1 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 The GIDS project A Grid-based, federated Intrusion Detection System to secure the D-Grid.

Slides:



Advertisements
Similar presentations
Towards Data Mining Without Information on Knowledge Structure
Advertisements

Bernard Casier Member Quality Audit Cell The Flemish Quality Audit System Brussels, 26 th June 2012.
1 Towards an Open Service Framework for Cloud-based Knowledge Discovery Domenico Talia ICAR-CNR & UNIVERSITY OF CALABRIA, Italy Cloud.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
ENHANCING ATTRACTIVENESS OF ENVIRONMENTAL ASSESSMENT AND MANAGEMENT HIGHER EDUCATION Seminar on Experiences in China and the EU Nankai University, Tianjin,
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Trusted Query Network (TQN) A Novel Approach to Generating Information Security Data Vijay Vaishnavi Richard Baskerville Art Vandenberg Jack Zheng Department.
Chapter 1 Image Slides Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Lousy Introduction into SWITCHaai
Multi Domain Monitoring NORDUnet 2008 Espoo, Jon Kåre Hellan, UNINETT R&D.
Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.
National Infrastructure – Citizen’s Account
Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
SDI Business Phases and derived INSPIRE Horizontal Services Relates to INSPIRE DT Network Services, DT Sharing Relates to OGC GeoDRM WG, Price & Order.
Cultural Heritage in REGional NETworks REGNET Project Meeting Content Group
Cultural Heritage in REGional NETworks REGNET Technological Implementation Plan – D12.
© 2006 Open Grid Forum Ellen Stokes, IBM Michel Drescher, Fujitsu Information Model, JSDL and XQuery: A proposed solution OGF-19 Chapel Hill, NC USA.
© 2012 Open Grid Forum Simplifying Inter-Clouds October 10, 2012 Hyatt Regency Hotel Chicago, Illinois, USA.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies.
Designing Services for Grid-based Knowledge Discovery A. Congiusta, A. Pugliese, Domenico Talia, P. Trunfio DEIS University of Calabria ITALY
DRIVER Long Term Preservation for Enhanced Publications in the DRIVER Infrastructure 1 WePreserve Workshop, October 2008 Dale Peters, Scientific Technical.
EU-Regional Policy Structural actions 1 GROWING EVALUATION CAPACITY THE MID TERM EVALUATION IN OBJECTIVE 1 AND 2 REGIONS 8 OCTOBER 2004.
Grid Initiatives for e-Science virtual communities in Europe and Latin America The VRC-driven GISELA Science Gateway Diego Scardaci.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
Multiplying binomials You will have 20 seconds to answer each of the following multiplication problems. If you get hung up, go to the next problem when.
0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.
Addition Facts
Introduction to Relational Database Systems 1 Lecture 4.
|epcc| NeSC Workshop Open Issues in Grid Scheduling Ali Anjomshoaa EPCC, University of Edinburgh Tuesday, 21 October 2003 Overview of a Grid Scheduling.
Current status of grids: the need for standards Mike Mineter TOE-NeSC, Edinburgh.
ZMQS ZMQS
© Institut für Wirtschaftsinformatik, Universität des Saarlandes MARVIN (CO) MARVIN Kick-Off, Oslo 18./ Presentation WP 3 Clemens Odendahl.
IAEA Training in Emergency Preparedness and Response Module L-051 General Concepts of Exercises to Test Preparedness Lecture.
Presented by Brad Jacobson The Publisher on the Web Exploiting the new online sales channels.
1 MEF Reference Presentation December 2012 Carrier Ethernet Delivery of Cloud Services.
BT Wholesale October Creating your own telephone network WHOLESALE CALLS LINE ASSOCIATED.
1 Utility Integration Bus Standard Middleware + Utility Specific Integration (not secret) Sauce Copyright 1998,1999 Systems Integration Specialists Company,
Spoofing State Estimation
ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
ABC Technology Project
© S Haughton more than 3?
25 July, 2014 Hailiang Mei, TU/e Computer Science, System Architecture and Networking 1 Hailiang Mei Remote Terminal Management.
Operating Systems Operating Systems - Winter 2012 Dr. Melanie Rieback Design and Implementation.
Luca Maria Aiello, Università degli Studi di Torino, Computer Science department 1 Tempering Kademlia with a robust identity based system.
Squares and Square Root WALK. Solve each problem REVIEW:
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 4 Slide 1 Software processes 2.
Chapter 5 Test Review Sections 5-1 through 5-4.
GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.
Event 4: Mental Math 7th/8th grade Math Meet ‘11.
Remote Instrumentation on the Grid Current experience and future steps on a European Level 1 st HellasGrid User Forum Jan , st HellasGrid.
PSIRP Publish-Subscribe Internet Routing Paradigm 08-Oct /27.
2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.
Addition 1’s to 20.
25 seconds left…...
Week 1.
Chapter 9 Understanding Work Teams
We will resume in: 25 Minutes.
- 1 - Defense Security Service Background: During the Fall of 2012 Defense Security Service will be integrating ISFD with the Identity Management (IdM)
How Cells Obtain Energy from Food
An Overview of Scientific Workflows: Domains & Applications Laboratoire Lorrain de Recherche en Informatique et ses Applications Presented by Khaled Gaaloul.
ACGT Architecture and Grid Infrastructure Juliusz Pukacki ‏ EGEE Conference Budapest, 4 October 2007.
Grid Computing Security Mechanisms: the state-of-the-art
Presentation transcript:

