MyGrid Security Issues Simon Miles University of Southampton.

Slides:

Advertisements

Similar presentations

Managing Service-Oriented Architectures Jim Bole VP Professional Services Infravio, Inc June 7,

Advertisements

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

Public Key Infrastructure and Applications

Abstraction Layers Why do we need them? –Protection against change Where in the hourglass do we put them? –Computer Scientist perspective Expose low-level.

GT 4 Security Goals & Plans Sam Meder

VO Support and directions in OMII-UK Steven Newhouse, Director.

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

-Gunjandeep Singh Khera. C1India (security Features) Digital Signature: The solution includes capturing Digital Signature Authorized and certified by.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

Why provenance needs its own security model Uri Braun PASS Team Harvard University Workshop on Principles of Provenance November 19-20, ‘07.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.

Security NeSC Training Team International Summer School for Grid Computing, Vico Equense,

INFSO-RI Enabling Grids for E-sciencE Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Content TCD’s past experience with portals Plans for WS-Pgrade and SCI-BUS – Integration with HELIO to build a portal for the Heliophysics community –

Session 11: Security with ASP.NET

Research Paper Presentation Software Engineering in agent systems.

The University of Akron Dept of Business Technology Computer Information Systems DBMS Functions 2440: 180 Database Concepts Instructor: Enoch E. Damson.

Switch off your Mobiles Phones or Change Profile to Silent Mode.

SODA Archiving October 2013

OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.

Keep Your Information Safe! Josh Heller Sr. Product Manager Microsoft Corporation SIA206.

© NYSE Blue. All Rights Reserved. NYSE Blue Security Concerns for Offset Registries July 26, 2011.

INFSO-RI Enabling Grids for E-sciencE Getting Started Guy Warner NeSC Training Team Induction to Grid Computing and the National.

Learningcomputer.com SQL Server 2008 – Administration, Maintenance and Job Automation.

Evoting using collaborative clustering Justin Gray Osama Khaleel Joey LaConte Frank Watson.

Security Issues in a SOA- based Provenance System Victor Tan, Paul Groth, Simon Miles, Sheng Jiang, Steve Munroe, Sofia Tsasakou and Luc Moreau PASOA/EU.

User Management: Authentication & Authorization on the NorduGrid Balázs Kónya, AndersWäänänen 3 rd NorduGrid Workshop, 23 May, 2002 Helsinki.

Ch6. Introduction to Database. What is a Database? Database is a collection of related information. It is organized so that it can easily be accessed,

DIGITAL SIGNATURE.

Energize Your Workflow! ©2006 Merge eMed. All Rights Reserved User Group Meeting “Energize Your Workflow” May 7-9, Security.

WINDOWS AZURE MOBILE SERVICES AN INTRODUCTION Bret Stateham Technical Evangelist

Academic Year 2014 Spring Academic Year 2014 Spring.

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Tax Administration Diagnostic Assessment Tool POA 1: INTEGRITY OF THE REGISTERED TAXPAYER BASE.

EbXML Registry and Repository Dept of Computer Engineering Khon Kaen University.

All Partner Meeting A cloud-based Identity and Password Management solution used by MSPs to better manage their clients' passwords, increase security,

PKI Policy Determination Process Input from PKI Decision Process PKI Policy Determination Process Application(s) Workflows Players.

The Hierarchical Trust Model. PGP Certificate Server details Fast, efficient key repository –LDAP, HTTP interfaces Secure remote administration –“Pending”

M2M Service Layer – DM Server Security Group Name: OMA-BBF-oneM2M Adhoc Source: Timothy Carey, Meeting Date:

Shibboleth, SRB, PGL & Plone Russell Sim. MyProxy client uses portal with Web SSO protected with an SP transformation of attributes to certs by MyProxy.

1 Server Business Logic & OAuth Beta Overview October 4, 2010 Alan Hantke Product Development Server Business Logic Intuit Partner Platform Diane Weiss.

EGEE-II INFSO-RI Enabling Grids for E-sciencE Authentication, Authorisation and Security Mike Mineter, National e-Science Centre.

EGEE-II INFSO-RI Enabling Grids for E-sciencE Authentication, Authorisation and Security Emidio Giorgio INFN Catania.

SYSTEMS IMPLEMENTATION TECHNIQUES TRANSACTION PROCESSING DATABASE RECOVERY DATABASE SECURITY CONCURRENCY CONTROL.

CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.

Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.

Virtual Organisation Management in the Level 2 Grid Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College.

Time for a change? eDISCOVERY RFP Toolkit.

8 – Protecting Data and Security

Key management issues in PGP

NATIONAL ACADEMIC DEPOSITORY

Authentication, Authorisation and Security

Lecture 5. Security Threats

Roadmap Q217 APIs Provide APIs for Code Signing on Demand service.

NATIONAL ACADEMIC DEPOSITORY

Security in ebXML Messaging

SharePoint Security for the Site Owner

X-Road as a Platform to Exchange MyData

where can you begin rolling out?

WG 1.5 b Summary Statement: Qualitative e-Government-services and effective front-office are conditioned by a good back-office Presentation of Emmanuel.

Process flow Kindly note: This presentation is automated – please do not click any of your mouse buttons or keyboard keys.

Security in SDR & cognitive radio

National Trust Platform

Presentation transcript:

myGrid Security Issues Simon Miles University of Southampton

Sources of Security Requirements Service Providers Data Storage Providers Provenance Models

Service Providers - Authentication Currently Free and anonymous services No authentication Organisation-level auditing Future Plans User-level authentication (PKI) for update of databases, signed 3 rd party annotation, embargoed data access, pay-per-view… Social problems: co-authors, in-organisation data use

Service Providers - Authorisation Used for scheduling - provider gives a ticket to be used later Notifications sent indicating that jobs are complete should be sent securely Auditing of unauthorised access, 3rd party databases, job prioritisation Users concerned about SP security - prefer to download database Encryption: false sense of security

Data Storage Providers Authentication (integrate for single sign-on) Authorisation Granularity of access to database records (researcher: record, manager: table etc.) Actions: read, write, delete, update Role-Based Access Control: roles based on user group types Anonymous provenance logs (hidden through database views?) - company/country dependent Auditing

Provenance Early stage – largely undefined scenarios Unclear what level of security is desired Anonymous record of activity occurring (still requires some identification to retrieve) Activity recorded for re-enactment Activity recorded for publishing or legal proof Quality of service for provenance recording, including security level Right to delete, different party provenance for non-repudiation (ownership?)

Provenance – Use Case User enacts process using Workflow Enactment Engine The WEE dynamically discovers services using UDDI In order to generate provenance logs, user identity revealed How can user ensure privacy is safeguarded in this model?

Proxies In general, services such as the WEE will be interacting, on behalf of clients, with dynamically discovered services Dynamically discovered services are not known about at deployment time so how to authenticate service with user? GSI proxy certificates inadequate due to possibility of compromise