1. OSG Security
Kevin Hill

2. Goals Operational Security interoperability with other grids
Identify software vulnerabilities
observing the practices of our VOs and sites, and sending alerts when we detect abnormalities;
performing fire drills to measure readiness and security awareness
interoperability with other grids
education: security training of our members; teaching best practices, and learning from our users about difficulties of security practices

3. Security Incidents Report to local Security Team + OSG GOC.
Compromised credentials most common issue.
Certificates revoked, CRL’s can take 6 hours or more to propagate.
Also ban users via GUMS, SAZ, or gridmap files, as appropriate for the site.

4. Software vulnerability
If security vulnerability discovered, report to OSG GOC, which will contact Security and Software teams.
Or send to
Java, tomcat, most common suspects these days.

5. OSG Certificates OSG provides certificates signed by Digicert.
Registration Agents (RAs) approve certs for individuals.
Grid Admins (GAs) approve certs for hosts/services.

6. Fire Drills
Selected sites are sent pseudo malicious jobs and asked to treat as a regular security incident.
Upcoming drill will test jobs submitted via Glide-in WMS.

7. Tools Security team provides OSG CA cert bundles.
Also looking at other security tools to provide.
PackagedPakiti software vulnerability database for distribution for sites own use.
Open to suggestions for new tools!

8. Additional help
If a VO needs additional help with managing their users, access control management and/or identity management, they can contact the OSG Security team.
OSG Security team can either work on the problem with them or put them in touch with experts in this area depending on the VO’s needs.
A guidance document that summarizes the trust relationship models that VOs can implement is available at