Scuola Grid INFN, Martina Franca, Nov

Slides:



Advertisements
Similar presentations
Data Management Expert Panel - WP2. WP2 Overview.
Advertisements

EGEE-II INFSO-RI Enabling Grids for E-sciencE The gLite middleware distribution OSG Consortium Meeting Seattle,
E-science grid facility for Europe and Latin America A Data Access Policy based on VOMS attributes in the Secure Storage Service Diego Scardaci.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong
EGEE-III INFSO-RI Enabling Grids for E-sciencE The Medical Data Manager : the components Johan Montagnat, Romain Texier, Tristan.
The LCG File Catalog (LFC) Jean-Philippe Baud – Sophie Lemaitre IT-GD, CERN May 2005.
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) GISELA Additional Services Diego Scardaci
The Grid System Design Liu Xiangrui Beijing Institute of Technology.
Group 1 : Grid Computing Laboratory of Information Technology Supervisors: Alexander Ujhinsky Nikolay Kutovskiy.
DIRAC Review (13 th December 2005)Stuart K. Paterson1 DIRAC Review Exposing DIRAC Functionality.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE middleware: gLite Data Management EGEE Tutorial 23rd APAN Meeting, Manila Jan.
E-science grid facility for Europe and Latin America Using Secure Storage Service inside the EELA-2 Infrastructure Diego Scardaci INFN (Italy)
Enabling Grids for E-sciencE Introduction Data Management Jan Just Keijser Nikhef Grid Tutorial, November 2008.
NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.
EGEE-II INFSO-RI Enabling Grids for E-sciencE The GILDA training infrastructure.
T3 analysis Facility V. Bucard, F.Furano, A.Maier, R.Santana, R. Santinelli T3 Analysis Facility The LHCb Computing Model divides collaboration affiliated.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
INFSO-RI Enabling Grids for E-sciencE Αthanasia Asiki Computing Systems Laboratory, National Technical.
USQCD regional grid Report to ILDG /28/09ILDG14, June 5, US Grid Usage  Growing usage of gauge configurations in ILDG file format.  Fermilab.
Managing Data DIRAC Project. Outline  Data management components  Storage Elements  File Catalogs  DIRAC conventions for user data  Data operation.
INFSO-RI Enabling Grids for E-sciencE Introduction Data Management Ron Trompert SARA Grid Tutorial, September 2007.
Database authentication in CORAL and COOL Database authentication in CORAL and COOL Giacomo Govi Giacomo Govi CERN IT/PSS CERN IT/PSS On behalf of the.
David Adams ATLAS ATLAS distributed data management David Adams BNL February 22, 2005 Database working group ATLAS software workshop.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Grid2Win : gLite for Microsoft Windows Roberto.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Data management in LCG and EGEE David Smith.
1 Egrid portal Stefano Cozzini and Angelo Leto. 2 Egrid portal Based on P-GRADE Portal 2.3 –LCG-2 middleware support: broker, CEs, SEs, BDII –MyProxy.
Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore
INFSO-RI Enabling Grids for E-sciencE University of Coimbra GSAF Grid Storage Access Framework Salvatore Scifo INFN of Catania EGEE.
The Institute of High Energy of Physics, Chinese Academy of Sciences Sharing LCG files across different platforms Cheng Yaodong, Wang Lu, Liu Aigui, Chen.
EGEE is a project funded by the European Union under contract IST Data Management Data Access From WN Paolo Badino Ricardo.
Grid Execution Management for Legacy Code Architecture Exposing legacy applications as Grid services: the GEMLCA approach Centre.
FESR Consorzio COMETA - Progetto PI2S2 GSAF Grid Storage Access Framework Salvatore Scifo
Analyzing Code with CAST RPA SCAN. IDENTIFY. ACT..
EGEE-II INFSO-RI Enabling Grids for E-sciencE Architecture of LHC File Catalog Valeria Ardizzone INFN Catania – EGEE-II NA3/NA4.
FESR Trinacria Grid Virtual Laboratory Grid Industry Day Catania October 2006 Secure Data Storage Into Grid Enviroment Unico Srl :
FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America LFC Server Installation and Configuration.
Scuola Grid INFN, Trieste, 1-12 Dic Managing Confidential Data in the gLite Middleware – The Secure Storage.
Some considerations and ideas for the (next) future Roberto Barbera University of Catania and INFN IWSG’10.
INFSO-RI Enabling Grids for E-sciencE Security needs in the Medical Data Manager EGEE MWSG, March 7-8 th, 2006 Ákos Frohner on behalf.
EGEE Data Management Services
Jean-Philippe Baud, IT-GD, CERN November 2007
Gri2Win: Porting gLite to run under Windows XP Platform
Grid2Win: Porting of gLite middleware to Windows platform
Grid2Win Porting of gLite middleware to Windows XP platform
Data Virtualization Tutorial… SSL with CIS Web Data Sources
GFAL Grid File Access Library
GFAL: Grid File Access Library
Authentication, Authorisation and Security
Java API del Logical File Catalog (LFC)
Data Bridge Solving diverse data access in scientific applications
Cross-health enterprises Medical Data Management on the EGEE grid
gLite Data management system overview
Grid Training done in/by the Italian Federation in 2007 Roberto Barbera Univ. of Catania and INFN NA3 Partner Review Meeting at EGEE’07 Budapest,
Introduction to Data Management in EGI
Grid2Win: Porting of gLite middleware to Windows XP platform
AMGA Web Interface Salvatore Scifo INFN sez. Catania
The gLite API – Part II Giuseppe LA ROCCA ACGRID-II School
Giuseppe Patania Nov, Martina Franca (Ta)‏
Grid Security Jinny Chien Academia Sinica Grid Computing.
Data Management in Release 2
Gri2Win: Porting gLite to run under Windows XP Platform
GSAF Grid Storage Access Framework
Grid2Win: Porting of gLite middleware to Windows XP platform
GSAF Grid Storage Access Framework
Grid Security M. Jouvin / C. Loomis (LAL-Orsay)
AMGA Web Interface Vincenzo Milazzo
Data services in gLite “s” gLite and LCG.
Grid Engine Diego Scardaci (INFN – Catania)
Presentation transcript:

Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 1 Managing Confidential Data in the gLite Middleware – The Secure Storage Service Fabio Scibilia per conto di - Diegi Scardaci (INFN Catania) - Giordano Scuderi (UNICO srl - Catania) Prima Scuola su aspetti pratici del grid computing Martina Franca (TA), 12-24 Nov. 2007 Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 1

Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 2 Outline Data Encryption and Secure Storage Insider Abuse: Problem and Solution The Secure Storage Service for the gLite Middleware: Command Line Applications Application Program Interface The Keystore Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 2

Data Encryption and Secure Storage The Secure Storage project is carried out by UNICO S.R.L. (http://www.unicosrl.it/) in collaboration with INFN Catania. The objective of the project is to create a mechanism to store in a secure way and in an encrypted format data on the grid storage elements. Thanks to this solution we want to solve the insider abuse problem. Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 3

Insider Abuse: Problem A grid user could store sensitive data in a Storage Elements managed by external organizations. Storage Elements Administrators could access data (but the data are sensitive!). For this reason data MUST be stored in an encrypted format. Data Encryption/Decryption MUST be performed inside user secure environment (for example inside the user’s organization). Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 4

Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 5 Insider Abuse: A Solution USER (VIRTUAL) ORGANIZATION File Encryption /Decryption SE Encrypted File Key Encrypted File SECURE ENVIRONMENT KeyStore SE Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 5

A Secure Storage service for the gLite Middleware Provides gLite users with suitable and simple tools to store confidential data in storage elements in a transparent and secure way. The service is composed by the following components: Command Line Applications: commands integrated in the gLite 3.1 (last release!) User Interface to encrypt/upload and decrypt/ download files. Application Program Interface: allows the developer to write programs able to manage confidential data . Keystore: a new grid element used to store and retrieve the users’ keys. Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 6

Command Line Applications We provide a new set of commands on the gLite User Interface: Like lcg-utils commands, but they work on encrypted data. Encryption and decryption process are transparent to the user. Example (copy a local file on a GRID Storage Element): lcg-cr -d <destination SE> -L <destination> <source> lcg-scr -d <destination SE> -L <destination> <source> These commands allow to make the main Data Management operations: Copy data/file on Storage Elements Read data/file from Storage Elements Delete data/file on Storage Elements …. Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 7

Command Line Applications Main Commands: lcg-scr encrypts a file and uploads it on a storage element, registering its Logical File Name in a LFC catalog. Moreover, it stores the key used to encrypt the file in a key repository. An ACL will be associated to each key on the repository. This ACL will contain all users authorized to access the file. lcg-scp downloads an encrypted file, gets the key to decrypt the file from the repository, decrypts the file and store it on a local file-system. Only authorized users (inserted into an ACL ) can access the key necessary to decrypt the file. lcg-sdel deletes one or all the replicas of a file. It also deletes the key associated to this file (only if you delete the last replica!) Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 8

Command Line Applications details Details about the main commands: lcg-scr lcg-scp Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 12

lcg-scr: Encryption and Storage Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 13

lcg-scp: Retrieval and Decryption Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 14

Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 16 Secure Storage API Secure Storage C API ( like lcg API encrypt and decrypt entire file ): int lcg_scr ( char *src_file, char *dest_file, char *guid, char* lfn, char *vo, char *relative_path, char *conf_file, int insecure, int verbose, char *actual_gid ); int lcg_scp ( char *src_file, char *dest_file, char *vo, char *conf_file, int insecure, int verbose ); int lcg_sdel ( char *src_file, int aflag, char *se, char *vo, char *conf_file, int insecure, int verbose, int timeout); To use Secure Storage C API add in your code: #include “securestorage.h” Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 16

Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 17 Secure Storage API 2 Development of API like GFAL ( encrypt and decrypt block of data ): int securestorage_open( char *lfn, int flags, mode_t mode ); int securestorage_write ( int fd, void *buffer, size_t size ); int securestorage_read ( int fd, void *buffer, size_t size ); int securestorage_close ( int fd ); Read and Write encrypted data like plain data! open read/write close Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 17

Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 18 The Keystore (1) The Keystore is a new grid element used to store and retrieve the users’ key in a secure way. The Keystore: is identified by an host X.509 digital certificate; all its Grid transactions are mutually authenticated and encrypted as required by the GSI model; should be placed in a trusted domain and should be appropriately protected by undesired connections; is a black box with a single interface towards the external world. This interface accepts only GSI authenticated connections; Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 18

Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 19 The Keystore (2) The Keystore: the client request is processed only if the client is a member of a enabled users list and/or it belongs to an enabled Virtual Organization; if the client want to retrieve a key, the keystore checks if the request is coming from an authorized user inserted on the ACL associated to the request key. Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 19

Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 20 Refernces Wiki page https://grid.ct.infn.it/twiki/bin/view/GILDA/GILDASecureStorage At the bottom of the page you can download an AVI clip Web page http://securestorage.sourceforge.net/ Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 20

Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 21 Any questions ? Scuola Grid INFN, Martina Franca, 12-23 Nov. 2007 - 21

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.