WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.

Slides:



Advertisements
Similar presentations
Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.
Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
2006 © SWITCH Authentication and Authorization Infrastructures in e-Science (and the role of NRENs) Christoph Witzig SWITCH e-IRG, Helsinki, Oct 4, 2006.
INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.
Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
Incident Handling and Response Breakout Overview.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
SWITCHaai Team Federated Identity Management.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
BoF: Federated Identity Management for Researchers David Kelsey (STFC-RAL) TNC2014, Dublin 20 May 2014.
David Groep Nikhef Amsterdam PDP & Grid Traceability in the face of Clouds EGI-GEANT Symposium – cloud security track With grateful thanks for the input.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.
12-May-03D.P.Kelsey, SCG Online Authentication1 Online Authentication SCG Meeting EDG Barcelona, 12 May 2003 David Kelsey CCLRC/RAL, UK
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
7 th FIM 4 R meeting April 2014 ESRIN Frascati.
Placeholder ES 1 CERN IT Experiment Support group Authentication and Authorization (AAI) issues concerning Storage Systems and Data Access Pre-GDB,
UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.
Pilot Jobs John Gordon Management Board 23/10/2007.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
LCG Pilot Jobs + glexec John Gordon, STFC-RAL GDB 7 November 2007.
Federated Identity Management for Research Collaborations Bob Jones, CERN Daan Broeder, Max-Planck Institute for Psycholinguistics David Kelsey, Particle.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
Federated Identity Management for HEP David Kelsey STFC – RAL Nijmegen workshop 22 June 2012.
Authentication and Authorisation for Research and Collaboration Peter Solagna Milano, AARC General meeting Current status and plans.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
OSG Site Admin Workshop - Mar 2008Using gLExec to improve security1 OSG Site Administrators Workshop Using gLExec to improve security of Grid jobs by Alain.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
Grid Security and Identity Management Mine Altunay Security Officer, Open Science Grid, Fermilab.
Additional Services: Security and IPv6 David Kelsey STFC-RAL.
Evolving Security in WLCG Ian Collier, STFC Rutherford Appleton Laboratory Group info (if required) 1 st February 2016, WLCG Workshop Lisbon.
WLCG Authentication & Authorisation LHCOPN/LHCONE Rome, 29 April 2014 David Kelsey STFC/RAL.
Federated Identity Management for Scientific Collaborations The Common Vision David Kelsey (STFC) 3 Nov 2011.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay, James Basney,
Federated Identity Management How do we proceed? Bob Jones, CERN.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
Ian Collier, STFC, Romain Wartel, CERN Maintaining Traceability in an Evolving Distributed Computing Environment Introduction Security.
David Groep Nikhef Amsterdam PDP & Grid Bring the WLCG federation Home Extending your trust options beyond bottom-up identity by collaborating with global.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI CSIRT Procedure for Compromised Certificates and Central Security Emergency.
Traceability WLCG GDB Amsterdam, 7 March 2016 David Kelsey STFC/RAL.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security aspects (based on Romain Wartel’s.
Cyber Security Issues in HEP and NP Grids Bob Cowles — SLAC NC August 2004.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Questionnaires to Cloud technology providers and sites Linda Cornwall, STFC,
Trusted Virtual Machine Images the HEPiX Point of View Tony Cass October 21 st 2011.
Running User Jobs In the Grid without End User Certificates - Assessing Traceability Anand Padmanabhan CyberGIS Center for Advanced Digital and Spatial.
Grid Security Policy: EGEE to EGI David Kelsey (RAL) 16 Sep 2009 JSPG meeting, DFN Berlin david.kelsey at stfc.ac.uk.
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.
JRA3 Introduction Åke Edlund EGEE Security Head
Federated Identity Management for Researchers (FIM4R)
David Kelsey CCLRC/RAL, UK
Presentation transcript:

WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012

Overview WLCG Security TEG EGI & GridPP Security Risk Analysis Federated Identity Management 18 Apr 12Security, Kelsey2

WLCG Security TEG –Chaired by Romain Wartel and Steffen Schreiner ~20 active members –Security people, Sites and Experiments –More on mail list, but still not enough Site input List of sub-tasks –Risk Assessment (Romain) –AAI on worker nodes (Steffen) –AAI on storage systems (Maarten Litmaath) –Usability versus security (Von Welch) –Federated Identity (Dave K) 18 Apr 12Security, Kelsey3

WLCG Security Risks Risk Management –key aspect of security Identify assets to be protected Evaluate different threats Prioritise and focus efforts An ongoing process –Needs regular review 18 Apr 12Security, Kelsey4

