EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Dr Linda Cornwall CCLRC (RAL) FP6 Security workshop at NEC, Sankt Augustin, Germany, 8-9 th June 2006

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, SCG mandate The Security Coordination Group (SCG) is responsible for ensuring the overall EGEE security coordination, including -architecture, -operations, -deployment, -standardisation and -cross-project collaboration. The goal is to ensure the relationship between the various security related work items inside EGEE do not -adversely overlap (leading to duplication of effort) or -leave gaps that could be exploited.

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, SCG involved groups EUGridPMA Joint Security Policy Group MiddleWare Security Group Policies Architecture gLite Security Trust anchor IGTF chair Grid Security Vulnerability Group Operational Security Coordination Team Operations

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, Members of SCG Ake Edlund  Security Head EGEE, Chair SCG  Chair MWSG - together with Bob Cowles (OSG) Dave Kelsey  Chair Joint Security Policy Group (JSPG)  Security Head EGEE deputy David Groep  Chair EUGridPMA liaison (EUGridPMA) Linda Cornwall  Chair Grid Security Vulnerability Group (GSVG) Ian Neilson  Chair Operational Security Coordination Team (OSCT)

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, MWSG The MiddleWare Security Group Main Objective –Co-ordinate the evolving and deployed security architectures with other grid initiatives and standardization efforts Chairs –Ake Edlund (EGEE) –Bob Cowles (Open Science Grid, OSG) Members –Core security representatives from EGEE, OSG, Fermilab (USA) and Stanford Linear Accelerator (USA) –Representatives from the Applications/Development Clusters in EGEE –Representatives from DILIGENT, SEEGRID and GRIDCC, DEISA, NAREGI, UINICORE

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, MWSG output so far Middleware security issues and release plans in EGEE –Security Architecture –gLite (EGEE software) Security Module work and release planning Main forum for integration of security into other gLite Middleware EGEE and OSG interoperability EGEE/OSG/Naregi Meeting Interoperability work in GGF

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, Ongoing and future work OSG, EGEE collaboration –GSI (Grid Security Infrastructure) /SSL Authentication interoperability –Delegation –Proxy renewal –Authorization Attributes –Authorization Policy statements –What is needed for auditing –What is needed for Accounting Service Specification –All service interfaces should have written specifications  Internal to service – documented with service  Internal to project – documented with project  Grid interoperation – GGF

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, MWSG meetings so far MWSG1, May 5-6 ‘04, Gap Analysis - “MWSG kick-off” MWSG2, June ‘04, gLite Release Plan MWSG3, Aug 25 ‘04, Security Architecture v1.0 MWSG4, Oct 15 ‘04, gLite development focus MWSG5, Feb ‘05, Workplan update MWSG at 3rd EGEE, EGEE/OSG/Naregi meeting MWSG6, Sept ‘05, OSG and EGEE formalizing the collaboration on security MWSG at 4th EGEE, April ‘05 MWSG7, Dec ‘05, New members, UNICORE presentation, Shib in EGEE MWSG8, March 7-8 ‘06, GSVG, glexec on WN, VO naming, TONIC MWSG9 at SLAC, June 5-6 ‘06, 1st OSG held MWSG meeting Meetings are a mix of presentations, updates of current status, technical discussions aiming at solving security issues and to produce decisions regarding the evolving security architecture. All presentations available from

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, Joint Security Policy Group The Joint Security Policy Group Creates/maintains security policy and procedures –For use in EGEE, Large Hadron Collider Grid (LCG) and elsewhere Strong participation by USA Open Science Grid Growing participation by other EU Grid projects –DEISA, Diligent, SEE-Grid, … –BalticGrid, EELA, EUMedGrid, EUChinaGrid Aim for short, simple, interoperable policy documents Membership includes –Site Security Officers –Site/Resource Managers/Security Contact –Security middleware experts/developer –Deployment experts –Application representatives/VO managers

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, EGEE/LCG Policy Security & Availability Policy Grid Acceptable Use Policy Certification Authorities Audit Requirements Incident Response User Registration & VO Management Application Development & Network Admin Guide picture from Ian Neilson VO Acceptable Use Policy

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, JSPG Meetings, Web etc Meetings - Agenda, presentations, minutes etc JSPG Web site Policy documents at All policy documents are currently being revised –To make simpler, more general and interoperable

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, OSCT Operational Security Coordination Team –Members:  Security Coordinators from each of the Regional Operations Centres  Chaired by Ian Neilson –Roles:  Members coordinate Grid Security at sites within Regions Handling of Security tickets from the Global Grid User Support Security contact management  Coordination of Grid Incident Handling Process Incident Handling and Response Guide from JSPG Cooperation with peer Grids  Execution of Security Service Challenges SSC1 – Job audit, checked availability of sufficient information and communication channels to trace a job adequately for the incident response process (completed March 2006) SSC2 – data management security audit planned –Meetings:  First face to face meeting planned June 2006

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, OSCT

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, Current SCG activity -In parallel with the overall SCG work, the SCG is to coordinate a new security auditing activity This activity will monitor both operations and middleware for security issues and report periodically on status and progress of the issues identified -The security audit will coordinate with the work done by the Grid Security Vulnerability Group -In addtion to the ongoing collaborations (see table below) we have industrial partners installing gLite internally, applying internal security audits reporting back to EGEE. E.g. CNAF (French Space Agency). -Current status: agreed plan due end on June; ongoing discussions with partners ActivityPartner Security audits, tools, policy documents review BARC - India Ethical hacking auditsPriceWaterhouseCoopers - Switzerland Additional input on middleware security, policy and organization Non-EGEE members in the joint security groups (MWSG, JSPG - mainly OSG input) Security Service Challenges testing the ability to operationally respond to incidents EGEE: Pal Anderssen (SA1) is coordinating the Security Service Challenges

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, Links and events SCG related links –SCG web page: –SCG and MWSG meetings: –JSPG: –EGEE web page: –gLite web page: SCG related events in June 2006 –9th MWSG meeting, June 5-6, SLAC, USA –EGEE Workshop on Management of Rights in Production Grids at HPDC-15, June 19, Paris, France –SCG meeting on Security Auditing coordination, June

Enabling Grids for E-sciencE EGEE-II INFSO-RI EGEE Security Coordination Group, June 8-9, Questions/discussion