1. Cyber Security Issues in HEP and NP Grids Bob Cowles — SLAC bob.cowles@slac.stanford.edu NC 2004 10 August 2004

2. NC 20042 Secure Grid Services Major changes required that have an impact on: –Researchers –Application Developers –Research Organizations –Sites Proposal

3. 10 August 2004NC 20043 Researchers Identification Authentication Authorization

4. 10 August 2004NC 20044 Identification Registration process collects personal information Privacy concerns Responsible site personnel must have ability to quickly contact DOE paranoia about Foreign Nationals

5. 10 August 2004NC 20045 Authentication “Standard” use of certificates is insufficient Must incorporate other forms of AuthN –Credential Repositories KCA MyProxy –Variety of one time password tokens –Smart cards How to quantify trust in a federated AuthN environment?

6. 10 August 2004NC 20046 Authorization AuthZ got the hard issues from AuthN Must keep initial implementation SIMPLE –Typically jobs disappear or fail with misleading error messages –Require patience and calm problem reporting to resolve the issues Heterogeneous resources present a challenge for specifying job requirements Consider boiling water in Peru

7. 10 August 2004NC 20047 Application Developers Applications with inflexible req’ts will find fewer host sites (think like a virus writer) Early design to resolve security concerns can greatly improve application portability Logging in a standard form essential for debugging and incident response Robust - recovery from temporary outages (allowing security upgrades)

8. 10 August 2004NC 20048 Application Developers (2) Secure programming design and practices (consider boiling water in Peru) –Check all input for validity and verify environment is as expected and minimize requirements for privileges –React quickly to investigate, patch and deploy when security problems are found during both development and production phases “when” they are found, not “if” –Design for re-AuthN and re-AuthZ to protect users

9. 10 August 2004NC 20049 Research Organizations Must maintain AuthN information in a secure, reliable form, responsive to concerns for privacy vs. need for rapid contact in cases of misuse Must develop and maintain AuthZ policies in a secure, reliable and auditable form Logs must be generated and securely stored to allow auditing of past AuthN and AuthZ decisions

10. 10 August 2004NC 200410 Sites Must monitor resources to detect and report anomalous or suspected misuse Maintain infrastructure by mitigating or rapidly applying security patches Immediately isolate compromised machines, resources or services Cooperate with other sites and participate actively in incident investigation

11. 10 August 2004NC 200411 Proposal Concentrate on Grid as providing a virtual facility –Research Organizations use services already in place and provided by the facility for AuthN, AuthZ and logging select from a menu of policies –Sites draw on facility resources and expertise for incident detection and response facility provides incident coordination