King of France, Louis XVI Restorer of French Liberty

Slides:

Advertisements

Similar presentations

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Access Control Chapter 3 Part 3 Pages 209 to 227.

The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.

Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.

Grid Security. Typical Grid Scenario Users Resources.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

EUropean Best Information through Regional Outcomes in Diabetes Privacy and Disease Registries Technical Aspects Peter Beck JOANNEUM RESEARCH, Austria.

Using Digital Credentials On The World-Wide Web M. Winslett.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 2 Operating System Security Fundamentals.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Air Force Association (AFA) 1. 1.Access Control 2.Four Steps to Access 3.How Does it Work? 4.User and Guest Accounts 5.Administrator Accounts 6.Threat.

Bill Gates’ RSA 2006 Keynote presentation Questions and answers.

Session 11: Security with ASP.NET

Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

©2011 Quest Software, Inc. All rights reserved. Patrick Hunter EMEA IDAM Team Lead 7 th February 2012 Creating simple, effective and lasting IDAM solutions.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

Windows Security. Security Windows 2000/XP Professional security oriented Authentication Authorization Internet Connection Firewall.

1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.

INFSO-RI Enabling Grids for E-sciencE Getting Started Guy Warner NeSC Training Team Induction to Grid Computing and the National.

Module 11: Securing a Microsoft ASP.NET Web Application.

CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.

Mine Altunay July 30, 2007 Security and Privacy in OSG.

Oxford University e-Science Centre 1 Managing Access 4 Dec Managing Access to Resources on the Grid 4 December 2002.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 7 Authentication Methods and Requirements.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Auditing Project Architecture VERY HIGH LEVEL Tanya Levshina.

OSG Site Admin Workshop - Mar 2008Using gLExec to improve security1 OSG Site Administrators Workshop Using gLExec to improve security of Grid jobs by Alain.

Grid Security and Identity Management Mine Altunay Security Officer, Open Science Grid, Fermilab.

1 Grid School Module 4: Grid Security. 2 Typical Grid Scenario Users Resources.

WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.

Internet2 Base CAMP Topics in Middleware: Authentication.

JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.

HTCondor Security Basics HTCondor Week, Madison 2016 Zach Miller Center for High Throughput Computing Department of Computer Sciences.

Security Bob Cowles

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Questionnaires to Cloud technology providers and sites Linda Cornwall, STFC,

Running User Jobs In the Grid without End User Certificates - Assessing Traceability Anand Padmanabhan CyberGIS Center for Advanced Digital and Spatial.

Windows Active Directory – What is it? Definition - Active Directory is a centralized and standardized system that automates network management of user.

OSG VO Security Policies and Requirements Mine Altunay OSG Security Team July 2007.

Why you should care about glexec OSG Site Administrator’s Meeting Written by Igor Sfiligoi Presented by Alain Roy Hint: It’s about security.

New OSG Virtual Organization Security Training OSG Security Team.

Security in OSG Tuesday afternoon, 4:15pm Igor Sfiligoi Member of the OSG Security team University of California San Diego.

Digital Certificates Presented by: Matt Weaver. What is a digital certificate? Trusted ID cards in electronic format that bind to a public key; ex. Drivers.

Identity and Access Management

Secure Connected Infrastructure

eduroam Managed IdP - Roadmap

Security Outline Encryption Algorithms Authentication Protocols

OGF PGI – EDGI Security Use Case and Requirements

HTCondor Security Basics

Secure Software Confidentiality Integrity Data Security Authentication

Security in OSG Rob Quick

THE STEPS TO MANAGE THE GRID

Security in the OSG Kanye West aka Ye aka Yeezy aka Yeezus

Update on EDG Security (VOMS)

Message Digest Cryptographic checksum One-way function Relevance

HTCondor Security Basics HTCondor Week, Madison 2016

Computer Security Distributed System Security

Operating Systems Security

Grid School Module 4: Grid Security

What’s Different About Overlay Systems?

Brian Lin OSG Software Team University of Wisconsin - Madison

Brian Lin OSG Software Team University of Wisconsin - Madison

Presentation transcript:

King of France, Louis XVI Restorer of French Liberty Security in the OSG King of France, Louis XVI Restorer of French Liberty Place d'Armes, 78000 Versailles, France

The Real King Louis XVI? Nope, he was a decoy because I’m not about those guillotines

Brian Lin OSG Software Team University of Wisconsin - Madison Security in the OSG Brian Lin OSG Software Team University of Wisconsin - Madison

What is Trust? Trust: reliance on the integrity or surety of a person or thing Obtaining trust: Prior knowledge and/or experience Appeal to authority Chains of trust Photo by wfryerCC BY-SA

Identity and Identification Identity: who someone is, Willie the Cat Identification: proof of who someone is, Willie’s collar Real word ID: photos, SSN, driver’s license, passport, etc. Internet ID: usernames (kinglouis16), certificates Photo by NeONBRAND on Unsplash

Authentication (AuthN) Authentication: trusting identification Username + password, shared secret (public key cryptography), two-factor, etc. Authentication online often goes both ways Photo by expertinfrantry BY-SA

Authorization (AuthZ) Authorization: trusting identities A description of the privilege level of an identity What are you authorized to do on our submit nodes? Photo by jmv BY-SA

HTCondor AuthN and AuthZ Many different authentication methods (Unix file system, SSL, Kerberos, etc) Fine grained control over authorization levels and who belongs to each authorization level Not just any server can join the pool Not just any user can submit jobs Jobs run as your Unix user on the execute servers

Is Your Data Secure? You are using a shared computer so take basic precautions (no world- writable files)! Save strong login credentials in a password store NO sensitive data (e.g. HIPAA) Otherwise, relatively low risk Photo by sebastiaan stam on Unsplash

Security in the OSG Certificate-based security for pilots jobs and servers Pilot jobs run under the same Unix user, Singularity containers provide some separation between VO users VOs vet users; system administrators vet servers The OSG Security Team tracks software vulnerabilities and responds to security incidents Certificate revocation of compromised machines Site administrators keep audit logs for traceability in case of security issues

Questions?