A user-friendly approach to grid security

Slides:

Advertisements

Similar presentations

Combining the strengths of UMIST and The Victoria University of Manchester Adapting to Federated Identity SHEBANGS Shibboleth Enabled Bridge to Access.

Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

GT 4 Security Goals & Plans Sam Meder

ASPiS - Architecture for a Shibboleth-Protected iRODS System Mark Hedges, Tobias Blanke Centre for e-Research, Kings College London Adil Hasan, Jens Jensen.

Building a secure Condor ® pool in an open academic environment Bruce Beckles University of Cambridge Computing Service.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

Grid Security. Typical Grid Scenario Users Resources.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.

1 Secure Zero Configuration in a Ubiquitous Computing Environment Shenglan Hu and Chris J. Mitchell Information Security Group Royal Holloway, University.

Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Removing digital certificates from the end-user’s experience of grid environments Bruce Beckles University of Cambridge Computing Service.

Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

The DSpace Course Module – User management and authentication options.

Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

Supporting education and research Security and Authentication for the Grid Alan Robiette, JISC Development Group.

National Computational Science National Center for Supercomputing Applications National Computational Science Credential Management in the Grid Security.

NA-MIC National Alliance for Medical Image Computing UCSD: Engineering Core 2 Portal and Grid Infrastructure.

Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.

OGF22 25 th February 2008 OGF22 Demo Slides Prof. Richard O. Sinnott Technical Director, National e-Science Centre University of Glasgow, Scotland

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Shibboleth & Grid Integration STFC and University of Oxford (and University of Manchester)

A user-friendly approach to grid security Bruce Beckles University of Cambridge Computing Service A user-friendly approach to grid security “Grid ‘security’?

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Standards driven AAA for Job Management within the OMII-UK distribution Steven Newhouse Director, OMII-UK

1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.

Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore

Decentralized User Authentication in a Global File System CS294-4 Presentation Nikita Borisov October 6, 2003.

Shibboleth Use at the National e-Science Centre Hub Glasgow at collaborating institutions in the Shibboleth federation depending.

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Introduction Salma Saber Electronic.

Virtual Organisation Management in the Level 2 Grid Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College.

Virtual Organisations and the NGS Mike Jones Research Computing Services e-Science & “The Grid” for Bio/Health Informaticians, IT January 2008.

Key management issues in PGP

Accessing the VI-SEEM infrastructure

Securing Network Servers

Grid Computing Security Mechanisms: the state-of-the-art

Third Party Transfers & Attribute URI ideas

Simple Authentication for the Web

Module Overview Installing and Configuring a Network Policy Server

UVOS and VOMS differences

Cryptography and Network Security

A Model for Grid User Management

Public Key Infrastructure (PKI)

Viet Tran Institute of Informatics Slovakia

Interoperability & Standards

Unit 27: Network Operating Systems

Privilege Separation in Condor

Grid Security M. Jouvin / C. Loomis (LAL-Orsay)

NSF Middleware Initiative: GridShib

From Prototype to Production Grid

BACHELOR’S THESIS DEFENSE

BACHELOR’S THESIS DEFENSE

The JISC Core Middleware Call

Grid Computing Software Interface

Presentation transcript:

A user-friendly approach to grid security Could Would Can’t use it, Won’t use it! Bruce Beckles University of Cambridge Computing Service

“State of the Grid” Authentication: Authorisation: Auditing: Digital certificates (X.509-based PKI) Crosses institutional boundaries Authorisation: Either simplistic “allow” lists in text files (the grid-mapfile), or… Complex, heavyweight, “general purpose” authorisation frameworks (e.g. CAS, VOMS, PERMIS, Shibboleth) Auditing: Auditing? What auditing? The “missing link” – Siebenlist, Globus Alliance

Problems for End-Users Digital certificates difficult to obtain and use… so (shock!) users hate them So difficult that users share certificates (and not just within a single institution) Experience so painful some users refuse to use grid technology if it will involve certificates (e.g. BRIDGES project) Most users don’t understand digital certificates, so they behave inappropriately… Multiple copies of certificates (and proxy certificates) scattered across the grid (not always protected)

Problems for Administrators Users’ desperate attempts to cope with certificates mean that soon no one knows who is actually using which certificates and for what… …and when does a certificate get revoked anyway?: When a user leaves the institution? When they leave the project? How does the Certificate Authority know? Confusion between “identity” and “membership” ( authorisation)

Authorisation Issues Authorisation mechanisms: choice? what choice?… Either just an “allow” list: Too simplistic …or complex, heavyweight framework: Difficult to understand, deploy, maintain and administer May require centralised co-ordination or infrastructure In all cases, dependent on the integrity of the authentication mechanism, so, currently… …it’s doomed…

Auditing Issues Who did what? From where?: Who: dependent on integrity of authentication mechanism… uh-oh… What: executable name often “lost in transit” (data, condor_exec.exe), and executable normally deleted on job completion… oh, good... Where: IP address of host submitting job… but IP addresses can be spoofed…! …And what else should we be recording…? Audit data usually stored locally, so… Successful attacker can modify it(!)

Why is it like this? Current solutions: Heavyweight: Poor Usability: Difficult to deploy and administer Often require inappropriately centralised infrastructure Complex (so difficult to understand) Poor Usability: Difficult for end-users to use Difficult to configure and administer Poor/Inappropriate Design: “One size fails all” Designed to developer’s agenda, not users’

User-friendly security… Lightweight: Easy to deploy and administer Easy to understand Restricted to a sensible-sized problem domain User-centred design: Design for the user, not in spite of them Understand and satisfy stakeholder requirements Continuous user involvement Ongoing usability testing Formal security methods: Formal analysis and modelling …so we understand what’s going on Formal security verification …so we know we’ve got it right

…in a grid context Handle local issues locally (“localise, don’t centralise”): Authentication: authenticate against local authentication service VO membership: use local identity to determine membership/authorisation (parameterised RBAC?) Distribute information across resources as necessary Certificates appalling, passwords better: Use local authentication to obtain or create certificates on behalf of the user to interact with existing grids User never sees a certificate! Conform to best practice: Audit data stored remotely Don’t rely on IP addresses

So who’s doing this? “User-Friendly Authentication and Authorisation for Grid Environments” project: UCL, Manchester, Cambridge, Newcastle, London South Bank University Planned start date: October 2006 EPSRC funded For our proposed authentication mechanism (wraps existing GSI mechanism), see: Removing digital certificates from the end-user’s experience of grid environments (2004): http://www.allhands.org.uk/proceedings/papers/250.pdf Mechanisms for increasing the usability of grid security (2005): http://dx.doi.org/10.1016/j.ijhcs.2005.04.017

Questions?