Presentation is loading. Please wait.

Presentation is loading. Please wait.

Daonity: Grid Security with Behaviour Conformity from Trusted Computing Daonity Team Led by HP Labs China Joint work with Wuhan University Huazhong University.

Published byDoris Lynch Modified over 9 years ago

Similar presentations

Presentation on theme: "Daonity: Grid Security with Behaviour Conformity from Trusted Computing Daonity Team Led by HP Labs China Joint work with Wuhan University Huazhong University."— Presentation transcript:

1 Daonity: Grid Security with Behaviour Conformity from Trusted Computing Daonity Team Led by HP Labs China Joint work with Wuhan University Huazhong University of Science & Technoloby Oxford University

2 Outline Grid Security: Requirements & Solutions Project Daonity Work so far (with innovations) Deliverables (to Global Grid Forum)

3 Grid Security: Requirements 1Authentication (the basics: user/resource identification) 2Single-sign-on (SSO, one credential to rule them all, with ubiquitous usability) 3Authorization (policy, e.g., access control list) 4Security for dynamic virtual organization with policy enforcement 5Security for federated computing (e.g., science collaboration)

4 Grid Security: GSI – Grid Security Infrastructure for Globus Tookit 4 1(Authentication) PKI applications, proxy certificates for Virtual Organisation (VO) 2(SSO) MyProxy: an online credential server using shared password 3(Authorization) GridMap: a file mapping between VO policy to local policy 4(Security tuned for VO): unclear in GSI 5(Security for federated computing): unclear in GSI

5 Authentication: PKI applications – notion of proxy certificate in GSI A typical VO (tapping computation from super computers elsewhere): Denote user Alice by Proxy 0 Proxy i has a proxy cryptographic credential created by Proxy i-1 A proxy credential (and certificate) is short-lived (default lifetime = 12h if sent to a foreign machine or 7 days if stored in the owner’s) Verification of proxy certificates at each proxy must trace back to CA along the chain (so it’s a genuine resource request from Alice) CAProxy1Proxy nAlice CertificateCertificates sign Certificates

6 Authorization: GridMap in GSI GSI utilizes a gridmap file to map an accessing user to a local user in order to resolute policy status for the former Similar to leaving a proxy private key in disk, a weak protection for GridMap file: a plaintext file in the file space, modifiable by the root user, readable by CAS CAS = Community Authorization Service

7 Project Daonity A Grid security standard development track in Global Grid Forum (GGF) https://forge.gridforum.org/projects/tc-rg/ “Trusted Computing for Grid Security” (TC-RG) RG = “Research Group” which I co-chair with Andrew Martin of Oxford University Implementation work is with the Chinese colleagues: Wuhan Univ: Trusted Computing (hot in China) Huazhong Univ of Sci & Tech: ChinaGrid (a big grid project)

8 Mission Trusted Computing for Grid Security TCG based cryptographic credential protection Using TPM in the Grid security environment Approach To work on the standards of TCG and Grid (GT & EGEE) To port OpenSSL to TSS  TC enabled GSI To develop open source software package as on-going GSI open standard development Not just code implementation Non-trivial research results obtained: (security suitable for VO; policy enforcement for VO; sharing of security resource; solutions to grid authorization problems, etc.)

9 Description of Work

10 TC for Grid Security Innovations – VO with Behavior Conformity Instead of using a long chain of proxy certificates, Daonity uses TC’s key migration technique between TPMs Result: Constant time and storage cost for certificate verification Behavior conformity I: No need of short lifetime stipulation. As a migration authority, Alice has her liberty to switch the migrated copy of her certificate off after the job completes Behavior conformity II: Property-based VO, using property certificates, Alice can have a VO satisfying given properties (eg, hardware configurations) CA Server 1 Server n Alice Certificate private key in TPM sign Certificate private key in TPM Migration to TPM Migration to TPM

11 TC for Grid Security Innovations – MyProxy MyProxy is an online server to achieve single sign on (SSO) using shared password between user and server. Weak security of course, (encryption of private key using password), but SSO is indispensable Problems as a result of TC enhanced GSI: How can a user without a TPM use TC enhanced GSI with SSO? How can a user of a desktop TPM roam without downgrading security?

12 Grid is about resource sharing! Property of TC: behaviour conformity: TPM owner is prohibited from doing certain things, eg, accessing the private key of a user New Protocol between a guest user and MyProxy: 1) MyProxy generates a user proxy credential as usual (i.e., password protected); 2) It encrypts the result using a public key of the TPM of a hosting platform; So, not only SSO is preserved with TC strengthened security, but also TPM becomes a shared resource; the owner cannot use the guest’s credential One may not own a TPM. But from Daonity, TPM enhanced Grid security will make shared use of TPM to become available to ALL in one go

13 TC for Grid Security Innovations – Gridmap Gridmap Modify : a module for modifying gridmap files, writing to persistent storage , and signing for integrity protection Gridmap Use : a module for allowing GSI to read and verify signature of the current gridmap file, and alerting integrity failure Gridmap Renew : a module for keeping in TPM an audit trail of gridmap files: PCR  SHA-1(PCR || gm_i) The audit trail is: PCR, gm_1, gm_2, …, gm_i, … This is also a mechanism allowing proof of proper conduct by the root user (protection from being framed)

14 Auditing trail for Gridmap

15 Implementation Status Daonity’s implementation has enjoyed great benefit from the open source availability of TrouSerS, GT4 and OpenSSL Credential migration is the most significant bit in the implementation so far, and done in open source for the first time (TrouSerS has no migration for Daonity to work with) So far, implementation is done only for TPM (version 1.1b) of Infineon Technology AG, and HP platforms Since Daonity will be open source, so it can soon become available to TPM-platforms of all vendors

16 Implementation Status Still very buggy, and because of so, the demo is limited to “credential migration” (the most difficult and significant bit) Difficult because Infineon has not made hardware development manual available for the Daonity team to use, and TrouSerS has not done migration either Significant because we think migration is the key element to achieve property-based Grid VO (this is in fact a Daonity’s contribution to TCG proper, i.e., not just a TCG application, it’s a return)

17 What will be shown today A proxy “certificate” in GT includes a private key in cleartext in order for a destination proxy to use. Not anymore in Daonity, a proxy cert is now 100% public! The matching private key stays in TPMs and transfers (in TCG’s term: migrates) from one to another, never to be exposed outside TPM The demo will show a general case of three-hop credential migration: Alice let her proxy credential migrate to a server, then the server follows Alice’s order to let it further migrate (or duplicate to a number of TPMs)

18 Future Work The following will be worked in Daonity Phase II Grid security requirement 5: Grid for science collaboration, secure multiparty computation. This involves attestation technique. TPM for servers: Trusted Servers Technology. This should be in accordance with TCG standard progress.

Download ppt "Daonity: Grid Security with Behaviour Conformity from Trusted Computing Daonity Team Led by HP Labs China Joint work with Wuhan University Huazhong University."

Similar presentations

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
GridWorld 2006 Use of MyProxy for the FusionGrid Mary Thompson Monte Goode GridWorld 2006.

GridWorld 2006 Use of MyProxy for the FusionGrid Mary Thompson Monte Goode GridWorld 2006.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.

Open Grid Forum 19 January 31, 2007 Chapel Hill, NC Stephen Langella Ohio State University Grid Authentication and Authorization with.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Vpn-info.com.

Vpn-info.com.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
Jim Basney GSI Credential Management with MyProxy GGF8 Production Grid Management RG Workshop June.

Jim Basney GSI Credential Management with MyProxy GGF8 Production Grid Management RG Workshop June.
Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Similar presentations

Ads by Google