Sponsored by the National Science Foundation GENI Security Architecture Toolkit (GSAT) Spiral 2 Year-end Project Review SPARTA, Inc. PI: Stephen Schwab Staff: Alefiya Hussain Aug 31, 2010 Project Graphic and/or Photo

Sponsored by the National Science Foundation 2 Project Summary GENI Security Architecture focuses on the broad set of security issues across the entire GENI eco-system. GENI is a large, distributed system with many computational and network resources. Moreover, there are multiple implementations of control frameworks, clearinghouses, aggregate and component managers, instrumentation & measurement tools, and other specialized resources. Finally, these elements all need to be deployed across multiple campuses, and use local campus, regional tier, and backbone networks for interconnection. GENI Security Architecture project catalyzes conversations in the GENI community around control framework / SFA security requirements and mechanisms; aggregates and other cluster project requirements, experiences, and feedback regarding security mechanisms; and operational issues in a forward looking direction, laying groundwork for the future. GENI Security Architecture documents and other GENI documents (such as SFA-2.0) are revised and updated to collect, track, distill and work towards defining a set of standard (rough consensus) GENI security mechanisms. INSERT PROJECT REVIEW DATE

Sponsored by the National Science Foundation 3 Milestone & QSR Status IDMilestoneStatusOn Time? On Wiki? GPO signoff? S2.aSecurity Design Report – Draft Outline for Interim deliverable Draft Outline delivered and posted, primarily to identify project POCs for coordination with at GEC6 or afterwards Yes Not Marked Complete No? S2.bRelease Spiral 2 Security Design Report (Interim) GENI-SEC-ARCH-Draft-spiral2-0.5.pdf delivered and uploaded to wiki. This draft updates the security architecture, capturing many changes to several control frameworks. Late < 2 Mo Not Marked Complete No? S2.cSecurity Design Report – Draft Outline for Spiral 2 deliverable Draft Outline delivered and posted, primarily to identify project POCs for coordination with at GEC8 or afterwards Late > 2 Mo Not Marked Complete No? S2.dRelease revised Spiral 2 Security Design Report GENI-SEC-ARCH-Draft-spiral2-0.9.pdf delivered and uploaded to wiki. This draft updates the security architecture, capturing many changes and describing security in a number of aggregates and I&M projects. Yes Not Marked Complete No? S2.eReview GMOC design documents and contribute to security designs for GMOC Spiral 2 Periodic coordination phone calls / face- to-face meetings (roughly quarterly) with Jon-Paul Herron/GMOC project. Review comments sent to GMOC project. Yes Not Marked Complete No? QSR: 4Q2009DoneLate > 2 Mo YesYes? QSR: 1Q2010DoneLate > 2 Mo YesYes? QSR: 2Q2010DoneLate < 2 Mo YesYes? INSERT PROJECT REVIEW DATE

Sponsored by the National Science Foundation 4 Accomplishments 1: Advancing GENI Spiral 2 Goals GENI Spiral 2 Goals are described in “GENI Spiral 2 Overview”, section 7. Project SoWs and milestones were crafted to support those goals. On this slide, summarize project accomplishments this year that contribute to the Spiral 2 goals.GENI Spiral 2 Overview GENI Security issues permeate control frameworks, but also burden aggregate/I&M developers and campus deployments/rollouts. By promoting alternate concepts (distributed authorization) and also listening to complaints/challenges, and documenting and analyzing what has been done, the project has helped to push toward rough consensus across many projects. Revisions to the Control Framework interfaces (SFA) will continue to be important for the long-term evolution of GENI. By helping to get these interfaces (and the rationale underlying them, based on the D&P efforts) correct, we are ensuring that GENI balances short-term and longer-term objectives. INSERT PROJECT REVIEW DATE

Sponsored by the National Science Foundation 5 Accomplishments 2: Other Project Accomplishments On this slide highlight additional project accomplishments that contribute to GENI’s development. Various activities centered on examining and discussing different facets of security across the entire project. These are examples of important issues that need to be pushed on independent of any specific project or prototyping goal, but requires deep understanding of what is being built to engage in discussions. ABAC workshop presentations –Distributed authorization NSF GENI-FIRE presentations –Resource management vs. access control GMOC discussions/review and OMIS presentations/participation –Operations focus INSERT PROJECT REVIEW DATE

Sponsored by the National Science Foundation 6 Issues On this slide summarize any issues which cause you concern. The GPO is particularly interested in any issues which have or may affect your ability to complete the work described in your SoW/milestones. However, this is a chance to raise other issues as well. Period-of-performance – Our contract year 2 ends 8/3/2010 (today!) Projects in spiral 1 and 2 have been working to implement and demonstrate at a rapid pace (good), but this leaves little time for putting into documentation. We staggered the spiral 2 security report to come after GEC8 with the hope that more information would be available _after_ the developers had finished their GEC demonstrations – but in many cases, information is still hard to come by. –One-to-one and small group conversations remain the best way to glean information and details about security issues facing various projects. –We don’t see this changing – it is inherent to the rapid spiral process. INSERT PROJECT REVIEW DATE

Sponsored by the National Science Foundation 7 Plans What are you plans for the remainder of Spiral 2? The GPO is starting to formulate goals for Spiral 3. What are your thoughts regarding potential Spiral 3 work? –At the end of Spiral 3, we anticipate that a GENI Testbed “Eco-system” will continue to support researchers and grow over time. The GENI Security Architecture, at that point, should: –1. Document the Security Architecture and underlying trust assumptions and mechanisms used “in the field” by the various control frameworks, aggregates, backbone/regional/campus networks, and instrumentation, measurement & specialized GENI resources. –Security Architecture should explain how GENI works now, why it is secure. –2. Serve as a reference to the Security Requirements for new participants wishing to join the Eco-system and engage with the GENI community, including new aggregates (resource providers), networks, other testbeds (including International ones), and other identity/authorization providers for sets of future GENI users. –Security Architecture should explain what one has to do to participate in GENI. –3. Provide guidelines to operators across the GENI community, to enable them to continue to participate in the community, and ensure reliable and secure operations for the medium-to-long term. –Security Architecture should provide confidence to organizations in on-going commitment of GENI community to well-thought out, disciplined security practices. INSERT PROJECT REVIEW DATE