, and has been regarded as the most significant challenge for grid computing ICMCS’2009

4 Introduction (Security Mechanisms?)
As a result, novel security technologies have been evolving all the time within the grid computing researchers ICMCS’2009

5 Resources Level Solutions
Protecting the grid resources (grid nodes or Host, and communication network) Host Security Network Security Sandboxing Virtualization Hose service model Adaptive Firewall for the Grid Another way to secure the grid resources is through intrusion detection system (IDS) solution. ICMCS’2009

6 Service Level Solutions
DOS attack is one of the most important security threats existing in grid computing. Preventive solutions Reactive solutions Application filtering, location hiding, and the throttling techniques. Link testing, logging, ICMP traceback, and IP traceback. ICMCS’2009

7 Service Level Solutions (cont)
Advantages Disadvantages Preventive Simple implementation Static and cannot detect new attacks has significant effect on performance Reactive Has huge potential, can detect attackers Can be used as a DoS attack tool identification techniques are totally manual, and may span over months DoS attacks cannot be mitigated by one solution alone and multiple solutions should be employed to improve the effectiveness. ICMCS’2009

8 Authentication & Authorization Level solutions
ICMCS’2009

9 Authentication Authentication deals with verification of the identity of an entity within a network GSI (Grid Security Infrastructure) Kerberos LDAP ICMCS’2009

10 Authentication (cont)
GSI (Grid Security Infrastructure) Based on X.509 certificate Public private key pair Certificate Authority (CA) Requires a Public Key Infrastructure to make it a viable solution Implemented in all versions of Globus ICMCS’2009

11 Authentication (cont)
Kerberos Integration with GSI GSI does not accept Kerberos credentials as an authentication mechanism Gateways or translators which accept Kerberos credentials and convert it to GSI credentials and vice versa SSLK5/PKINIT GSI Kerberos KX.509/KCA ICMCS’2009

12 Authentication (cont)
LDAP is a naming service for the broadcast of system information which can then be used for authentication purpose. Several methods of authentication corresponding to various security levels are available in standard LDAP login/password X.509 certificate (SSL/TLS, SASL) coupled with Access Control Lists Integrating mechanisms of strong authentication like Kerberos or systems of one-time passwords ICMCS’2009

13 Authorization Authorization deals with the verification of an action that an entity can perform after that an authentication is performed successfully. Centralized Systems Decentralized Systems CAS, VOMS, EALS Akenti, PERMIS, Grid-MAP ICMCS’2009

14 Decentralized Systems
Authorization (cont) authoz Sys Parameters Centralized Systems Decentralized Systems CAS VOMS EALS Akenti PERMIS Grid-MAP Scalability High Medium Security GSI Passwords/ Certificates Inter-operability Use SAML Can use SAML SAML/ XACML May be complex in some cases minimal Revocation No Fast Can be Fast Have to be updated ICMCS’2009

15 Information Level Solutions
Information Level includes those security concerns that arise during the communication between two entities. Confidentiality Integrity Single Sign On ICMCS’2009

16 Information Level Solutions (cont)
GSI (in Globus Toolkit 4.0 or GT4) provide secure communication at two levels. Message Level Security Transport Level Security Encrypts the complete communication. Encrypts only the content of the SOAP message. Both are based on public-key cryptography ICMCS’2009

17 Information Level Solutions (cont)
Message Level Transport Level Technology WS-Security WS-SecureConversation SSL/TLS Confidentiality Yes Integrity Single Sign On No Performance Good if sending many messages Good if sending few messages Best ICMCS’2009

18 Management Level Solutions
Credentials are important in grid systems as they are used for accessing the Grid resources Mechanisms to securely store, access, and manage credentials in grid systems. Credential Management (CM) systems Credential repositories Credential federation Storing the credentials securely Generating new credentials on demand Sharing the credentials across different domains. ICMCS’2009

19 Thank you Conclusions Classification of the different security solutions in grid computing Grid security solutions have some fails and can’t protect against all types of attack. with the growth of the uses of grid computing technology in different domains, new types of attacks will arise. It is then necessary to develop more robust concepts of grid computing security. ICMCS’2009

20 Thank you ICMCS’2009


Download ppt "Grid Computing Security Mechanisms: the state-of-the-art"

Similar presentations


Ads by Google