Formalizing Security Requirements for Grids Syed Naqvi 1,2, Philippe Massonet 1, Alvaro Arenas 2 1 Centre of Excellence in Information and Communication.

Slides:

Advertisements

Similar presentations

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies Grid.

Advertisements

The Quantum Chromodynamics Grid James Perry, Andrew Jackson, Matthew Egbert, Stephen Booth, Lorna Smith EPCC, The University Of Edinburgh.

Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.

AMUSE Autonomic Management of Ubiquitous Systems for e-Health Prof. J. Sventek University of Glasgow In collaboration.

EBank UK CCLRC Workshop February eBank and CCLRC Workshop February 2005 University of Bath.

Common Criteria Evaluation and Validation Scheme Syed Naqvi XtreemOS Training Day.

Practical and Theoretical Issues on Adaptive Security Alexander Shnitko Novosibirsk State Technical University.

Multirate adaptive awake-sleep cycle in hierarchical heterogeneous sensor network BY HELAL CHOWDHURY presented by : Helal Chowdhury Telecommunication laboratory,

H1 R1 T1 c Client Director Builder Client Concrete Strategy Builder Strategy H2 R2 T2 H3 R3 T3 Composition of Builder and Strategy Java Source Code Parser.

Data Modeling and Database Design Chapter 1: Database Systems: Architecture and Components.

Data Grids Jon Ludwig Leor Dilmanian Braden Allchin Andrew Brown.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

SPECIFYING AND MONITORING GUARANTEES IN COMMERCIAL GRIDS THROUGH SLA Sven Graupner Vijay MachirajuAad van Moorsel IEEE/ACM International Symposium on Clustering.

A Goal-oriented Approach to Grid Security Requirements Benjamin Aziz (STFC Rutherford Appleton Laboratory, UK) Joint work with Alvaro Arenas (STFC RAL,

Foundations for the Study of Software Architecture by Dewayne Perry & Alexander Wolf ACM SIGSOFT, Oct Presented by Charles Reid 2/7/2005.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Aims and Motivation The goal of this project is to produce a secure and dependable way of distributing and storing data securely over a distributed system.

Strategic Directions in Real- Time & Embedded Systems Aatash Patel 18 th September, 2001.

On Fairness, Optimizing Replica Selection in Data Grids Husni Hamad E. AL-Mistarihi and Chan Huah Yong IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS,

Systems Engineering Foundations of Software Systems Integration Peter Denno, Allison Barnard Feeney Manufacturing Engineering Laboratory National Institute.

11 World-Leading Research with Real-World Impact! Role and Attribute Based Collaborative Administration of Intra-Tenant Cloud IaaS (Invited Paper) Xin.

Project Requirement Gathering: Recommended "Best" Practices Edward Kuligowski Bellevue University CIS 665 Click to Preview.

Role-based Trust Management Security Policy Analysis and Correction Environment (RT-SPACE). Gregory T. Hoffer CS7323 – Research Seminar (Dr. Qi Tian)

Introduction to the Mobile Security (MD)  Chaitanya Nettem  Rawad Habib  2015.

The Preparatory Phase Proposal a first draft to be discussed.

Event Stream Processing for Intrusion Detection in ZigBee Home Area Networks Sandra Pogarcic, Samujjwal Bhandari, Kedar Hippalgaonkar, and Susan Urban.

Chapter 8 Architecture Analysis. 8 – Architecture Analysis 8.1 Analysis Techniques 8.2 Quantitative Analysis  Performance Views  Performance.

Presenter: Dipesh Gautam.  Introduction  Why Data Grid?  High Level View  Design Considerations  Data Grid Services  Topology  Grids and Cloud.

ITEC224 Database Programming

Pushing the Security Boundaries of Ubiquitous Computing ACSF 2006 —————— 13 th July 2006 —————— David Llewellyn-Jones, Madjid Merabti, Qi Shi, Bob Askwith.

Selecting Security Patterns that Fulfill Security Requirements Method presentation by Ondrej Travnicek Utrecht University Method Engineering 2014.

NSF Critical Infrastructures Workshop Nov , 2006 Kannan Ramchandran University of California at Berkeley Current research interests related to workshop.

Integrated e-Infrastructure for Scientific Facilities Kerstin Kleese van Dam STFC- e-Science Centre Daresbury Laboratory

TRIGON BASED AUTHENTICATION, AUTHORIZATION AND DISTRIBUTION OF ENCRYPTED KEYS WITH GLOBUS MIDDLEWARE Anitha Kumari K 08MW01 II ME – Software Engineering.

The Data Grid: Towards an Architecture for the Distributed Management and Analysis of Large Scientific Dataset Caitlin Minteer & Kelly Clynes.

Argumentation and Trust: Issues and New Challenges Jamal Bentahar Concordia University (Montreal, Canada) University of Namur, Belgium, June 26, 2007.

Policy-based CPU-scheduling in VOs Catalin Dumitrescu, Mike Wilde, Ian Foster.

Model-Driven Analysis Frameworks for Embedded Systems George Edwards USC Center for Systems and Software Engineering

Project guide Dr. G. Sudha Sadhasivam Asst Professor, Dept of CSE Presented by C. Geetha Jini (07MW03)

A Formal Security Model for Collaboration in Multi-agency Networks Salem Aljareh Newcastle University, UK Nick Rossiter & Michael Heather Northumbria University,

Virtual Data Grid Architecture Ewa Deelman, Ian Foster, Carl Kesselman, Miron Livny.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Major Disciplines in Computer Science Ken Nguyen Department of Information Technology Clayton State University.

