Presentation is loading. Please wait.

Presentation is loading. Please wait.

MyGrid Security Issues Simon Miles University of Southampton.

Similar presentations

Presentation on theme: "MyGrid Security Issues Simon Miles University of Southampton."— Presentation transcript:

1 myGrid Security Issues Simon Miles University of Southampton

2 Sources of Security Requirements Service Providers Data Storage Providers Provenance Models

3 Service Providers - Authentication Currently Free and anonymous services No authentication Organisation-level auditing Future Plans User-level authentication (PKI) for update of databases, signed 3 rd party annotation, embargoed data access, pay-per-view… Social problems: co-authors, in-organisation data use

4 Service Providers - Authorisation Used for scheduling - provider gives a ticket to be used later Notifications sent indicating that jobs are complete should be sent securely Auditing of unauthorised access, 3rd party databases, job prioritisation Users concerned about SP security - prefer to download database Encryption: false sense of security

5 Data Storage Providers Authentication (integrate for single sign-on) Authorisation Granularity of access to database records (researcher: record, manager: table etc.) Actions: read, write, delete, update Role-Based Access Control: roles based on user group types Anonymous provenance logs (hidden through database views?) - company/country dependent Auditing

6 Provenance Early stage – largely undefined scenarios Unclear what level of security is desired Anonymous record of activity occurring (still requires some identification to retrieve) Activity recorded for re-enactment Activity recorded for publishing or legal proof Quality of service for provenance recording, including security level Right to delete, different party provenance for non-repudiation (ownership?)

7 Provenance – Use Case User enacts process using Workflow Enactment Engine The WEE dynamically discovers services using UDDI In order to generate provenance logs, user identity revealed How can user ensure privacy is safeguarded in this model?

8 Proxies In general, services such as the WEE will be interacting, on behalf of clients, with dynamically discovered services Dynamically discovered services are not known about at deployment time so how to authenticate service with user? GSI proxy certificates inadequate due to possibility of compromise

Download ppt "MyGrid Security Issues Simon Miles University of Southampton."

Similar presentations

Ads by Google