Presentation is loading. Please wait.

Presentation is loading. Please wait.

Grid Security Risks Mike Surridge

Published byEgbert Stevenson Modified over 6 years ago

Similar presentations

Presentation on theme: "Grid Security Risks Mike Surridge"— Presentation transcript:

1 Grid Security Risks Mike Surridge ms@it-innovation.soton.ac.uk
GGF12, 20 Sep 2004, Brussels

2 Grid Security Risks Connecting to Grids is a risky business
your machine could be cracked your data may be intercepted or corrupted your credentials may be compromised to protect against all this may be too expensive On the other hand using any computer network is risky using Grids can be very advantageous How can we benefit while managing risks?

3 Asset-Based Security Risk Analysis Risk Management Identify and
value assets Define risk management approach Identify threats and risks Implement defences Identify and cost defences

4 Risk Analysis Value assets based on impact of compromise
high: likely to cause total business failure med: serious but not fatal impact low: irritating but not serious Threats based on likelihood of attack high: attacks will definitely take place med: attacks may occur from time to time low: attacks are unlikely Analyse risks based on likelihood of success taking account of existing defences

5 Risk Management Determine appropriate response to threats
acceptance: live with the potential consequences reduction: introduce defences avoidance: don’t use the system Leads to cost-effective security as much security as you need not more than you can afford Application to Grids pioneered by UK STF A.Sasse, H.Chivers, M.Surridge, etc

6 Case Study: Comb-e-Chem
National Crystallography Service providing access to experimental steering delivering data for Grid-based computations Assets: medium or high value campus system and network integrity (high) sample tracking data (med) experimental result data (low/med) Threats: high likelyhood system attacks from outside campus (high) system attacks from inside campus (med) compromise of remote user credentials (med)

7 Security Threats

8 Case Study: GEMSS Grid-enabled Medical Simulation Services
for clinical and non-clinical applications Assets: high or medium value hospital network and system integrity (high) privacy of personal data - cf EU D 95/46 or D 2002/58 (high) hospital reputation (med) Threats: high or medium likelyhood compromise of remote systems (high) interception of personal data (high) Defences: operate in accordance with legal constraints architect against too much dependency

9 Grid Proxies and Trust

10 Conclusion Grid risks can be managed at reasonable cost
asset-based risk assessment appropriate defences (sometimes risk acceptance) Most security compromises are not Grid-specific systems compromised by other means failure to use best practice in network management Some problems are Grid-related risk propagation and inter-site dependencies Mitigation often involves conservative Grid architecture conventional defences response planning and user training

11 Grid Security Risks Mike Surridge ms@it-innovation.soton.ac.uk
GGF12, 20 Sep 2004, Brussels

Download ppt "Grid Security Risks Mike Surridge"

Similar presentations

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.
Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk email o Over 70% of email traffic  Bugs ---

Chapter 1 We’ve Got Problems…. Four Horsemen  … of the electronic apocalypse  Spam --- unsolicited bulk o Over 70% of traffic  Bugs ---
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,

Chapter 10. Understand the importance of establishing a health care organization-wide security program. Identify significant threats—internal, external,
Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.

Risk Assessment What is RISK?  requires vulnerability  likelihood of successful attack  amount of potential damage Two approaches:  threat modeling.
Is There a Security Problem in Computing? Network Security / G. Steffen1.

Is There a Security Problem in Computing? Network Security / G. Steffen1.
Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.

Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Fine Tuned Machines Building a Strong Brand Image by Securing External Data Transmission A Review of Information Security in the Debt Collections World.

Fine Tuned Machines Building a Strong Brand Image by Securing External Data Transmission A Review of Information Security in the Debt Collections World.
Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.

Chapter 1: Introduction Components of computer security Threats Policies and mechanisms The role of trust Assurance Operational Issues Human Issues Computer.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Comb-e-Chem PKI Mike Surridge, Steve Taylor IT Innovation.

Comb-e-Chem PKI Mike Surridge, Steve Taylor IT Innovation.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
R-1 Project Risk Management. R-2  Qualitative Risk Analysis  Quantitative Risk Analysis  Risk Response Planning  Sticky note technique  Risk matrix.

R-1 Project Risk Management. R-2  Qualitative Risk Analysis  Quantitative Risk Analysis  Risk Response Planning  Sticky note technique  Risk matrix.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.
Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Thomas Levy. Agenda 1.Aims: CIAN 2.Common Business Attacks 3.Information Security & Risk Management 4.Access Control 5.Cryptography 6.Physical Security.

Similar presentations

Ads by Google