Department of Electronic Engineering Challenges & Proposals INFSO Information Day e-Infrastructure Grid Initiatives 26/27 May.

Software Testing Definition Software Testing Module ( ) Dr. Samer Odeh Hanna.

Introduction to Semantic Web Service Architecture ► The vision of the Semantic Web ► Ontologies as the basic building block ► Semantic Web Service Architecture.

Ruth Pordes November 2004TeraGrid GIG Site Review1 TeraGrid and Open Science Grid Ruth Pordes, Fermilab representing the Open Science.

CSIIR Workshop March 14-15, Privilege and Policy Management for Cyber Infrastructures Dennis Kafura Markus Lorch Support provided by: Commonwealth.

A Quantitative Trust Model for Negotiating Agents A Quantitative Trust Model for Negotiating Agents Jamal Bentahar, John Jules Ch. Meyer Concordia University.

Replica Management Kelly Clynes. Agenda Grid Computing Globus Toolkit What is Replica Management Replica Management in Globus Replica Management Catalog.

Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.

The Laboratory of Information Integration, Security and Privacy ● University of North Carolina at Charlotte URL: 306, UNC Charlotte.

Time-Space Trust in Networks Shunan Ma, Jingsha He and Yuqiang Zhang 1 College of Computer Science and Technology 2 School of Software Engineering.

Properties as Processes : FORTE slide Properties as Processes: their Specification and Verification Joel Kelso and George Milne School of Computer.

Data Grid Plane Network Grid Plane Dynamic Optical Network Lambda OGSI-ification Network Resource Service Data Transfer Service Generic Data-Intensive.

Yu, et al.’s “A Model-Driven Development Framework for Enterprise Web Services” In proceedings of the 10 th IEEE Intl Enterprise Distributed Object Computing.

ANONYMOUS STORAGE AND RETRIEVAL OF INFORMATION Olufemi Odegbile.

May 7-8, 2007ICVCI 2007 RTP Autonomic Approach to IT Infrastructure Management in a Virtual Computing Lab Environment H. Abdel SalamK. Maly R. MukkamalaM.

National Aeronautics and Space Administration Jet Propulsion Laboratory March 17, 2009 Workflow Orchestration: Conducting Science Efficiently on the Grid.

1 Testing Implementations Of Access Control Systems (New Proposal) Ammar Masood: Graduate Student Arif Ghafoor (ECE) and Aditya Mathur (CS) Purdue University,

Presented by Charles Reid 2/7/2005

University of Technology

Model-Driven Analysis Frameworks for Embedded Systems

On the use of Event-B in Modelling Data Sharing Agreements

Majid Alshammari and Khaled Elleithy

Energy-Efficient Storage Systems

GCSE Computer Science.

Security Requirements Analysis for Large-scale Distributed Systems

gLite The EGEE Middleware Distribution

Presentation transcript:

Formalizing Security Requirements for Grids Syed Naqvi 1,2, Philippe Massonet 1, Alvaro Arenas 2 1 Centre of Excellence in Information and Communication Technologies (CETIC) {syed.naqvi, 2 CCLRC Rutherford Appleton Laboratory {s.naqvi,

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 2 Location based on data attributes Location of one or more physical replicas State of grid resources, performance measurements and predictions Metadata Service Application Replica Location Service Information Services Planner: Data location, Replica selection, Selection of compute and storage nodes Security and Policy Executor: Initiates data transfers and computations Data Movement Data Access Compute ResourcesStorage Resources Functional View of Grid Data Management taken from

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 3 FileStamp Architecture

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 4 Decentralized multi-writer file system –Based on a Peer-to-Peer technology –Self managing data storage location FileStamp – Distributed File System

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 5 File Redundancy Dynamic replica regeneration

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 6 BitTorrent Technology Moreover transfers can be interrupted and restarted from the last transferred bytes FileStamp – File Transfer

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 7 How to Express Requirements ? Specification language understandable by all the actors

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 8 KAOS : K nowledge A cquisition in aut O mated S pecification Dardenne A., Lamsweerde A. and Fickas S., Goal-Directed Requirements Acquisition, Science of Computer Programming Vol. 20, North Holland, 1993, pp Lamsweerde A., Elaborating Security Requirements by Construction of Intentional Anti-Models, Proceedings of ICSE’04, 26th International Conference on Software Engineering, Edinburgh, May. 2004, ACM-IEEE, pp Goal Model Responsibility Model Operations Model Constraints Model Anti-Goal (Threats) Model

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 9 Goal Model

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 10 Responsibility Model

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 11 Operations Model

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 12 Constraints Model

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 13 Overall Model

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 14 Refinement of Requirements Model

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 15 Policy Templates

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 16 Example Policy New replica of file is generated when an existing storage node is failed

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 17 Further Treatment of the Derived Policies Refinement of High level Policies into Operational Policies –Determination of the resources that are needed to satisfy the requirements of the policy. –Translation of the high-level policies into operational policies that the system can enforce. –Verification that the lower level policies actually meet the requirements specified by the high level policies. Implementation of Policies –Requires specific details of a particular system. –Formal representation techniques are employed. –Implemented in a specification language.

European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 18 Conclusions This work addresses issues related to formalizing Grid security requirements at the application level. Our proposed technique is illustrated with the help of a case study of a data management system. Results shows that formal security requirement models are not only helpful to derive security policies but also they can be employed for security rationale. Our future directions include: –Refinement of security policies derived from the requirements model. –Work on negotiation protocols to assure service level security agreements.