1 Nils gentschen Felde & Felix von EyeOGF28 München, The GIDS project A Grid-based, federated Intrusion Detection System to secure the D-Grid infrastructure Nils gentschen Felde, Felix von Eye

2 Nils gentschen Felde & Felix von EyeOGF28 München, The MNM Team Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften

3 Nils gentschen Felde & Felix von EyeOGF28 München, Grid-related projects European projects –Deployment of Remote Instrumentation Infrastructure (DORII) –Open Grid Forum Europe (OGF-Europe) –European Grid Initiative (EGI) –EMANICS - Management Solutions for Next Generation Networks –g-Eclipse German projects –Horizontale Integration des Ressourcen- und Dienst-Monitoring im D-Grid (D-MON) –Authentication and Authorization Infrastructure for VO Management (AAI/VO) –Ein Grid-basiertes, föderiertes Intrusion Detection System zur Sicherung der D-Grid Infrastruktur (GIDS) Previous research projects –Interoperabilität und Integration der VO-Management Technologien im D-Grid (IVOM) –VO-Management im D-Grid –Monitoring und Accounting im D-Grid

4 Nils gentschen Felde & Felix von EyeOGF28 München, Project overview Partners: Associated Partners: Start: Duration:36 months Project leader:LRZ/LMU –

5 Nils gentschen Felde & Felix von EyeOGF28 München, Usage scenario of Grids Intend Loose coupling of autonomous providers Hiding heterogeneity Functionalities Job-Scheduling Storage... Management User/VO-management Monitoring Accounting... Users grouped in Virtual Organizations (VO) With respect to scientific affiliation Not regarding real organizations any more Scientific environment Generous resource sharing Security management neglected Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C

6 Nils gentschen Felde & Felix von EyeOGF28 München, Security considerations in Grids Grid- Middleware Coupling resources Abstracted by middleware Collaborative use of distributed resources Security considerations Isolated view on domains Security is based on trustworthiness of resource providers Resource- provider A Resource- provider B Resource- provider D Resource- provider C FW IDS Uplink Admin Anti-Vir

7 Nils gentschen Felde & Felix von EyeOGF28 München, Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C Example: attack scenario Break-in at one site suffices Access to Grid-middleware Access to all resources! Example: –Compromised SSH private key, i.e. well-known SSL vulnerabilities –Grid-wide login attempts inter-organizational! –Only global event correlation yields success

8 Nils gentschen Felde & Felix von EyeOGF28 München, Goal State of the art –IDS for autonomous systems –Distributed IDS: always based on total trust –No concept of customers Now –Stepping towards a Grid-wide solution –Conception of an IDS for Grids (GIDS) First glance challenges –Inter-organizational system –Autonomous partners –Heterogeneity –GIDS as a service with user-specific views Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C

9 Nils gentschen Felde & Felix von EyeOGF28 München, Vision: GIDS as a federation Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C Intent: –New service in the Grid Surveying the Grid with respect to security Reporting thereof –Economical use of The service The Grid itself Idea: –Grid-wide consolidation of security-relevant data –Derivation of security reports

10 Nils gentschen Felde & Felix von EyeOGF28 München, Methodology Analysis Architecture design Prototypical implementation Evaluation Conclusion

