Sponsored by the National Science Foundation GENI Cloud Security GENI Engineering Conference 12 Kansas City, MO Stephen Schwab University of Southern California.

Slides:



Advertisements
Similar presentations
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Advertisements

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
1 US activities and strategy :NSF Ron Perrott. 2 TeraGrid An instrument that delivers high-end IT resources/services –a computational facility – over.
PlanetLab Architecture Larry Peterson Princeton University.
Sponsored by the National Science Foundation 1 Activities this trimester 0.5 revision of Operational Security Plan Independently (from GPO) developing.
Sponsored by the National Science Foundation Campus Policies for the GENI Clearinghouse and Portal Sarah Edwards, GPO March 20, 2013.
Sponsored by the National Science Foundation Strategies for Cyber-Infrastructure Integration Marshall Brinn, GPO Brecht Vermeulen, iMinds GEC22: March.
Information Sciences Institute Internet and Networked Systems Managing Security Policies for Federated Cyberinfrastructure Stephen Schwab, John Wroclawski.
Sponsored by the U.S. Department of Defense © 2005 by Carnegie Mellon University 1 Pittsburgh, PA Dennis Smith, David Carney and Ed Morris DEAS.
Sponsored by the National Science Foundation GENI Clearinghouse Panel GEC 12 Nov. 2, 2011 INSERT PROJECT REVIEW DATE.
Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.
27 September 1999 Crisis Management William L. Scherlis Carnegie Mellon University School of Computer Science.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci599 Trusted Computing Lecture Nine –
Oracle Confidential – Internal/Restricted/Highly RestrictedCopyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Identity Management.
Cloud Computing Cloud Security– an overview Keke Chen.
Sponsored by the National Science Foundation TIED Spiral 2 Year-end Project Review USC/ISI PI: John Wroclawski Staff: Ted Faber, Mike Ryan August 30, 2010.
D u k e S y s t e m s Accountability and Authorization GEC 12 Jeff Chase Duke University Thanks: NSF TC CNS
A Research Agenda for Accelerating Adoption of Emerging Technologies in Complex Edge-to-Enterprise Systems Jay Ramanathan Rajiv Ramnath Co-Directors,
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Andy Bavier, PlanetWorks Scott Baker, SB-Software July 27, 2011.
External Identity and Authorization in GENI. Topics Federated identity and virtual organizations ABAC Creating and transporting attributes.
Sponsored by the National Science Foundation Research & Experiments on GENI GENI CC-NIE Workshop NSF Mark Berman, Mike Zink January 7,
Digital Object Architecture
1 GENI Operational Security GEC4 Stephen Schwab Miami, Florida.
TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,
Computer Science and Engineering 1 Service-Oriented Architecture Security 2.
Sponsored by the National Science Foundation GENI Meta-Operations Center Spiral 2 Year-end Project Review GlobalNOC at Indiana University PI: Jon-Paul.
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
Application Policy on Network Functions (APONF) G. Karagiannis and T.Tsou 1.
Sponsored by the National Science Foundation GEC16 Plenary Session: GENI Solicitation 4 Tool Context Marshall Brinn, GPO March 20, 2013.
Sponsored by the National Science Foundation GEC14 Session: SDN * in GENI Marshall Brinn, GPO July 11, 2012 * Software-Defined Networking.
Sponsored by the National Science Foundation GENI I&M Update: Architecture Overview and Current Status GENI Engineering Conference 10 San Juan, PR GPO.
Sponsored by the National Science Foundation GENI Integration of Clouds and Cyberinfrastructure Chip Elliott GENI Project Director
Sponsored by the National Science Foundation Enabling Trusted Federation Marshall Brinn, GENI Program Office October 1, 2014.
Sponsored by the National Science Foundation GENI Exploring Networks of the Future
Sponsored by the National Science Foundation GENI Goals & Milestones GENI CC-NIE Workshop NSF Mark Berman January 7,
Sponsored by the National Science Foundation GENI Terminology.
1 The World Bank Internet Services Program Rajan Bhardvaj
Sponsored by the National Science Foundation Towards Uniform Clearinghouse APIs GEC17 Developer Working Sessions July 23,
Tutorial: Building Science Gateways TeraGrid 08 Tom Scavo, Jim Basney, Terry Fleury, Von Welch National Center for Supercomputing.
Sponsored by the National Science Foundation GENI Security Architecture What’s Up Next? GENI Engineering Conference 7 Durham, NC Stephen Schwab SPARTA/Cobham.
Sponsored by the National Science Foundation Distributed Identity & Authorization Mechanisms Spiral 2 Year-end Project Review SPARTA, Inc. PI: Stephen.
How SSH With a Private Key Works Sponsored by the National Science Foundation Cloud Security Curriculum Workshop – July 16,
Sponsored by the National Science Foundation Cluster D Working Meetings GENI Engineering Conference 5 Seattle, WA July ,
Sponsored by the National Science Foundation GENI Experimenter Portal Service Developers Roundtable GENI Engineering Conference 16 Salt Lake City, Utah.
L. A. S. E. R Local Authority Security Enterprise Reporting System Architecture.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
By: Nikhil Bendre Gauri Jape.  What is Identity?  Digital Identity  Attributes  Role  Relationship.
Status Report on Access TP8 Group Name: WG2 Decision  Meeting Date: Discussion  Source: OBERTHUR Technologies Information  Contact:
Authorizing Slice Creation How ABAC Coordinates Distributed Authorization Alefiya Hussain 1.
Sponsored by the National Science Foundation GENI Security Architecture Overview of Authorization Session GENI Engineering Conference 12 Kansas City, MO.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE September Integrating Policy with Applications.
Sponsored by the National Science Foundation Establishing Policy-based Resource Quotas at Software-defined Exchanges Marshall Brinn, GPO June 16, 2015.
Sponsored by the National Science Foundation Today’s Exercise.
Dynamic Creation and Management of Runtime Environments in the Grid Kate Keahey Matei Ripeanu Karl Doering.
Sponsored by the National Science Foundation 1 March 15, 2011 GENI I&M Update: I&M Service Types, Arrangements, Assembling Goals Architecture Overview.
Guided By: Prof. Rajarshree Karande JSPM’S IMPERIAL COLLEGE OF ENGINEERING & RESEARCH WAGHOLI, PUNE Group MemberRoll No. Abhijeet Aralgundkar03.
Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Security and Trust Software Architecture.
Chapter 4 Access Control. Access Control Principles RFC 4949 defines computer security as: “Measures that implement and assure security services in a.
D u k e S y s t e m s Some Issues for Control Framework Security GEC7 Jeff Chase Duke University.
Designing a Federated Testbed as a Distributed System Robert Ricci, Jonathon Duerig, Gary Wong, Leigh Stoller, Srikanth Chikkulapelly, Woojin Seok 1.
Sponsored by the National Science Foundation ABAC and GPO Clearinghouse Authorization Marshall Brinn, GPO GEC20: June 22, 2014.
Sponsored by the National Science Foundation GENI Call for Demos for GEC22.
Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.
PaaS Core Session (Notes from UPV)
GENI Terminology Sponsored by the National Science Foundation.
Securing Cloud-Native Applications Jason Schmitt CEO
Understanding IDENTITY Assurance
AAA: A Survey and a Policy- Based Architecture and Framework
Access Control Evolution and Prospects
Presentation transcript:

Sponsored by the National Science Foundation GENI Cloud Security GENI Engineering Conference 12 Kansas City, MO Stephen Schwab University of Southern California / ISI 3 Nov

Sponsored by the National Science Foundation 2 03 Nov 2010 GENI Cloud Architecture Is this an opportunity to extend the way the GENI CF/AM architecture is presented? Why is a GENI Cloud different from the other GENI Aggregates? - Allocation of many nodes? - Many VMs? - Data Intensive? - Longevity of Slices?

Sponsored by the National Science Foundation 3 03 Nov 2010 GENI (Component) Authentication Authentication, Node Login, SSH Keys –Default mechanisms deployed because they are inherited –Node Login – automation required for scale –SSH Keys – coupled to the ssh login mechanism Can or should we re-architect authentication, node login, and key management for GENI Clouds? –Major engineering and user education challenge –Convenience –Is the use model for the GENI Cloud qualitatively different from the use model for other slices?

Sponsored by the National Science Foundation 4 03 Nov 2010 GENI Authorization Mechanisms and Policy Security Architecture Properties enabled through a principled approach: –Support for Authorization “At-scale” decentralized, multiple distinct roots-of-trust, etc. –Reasoning about Security Policies predictable impact of changes –Auditing forensics: why was an action permitted? confidence building: GENI community has the means to answer these questions if and when the need arises –GENI Resource Contributors retain control enables local policies over who access what support sub-communities that need to share resources

Sponsored by the National Science Foundation 5 03 Nov 2010 ABAC Review Attribute-based Access Control (ABAC) Decides whether to grant or deny requests based on a collection of credentials –Defining the rights/privileges of the requesting user –Defining the policy of the resource provider On-going work in the GENI Authorization arena –Development of libabac and tools in TIED –Integration/Prototyping in three CFs –Decision on adoption for GENI pending at GEC-13

Sponsored by the National Science Foundation 6 03 Nov 2010 ABAC Details Refer to Ted Faber’s talk from the GEC-12 Authorization Session for ABAC Details Refer to the TIED project page on the wiki for documentation and software (libabac)

Sponsored by the National Science Foundation 7 03 Nov 2010 Implicit Attributes for Cloud Security Security policies could consider all known information such as: –Location: What machine/network/IP address is making a request? –Temporal Context: What actions or other requests were made? –Computational Information Flow Context: What computations (e.g. search/queries) over what data sources produced intermediate or final results –Trust posture: What hardware/software, Virtual Machine/GuestOS/Cloud Infrastructure Stack is being used? ABAC policies can rely on attributes in a general way –Can and should we use the power of implicit attributes to protect GENI Clouds?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.