Security incident & auditing Must understand what happened –To prevent it happening again –To contain its impact –But keep services running Traceability is essential for this –To protect against misused credentials –And keep services running Response commensurate with problem 18 Apr 12Security, Kelsey5

Assets – to be protected 18 Apr 12Security, Kelsey6

Security threats 18 Apr 12Security, Kelsey7

Risk evaluation 18 Apr 12Security, Kelsey8

Risks (1) 18 Apr 12Security, Kelsey9

Risks (2) 18 Apr 12Security, Kelsey10

Mitigation e.g. Misused identities Compromised identities once detected must be blocked and access to resources blocked too –Time is of the essence –A central blocking service is essential –Too many distributed services to rely on local blocking 18 Apr 12Security, Kelsey11

Security on WNs 3 parts –Security of the pilot job –Security of the user jobs –Traceability & accountability 5 requirements –Reduce pilot job credential to minimum –Protect the pilot job –Mutually isolate user jobs –Provide minimal credential for user job –Prove a job’s authenticity and log it before execution 18 Apr 12Security, Kelsey12

Pilots - protecion & isolation Different options –Virtualisation –ID switching (gLExec, sudo) –SELinux –More? (Linux Containers?) Only serious option – in short term –ID switching with gLExec –4 LHC expts (getting) ready for this 18 Apr 12Security, Kelsey13

Beyond short term - WNs Can we develop a more secure proxy/delegation system –Current proxies are too powerful No restrictions –(Often) too long-lived –Not secure – proxy can be exposed –Transfer of user proxy with pilot job does not tie user to the job 18 Apr 12Security, Kelsey14

Security: Storage & data access Data protection issues –Do all types of data need same security? –Confidentiality – data one VO not readable by another VO But data transferred over insecure channels Access traceability (security and performance) Information leakage (e.g. filenames) Accidental commands Malicious attacks –For insiders reduce privs –Require 2 users for bulk delete? 18 Apr 12Security, Kelsey15

Usability vs Security Usability – key factor for security Identified a number of issues –And recommendations Issues for Users –Credential management –Proxy storage on complex systems –Lack of web authentication –Lack of internationlisation 18 Apr 12Security, Kelsey16

Usability – admins/ops Managing revocation Expired hosts and service certs Managing authorisation policies Client AuthZ of services Inconsistent user banning Mixing AuthN and AuthZ e.g. proxy Lack of debugging and forensics Inconsistent proxy implementations X.509 validation overhead 18 Apr 12Security, Kelsey17

Usability – short term Some recommendations Hide X.509 from end users –Easier enrolment via Federated IdM –Use of short-lived credentials Tools for multiple credentials Tools for service credentials Improve revocation Standards for logging Usability evaluation 18 Apr 12Security, Kelsey18

Sec TEG Future work Security model for WNs More on security for storage Usability evaluation Identity Management (see later) 18 Apr 12Security, Kelsey19

EGI & GridPP risk analysis EGI security assessment being completed now (EGI D4.4 refers) – more detailed than WLCG analysis GridPP security milestone –C3.11 Review GridPP Security Risk Assessment (related to EGI D4.4) –August 2012 –Involve whole GridPP security team here! 18 Apr 12Security, Kelsey20

Federated Identity Management Use of a digital identity credential issued by one body (typically home institute) for access to other services Federations – common trust and policy framework –E.g. the UK Access Management Federation For WLCG/GridPP/EGI we already use federated identities in form of X.509 PKI (IGTF) TERENA Cert Service connects national identity federation to a CA for personal certs 18 Apr 12Security, Kelsey21

Federated IdM in HEP But many other services (not just Grid) –E.g. Collaboration tools – Wikis, mail lists, webs, agenda pages, etc. Today CERN has to manage 10s of thousands of users eduroam is one solution (for wireless) What about other services/federations? –Using Shibboleth, OpenID, etc 18 Apr 12Security, Kelsey22

Federated IdM in Research A collaborative effort started in 2011 Involves photon/neutron facilities, social science & humanities, high energy physics, atmospheric science, bioinformatics and fusion energy 3 workshops to date (next one in June 2012) Documenting common requirements, a common vision and recommendations –To research communities, identity federations, funding bodies An important use case for inter-federation 18 Apr 12Security, Kelsey23

WLCG Federated Identity Security TEG just started on this –Very much linked to IdM for Research work Trust is essential –not just technology How to involve IGTF? We need to agree a good HEP pilot project to get some experience 18 Apr 12Security, Kelsey24

More GridPP involvement in the WLCG Security TEG is welcome Questions? Discussion? 18 Apr 12Security, Kelsey25