Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.

Slides:



Advertisements
Similar presentations
INFSO-RI Enabling Grids for E-sciencE EGEE and gLite Slides by: Erwin Laure EGEE Deputy Middleware Manager.
Advertisements

Security middleware Andrew McNab University of Manchester.
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
29 June 2006 GridSite Andrew McNabwww.gridsite.org VOMS and VOs Andrew McNab University of Manchester.
Data Management Expert Panel - WP2. WP2 Overview.
Andrew McNab - Manchester HEP - 2 May 2002 Testbed and Authorisation EU DataGrid Testbed 1 Job Lifecycle Software releases Authorisation at your site Grid/Web.
Andrew McNab - Manchester HEP - 31 January 2002 Testbed Release in the UK Integration Team UK deployment TB1 Job Lifecycle VO: Authorisation VO: GIIS and.
Security Q&A OSG Site Administrators workshop Indianapolis August Doug Olson LBNL.
Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester
The GridSite Security Framework Andrew McNab University of Manchester.
Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.
20 March 2007 VOMS etc Andrew McNabwww.gridsite.org VOMS etc Andrew McNab University of Manchester.
Security Issues in Physics Grid Computing Ian Stokes-Rees OeSC Security Working Group 14 June 2005.
Andrew McNab - Manchester HEP - 6 November Old version of website was maintained from Unix command line => needed (gsi)ssh access.
Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
EGEE Security Area 13 May 2004 EGEE Security Area Stakeholders JRA3 middleware Architecture What we have for Unix and Java What.
10 May 2007 HTTP - - User data via HTTP(S) Andrew McNab University of Manchester.
Andrew McNab - GACL - 16 Dec 2003 Grid Access Control Language Andrew McNab, University of Manchester
3 May 2006 GridSite Andrew McNabwww.gridsite.org Web Services for Grids in Scripts and C using GridSite Andrew McNab University of.
Security Middleware and VOMS service status Andrew McNab Grid Security Research Fellow University of Manchester.
Andrew McNab - GridPP Security - 24 Feb 2003 GridPP Security Middleware Andrew McNab, University of Manchester
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.
OSG Middleware Roadmap Rob Gardner University of Chicago OSG / EGEE Operations Workshop CERN June 19-20, 2006.
Grid Security work in 2006 Andrew McNab Grid Security Research Fellow University of Manchester.
The GridSite Security System Andrew McNab and Shiv Kaushal University of Manchester.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
Andrew McNab - Access Control - 28 May 2002 Access Control and User Management (ie Local Authorisation and Accounts) Andrew McNab, University of Manchester.
INFSO-RI Enabling Grids for E-sciencE VO BOX Summary Conclusions from Joint OSG and EGEE Operations Workshop - 3 Abingdon, 27 -
EU DataGrid (EDG) & GridPP Authorization and Access Control User VOMS C CA 2. certificate dn, ca, key 1. request 3. certificate 4. VOMS cred: VO, groups,
EGEE is a project funded by the European Union under contract IST Gap analysis draft v2 Olle Mulmo, David Groep, Joni Hahkala JRA3 Gap, 10.
Andrew McNab - GridSite/EDG/GGF - 29 Sept 2003 GridSite, EDG and GGF Andrew McNab, University of Manchester
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
Supporting education and research Security and Authentication for the Grid Alan Robiette, JISC Development Group.
Security monitoring boxes Andrew McNab University of Manchester.
Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
Grid Security in a production environment: 4 years of running Andrew McNab University of Manchester.
Virtual Workspaces Kate Keahey Argonne National Laboratory.
Mine Altunay July 30, 2007 Security and Privacy in OSG.
GridSite Web Servers for bulk file transfers & storage Andrew McNab Grid Security Research Fellow University of Manchester, UK.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Michael Fenn CPSC 620, Fall 09.  Grid computing is the process of allowing loosely-coupled virtual organizations to share resources over a wide area.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005
Andrew McNabSecurity Middleware, GridPP8, 23 Sept 2003Slide 1 Security Middleware Andrew McNab High Energy Physics University of Manchester.
Operating Systems Security
Rutherford Appleton Lab, UK VOBox Considerations from GridPP. GridPP DTeam Meeting. Wed Sep 13 th 2005.
Andrew McNabGrid in 2002, Manchester HEP, 7 Jan 2003Slide 1 Grid Work in 2002 Andrew McNab High Energy Physics University of Manchester.
Andrew McNab - EDG Access Control - 17 Jun 2003 EU DataGrid and GridPP Authorization and Access Control Andrew McNab, University of Manchester
Security Vulnerability Identification and Reduction Linda Cornwal, JRA1, Brno 20 th June 2005
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Grid Security work in 2004 Andrew McNab Grid Security Research Fellow University of Manchester.
Security Middleware 3 June 2004 Security Middleware Current Status – GridSite deployments – Architecture GridPP2 – Web services.
OSG Site Admin Workshop - Mar 2008Using gLExec to improve security1 OSG Site Administrators Workshop Using gLExec to improve security of Grid jobs by Alain.
Security Middleware Andrew McNab University of Manchester.
Andrew McNab - Dynamic Accounts - 2 July 2002 Dynamic Accounts in TB1.3 What we could do with what we’ve got now... Andrew McNab, University of Manchester.
VM: Chapter 7 Buffer Overflows. csci5233 computer security & integrity (VM: Ch. 7) 2 Outline Impact of buffer overflows What is a buffer overflow? Types.
“Status and Challenges of Security in Distributed Computing” — Stefan Lüders — CHEP2010 Status and Challenges of Security in Distributed Computing Stefan.
Tutorial on Science Gateways, Roma, Catania Science Gateway Framework Motivations, architecture, features Riccardo Rotondo.
DataGrid Security Wrapup Linda Cornwall 4 th March 2004.
Why you should care about glexec OSG Site Administrator’s Meeting Written by Igor Sfiligoi Presented by Alain Roy Hint: It’s about security.
Lecture 14 Page 1 CS 236 Online Secure Programming CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Manuel Brugnoli, Elisa Heymann UAB
LCG/EGEE Incident Response Planning
Preventing Privilege Escalation
Presentation transcript:

Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester

14 October 2004A.McNab – Security Middleware Outline ● PKI and VOs ● Local Policies ● Services ● VM environments ● Native execution ● Globus gatekeeper ● Apache/GridSite ● Software quality ● Predictions / warnings

14 October 2004A.McNab – Security Middleware PKI and VO ● LCG/EGEE/Grid3/OSG use X.509 Public Key / Certificate based credentials for authentication ● “Secure against crypto attacks” ● Implementations of X.509/TLS libraries may have vulnerabilities ● LCG etc define authorization in terms of Virtual Organisation membership ● Defined by published DN lists or Attribute Certificates ● Leverages X.509 authentication infrastructure ● Credential theft is greatest threat to these?

14 October 2004A.McNab – Security Middleware Local policies ● LCG etc defines local access policies using Globus gridmap-file or policy language like GACL. ● Again, these leverage authentication and authorization infrastructures. ● Likely threats from attackers discovering policies that will permit access with credentials they hold ● May include human error if we make policy files too hard to maintain (cf firewalls.) ● Tension with Grids' desire to publish policy. ● (cf current attacks spreading by looking at ssh.shosts file for other hosts to try with local ssh credential.)

14 October 2004A.McNab – Security Middleware Services ● For example, a database with a Web Services frontend and some kind of authorization process. ● Attacks may be possible against the DB or WS software ● But most likely is some form of “legitimate” attack using stolen credentials or holes in local policies ● We may see attackers using multiple services during an attack ● eg gather information on services, and then run Denial of Service attacks on them one by one ● These may be very difficult to distinguish from legitimate use of the services

14 October 2004A.McNab – Security Middleware Virtual Machines ● Running jobs or agents in Virtual Machines limits the possibilities for escalation attacks ● “I might be able to inject my evil code as a job, but I can't exploit vulnerabilities in the operating system to get root/admin access” (probably) ● Java is the most common example ● Designed from scratch with VM model in mind. ● Also more heavyweight ways of creating VMs that look more like “real” system ● Usermode Linux, Xen, VMware ● Vulnerable to similar set of attacks as Services.

14 October 2004A.McNab – Security Middleware Native execution ● However, many applications do not use Java ● Existing codebases (millions of lines?) in other languages ● Need non-VM environments for performance ● In this case, need to expose “bare iron” of the worker machines to legitimate users ● Dangers are that ● (1) Malicious user injects their code instead of a legitimate job/agent ● (2) Job execution service must have access to real environment. What if it has vulnerabilities?

14 October 2004A.McNab – Security Middleware Globus gatekeeper ● Globus gatekeeper currently used by LCG etc does this in a traditional Unix-like way ● It's a roll-your-own service written by Globus ● Runs as root and spawns off processes as users as their job requests come in ● This is the most straightforward way to do things ● But this approach has some obvious problems ● It's listening on the wire as root! ● It is open source but has a very small developer community – are there more attacker eyeballs than developers looking at it?

14 October 2004A.McNab – Security Middleware Apache/GridSite ● GridPP's GridSite also offers some types of native execution ● Instead of writing our own network code or running as root, we leverage the existing Apache project ● Millions of Apache websites; thousands of active developers of the code. ● Listens as non-privileged user. ● We just write the Grid Security extensions we need, and maintain them as an Apache module. ● Patches are issued promptly by Apache when vulnerabilities discovered.

14 October 2004A.McNab – Security Middleware Quality & maintenance ● Most attacks on pre-Grid systems are still because of vulnerabilities found in service software ● Buffer overflows etc. ● Grid software developers need to pay attention to this just as much as other Net service developers. ● We should try to leverage as much well-maintained software as possible. ● Design implementations that can be patched quickly, when vulnerabilities emerge. ● Avoid duplication, go for modularity. ● Think about the admin patching the service at 3am!

14 October 2004A.McNab – Security Middleware Predictions / summary ● Current wave of attacks and inter-site escalations via ssh will continue. ● Grid will continue to be “sexy”, on SlashDot, in Newscientist, in the spotlight etc. ● Attackers will start using Grid/PKI credentials for inter-site attacks. ● Attackers will notice the amount of roll-your-own services we use, with little code auditing/eyeballing. ● Admins / applications / site management will revolt when attacks become noticeable and burdensome. ● We will fall in love with maintainable services...