Grid Computing Security Mechanisms: the state-of-the-art

Slides:

Advertisements

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Advertisements

Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab

GT 4 Security Goals & Plans Sam Meder

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

Trust Establishment in Pervasive Grid Environments Syed Naqvi, Michel Riguidel TÉLÉCOM PARIS ÉNST É cole N ationale S upérieur des T élécommunications.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Internet Protocol Security (IPSec)

Security on the Internet Jan Damsgaard Dept. of Informatics Copenhagen Business School

Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.

Security in Virtual Laboratory System Jan Meizner Supervisor: dr inż. Marian Bubak Consultancy: dr inż. Maciej Malawski Master of Science Thesis.

Grid Computing Security A Taxonomy Fletcher Liverance, 5 May 2009 IEEE Security & Privacy, 2007 Anirban Chakrabarti Anish Damodaran Shubhashis Sengupta.

WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.

CSC8320. Outline Content from the book Recent Work Future Work.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

Supporting education and research Security and Authentication for the Grid Alan Robiette, JISC Development Group.

Csci5233 computer security & integrity 1 Cryptography: an overview.

1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.

ICC Module 3 Lesson 5 – IT Security 1 / 4 © 2015 Ph. Janson Information, Computing & Communication Security – Clip 0 – Introduction School of Computer.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Office of Science U.S. Department of Energy Grid Security at NERSC/LBL Presented by Steve Chan Network, Security and Servers

Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Security and Delegation The Certificate Perspective Jens Jensen Rutherford Appleton Laboratory Workshop at NIKHEF, 27 April 2010.

Presented by Edith Ngai MPhil Term 3 Presentation

Grid and Cloud Computing

CompTIA Security+ Study Guide (SY0-401)

History and Implementation of the IEEE 802 Security Architecture

ClearAvenue, LLC Headquartered in Columbia, Maryland

Case studies on Authentication, Authorization and Audit in SOA Environments Dr. Srini Kankanahalli.

Cryptography: an overview

LIGO Identity and Access Management

Cryptography: an overview

MANAGEMENT AND METHODS OF MOBILE IP SECURITY

IT443 – Network Security Administration Instructor: Bo Sheng

Cloud Security– an overview Keke Chen

Security of Grid Computing Environments

Security Requirements for ChinaGrid Applications - What the current grid security solutions cannot do Hai Jin Huazhong University of Science and Technology.

NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.

HellasGrid CA & euGridPMA

Radius, LDAP, Radius used in Authenticating Users

Peer-to-peer networking

A user-friendly approach to grid security

Threat Management Gateway

Study course: “Computing clusters, grids and clouds” Andrey Y. Shevel

THE STEPS TO MANAGE THE GRID

Public Key Infrastructure (PKI)

Security in Networking

CompTIA Security+ Study Guide (SY0-401)

Seraphim : A Security Architecture for Active Networks

IS4550 Security Policies and Implementation

Security in ebXML Messaging

Pooja programmer,cse department

Goals Introduce the Windows Server 2003 family of operating systems

Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.

Cryptography: an overview

Liang Fang, Dennis Gannon Indiana University Frank Siebenlist

How to Mitigate the Consequences What are the Countermeasures?

Install AD Certificate Services

ONLINE SECURE DATA SERVICE

Advanced Computer Networks

Security Requirements Analysis for Large-scale Distributed Systems

Protection Mechanisms in Security Management

Presentation transcript:

Grid Computing Security Mechanisms: the state-of-the-art A. Bendahmane, M. Essaaidi, A. El Moussaoui, A.Younes Information and Telecommunication Systems Laboratory Faculty of Sciences Tetouan, Morocco. ICMCS’2009

Outline Introduction Resources Level Solutions Service Level Solutions Authentication & Authorization Level solutions Information Level Solutions Management Level Solutions Co03/05/2018nclusions ICMCS’2009

Introduction (Grid Computing?) A collection of heterogeneous resources distributed over a local or wide area network, and available to an end user as a single large computing system deployment of grid technologies within the context of business and enterprise IT communities large-scale and distributed scientific computing computing power data access storage resources security has been a central issue in grid computing from the outset, and has been regarded as the most significant challenge for grid computing ICMCS’2009