11 Nils gentschen Felde & Felix von EyeOGF28 München, Analysis: Methodology Threat analysis –Attack goals and risks –Classification of possible attackers Attack patterns Origin of attack (positional and organizational) Types of attacks in Grids Use-case driven requirements analysis –User groups and customers –Information providers Requirements induced by Grids –Generic requirements –Cooperation patterns –Trust relationships Classes of requirements: Functional Non-functional Security requirements Organizational and privacy data protection Requirements related to detection capabilities

12 Nils gentschen Felde & Felix von EyeOGF28 München, Methodology Analysis Architecture design (work in progress) Prototypical implementation Evaluation Conclusion

13 Nils gentschen Felde & Felix von EyeOGF28 München, Architecture overview GIDS-/IDMEF-bus IDSGIDS-agentIDSGIDS-agent GIDS-operator GIDS GIDS-agent portal Resource- provider A Resource- provider X

14 Nils gentschen Felde & Felix von EyeOGF28 München, IDSFW Resource-provider agent GIDS- DB … Admin store data in filtering data & reports aggregation/ correlation data & reports local (G)IDS- instance store reports in resporting to data & reports anonymization/ pseudonymization data & reports store data and reports in GIDS-agent GIDS-/IDMEF-bus

15 Nils gentschen Felde & Felix von EyeOGF28 München, Methodology Analysis Architecture design Prototypical implementation (work in progress) Evaluation Conclusion

16 Nils gentschen Felde & Felix von EyeOGF28 München, Example: Grid-wide event correlation Reminder –Break-in at one site is sufficient –Access to Grid-middleware Access to all resources! Example: –Compromised user account in context of a VO –VO may use selected resources Possibility of detection –Grid-wide event correlation –i.e. faulting login attempts Resource- provider C Resource- provider D Resource- provider B Resource- provider A Grid- Middleware

17 Nils gentschen Felde & Felix von EyeOGF28 München, Failing login attempts GIDS-/IDMEF-bus IDSGIDS-agentIDSGIDS-agent GIDS-operator GIDS GIDS-agent portal Resource- provider A Resource- provider X login- attempt TCP... has VO-members SSH-private-key

18 Nils gentschen Felde & Felix von EyeOGF28 München, Exemplary Dataflow GIDS-/IDMEF-bus IDSGIDS-agentIDSGIDS-agent GIDS-operator GIDS GIDS-agent portal Resource- provider A Resource- provider X has VO-members SSH-private-key login- attempt

19 Nils gentschen Felde & Felix von EyeOGF28 München, IDSFW Correlation agent GIDS- DB … Admin store data in filtering data & reports aggregation/ correlation data & reports local (G)IDS- instance store reports in resporting to data & reports anonymization/ pseudonymization data & reports store data and reports in GIDS-agent GIDS-/IDMEF-bus login- attempt correlation- alarm

20 Nils gentschen Felde & Felix von EyeOGF28 München, Methodology Analysis Architecture design Prototypical implementation Evaluation ( To be done!) Conclusion

21 Nils gentschen Felde & Felix von EyeOGF28 München, Methodology Analysis Architecture design Prototypical implementation Evaluation Conclusion

22 Nils gentschen Felde & Felix von EyeOGF28 München, Conclusion Challenge: Conception of an GIDS Proceeding: –Analysis: Threats, use cases, requirements induced by Grids –Design of a generic GIDS architecture –Development of privacy-protection concept –Prototype later: Production ready –Evaluation: Simulation und measurements in D-Grid Results: –Catalogue of criteria to evaluate IDS for their use in Grids –Generic GIDS architecture –Privacy-protection concept –GIDS in production for D-Grid

23 Nils gentschen Felde & Felix von EyeOGF28 München, Further research question Management aspects –Specification of processes as in e.g. ISO20000 or ITIL –Special challenges in inter-organizational environments Attack detection –Which analysis techniques are appropriate in Grids, which arent? –Implication of dynamics in Grids in regard to attack detection methods –Valuable use of additionally available information in Grids (e.g. (job-)monitoring or VO-management systems) Compliance –Enhancing the GIDS by making use of trust-level management data

Nils gentschen Felde & Felix von EyeOGF28 München, Thank you! Project details: Contact: Nils gentschen Felde 24

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.