Introduction (Security Mechanisms?) As a result, novel security technologies have been evolving all the time within the grid computing researchers ICMCS’2009

Resources Level Solutions Protecting the grid resources (grid nodes or Host, and communication network) Host Security Network Security Sandboxing Virtualization Hose service model Adaptive Firewall for the Grid Another way to secure the grid resources is through intrusion detection system (IDS) solution. ICMCS’2009

Service Level Solutions DOS attack is one of the most important security threats existing in grid computing. Preventive solutions Reactive solutions Application filtering, location hiding, and the throttling techniques. Link testing, logging, ICMP traceback, and IP traceback. ICMCS’2009

Service Level Solutions (cont) Advantages Disadvantages Preventive Simple implementation Static and cannot detect new attacks has significant effect on performance Reactive Has huge potential, can detect attackers Can be used as a DoS attack tool identification techniques are totally manual, and may span over months DoS attacks cannot be mitigated by one solution alone and multiple solutions should be employed to improve the effectiveness. ICMCS’2009

Authentication & Authorization Level solutions ICMCS’2009

Authentication Authentication deals with verification of the identity of an entity within a network GSI (Grid Security Infrastructure) Kerberos LDAP ICMCS’2009

Authentication (cont) GSI (Grid Security Infrastructure) Based on X.509 certificate Public private key pair Certificate Authority (CA) Requires a Public Key Infrastructure to make it a viable solution Implemented in all versions of Globus ICMCS’2009

Authentication (cont) Kerberos Integration with GSI GSI does not accept Kerberos credentials as an authentication mechanism Gateways or translators which accept Kerberos credentials and convert it to GSI credentials and vice versa SSLK5/PKINIT GSI Kerberos KX.509/KCA ICMCS’2009

Authentication (cont) LDAP is a naming service for the broadcast of system information which can then be used for authentication purpose. Several methods of authentication corresponding to various security levels are available in standard LDAP login/password X.509 certificate (SSL/TLS, SASL) coupled with Access Control Lists Integrating mechanisms of strong authentication like Kerberos or systems of one-time passwords ICMCS’2009

Authorization Authorization deals with the verification of an action that an entity can perform after that an authentication is performed successfully. Centralized Systems Decentralized Systems CAS, VOMS, EALS Akenti, PERMIS, Grid-MAP ICMCS’2009

Decentralized Systems Authorization (cont) authoz Sys Parameters Centralized Systems Decentralized Systems CAS VOMS EALS Akenti PERMIS Grid-MAP Scalability High Medium Security GSI Passwords/ Certificates Inter-operability Use SAML Can use SAML SAML/ XACML May be complex in some cases minimal Revocation No Fast Can be Fast Have to be updated ICMCS’2009

Information Level Solutions Information Level includes those security concerns that arise during the communication between two entities. Confidentiality Integrity Single Sign On ICMCS’2009

Information Level Solutions (cont) GSI (in Globus Toolkit 4.0 or GT4) provide secure communication at two levels. Message Level Security Transport Level Security Encrypts the complete communication. Encrypts only the content of the SOAP message. Both are based on public-key cryptography ICMCS’2009

Information Level Solutions (cont) Message Level Transport Level Technology WS-Security WS-SecureConversation SSL/TLS Confidentiality Yes Integrity Single Sign On No Performance Good if sending many messages Good if sending few messages Best ICMCS’2009

Management Level Solutions Credentials are important in grid systems as they are used for accessing the Grid resources Mechanisms to securely store, access, and manage credentials in grid systems. Credential Management (CM) systems Credential repositories Credential federation Storing the credentials securely Generating new credentials on demand Sharing the credentials across different domains. ICMCS’2009

Thank you Conclusions Classification of the different security solutions in grid computing Grid security solutions have some fails and can’t protect against all types of attack. with the growth of the uses of grid computing technology in different domains, new types of attacks will arise. It is then necessary to develop more robust concepts of grid computing security. ICMCS’2009

Thank you ICMCS’2009