Presentation is loading. Please wait.

Presentation is loading. Please wait.

Grid Security Infrastructure

Published byMathilda de Vos Modified over 5 years ago

Similar presentations

Presentation on theme: "Grid Security Infrastructure"— Presentation transcript:

1 Grid Security Infrastructure
Globus Toolkit™ Developer Tutorial The Globus Project™ Argonne National Laboratory USC Information Sciences Institute Copyright (c) 2002 University of Chicago and The University of Southern California. All Rights Reserved. This presentation is licensed for use under the terms of the Globus Toolkit Public License. See for the full text of this license.

2 Grid Security Infrastructure (GSI)
GSI is: Proxies and delegation (GSI Extensions) for secure single Sign-on Proxies and Delegation PKI (CAs and Certificates) SSL/ TLS SSL for Authentication And message protection PKI for credentials April 25, 2019 Globus Toolkit™ Developer Tutorial: Security

3 Public Key Infrastructure (PKI)
PKI allows you to know that a given public key belongs to a given user PKI builds off of asymmetric encryption: Each entity has two keys: public and private Data encrypted with one key can only be decrypted with other. The private key is known only to the entity The public key is given to the world encapsulated in a X.509 certificate Owner April 25, 2019 Globus Toolkit™ Developer Tutorial: Security

4 Globus Toolkit™ Developer Tutorial: Security
Certificates A X.509 certificate binds a public key to a name It includes a name and a public key (among other things) bundled together and signed by a trusted party (Issuer) Name Issuer Public Key Signature April 25, 2019 Globus Toolkit™ Developer Tutorial: Security

5 Certificate Authorities (CAs)
A small set of trusted entities known as Certificate Authorities (CAs) are established to sign certificates A Certificate Authority is an entity that exists only to sign user certificates The CA signs it’s own certificate which is distributed in a trusted manner Name: CA Issuer: CA CA’s Public Key CA’s Signature April 25, 2019 Globus Toolkit™ Developer Tutorial: Security

6 Secure Socket Layer (SSL)
Also known as TLS (Transport Layer Security) Uses certificates and TCP sockets to provide a secured connection Authentication of one or both parties using the certificates Message protection Confidentiality (encryption) Integrity SSL/TLS Certificates TCP Sockets April 25, 2019 Globus Toolkit™ Developer Tutorial: Security

7 Globus Toolkit™ Developer Tutorial: Security
Important Files /etc/grid-security hostcert.pem: certificate used by the server in mutual authentication hostkey.pem: private key corresponding to the server’s certificate (read-only by root) grid-mapfile: maps grid subject names to local user accounts (really part of gatekeeper) /etc/grid-security/certificates CA certificates: certs that are trusted when validating certs, and thus needn’t be verified ca-signing-policy.conf: defines the subject names that can be signed by each CA April 25, 2019 Globus Toolkit™ Developer Tutorial: Security

8 Globus Toolkit™ Developer Tutorial: Security
Important Files $HOME/.globus usercert.pem: User’s certificate (subject name, public key, CA signature) userkey.pem: User’s private key (encrypted using the user’s pass phrase) /tmp Proxy file(s): Temporary file(s) containing unencrypted proxy private key and certificate (readable only by user’s account) Same approach Kerberos uses for protecting tickets April 25, 2019 Globus Toolkit™ Developer Tutorial: Security

9 Globus Toolkit™ Developer Tutorial: Security
Secure Services On most unix machines, inetd listens for incoming service connections and passes connections to daemons for processing. On Grid servers, the gatekeeper securely performs the same function for many services It handles mutual authentication using files in /etc/grid-security It maps to local users via the gridmap file April 25, 2019 Globus Toolkit™ Developer Tutorial: Security

10 Globus Toolkit™ Developer Tutorial: Security
Sample Gridmap File Gridmap file maintained by Globus administrator Entry maps Grid-id into local user name(s) # Distinguished name Local # username "/C=US/O=Globus/O=NPACI/OU=SDSC/CN=Rich Gallup” rpg "/C=US/O=Globus/O=NPACI/OU=SDSC/CN=Richard Frost” frost "/C=US/O=Globus/O=USC/OU=ISI/CN=Carl Kesselman” u14543 "/C=US/O=Globus/O=ANL/OU=MCS/CN=Ian Foster” itf April 25, 2019 Globus Toolkit™ Developer Tutorial: Security

Download ppt "Grid Security Infrastructure"

Similar presentations

Proxy Certificate Profile Douglas E. Engert Argonne National Laboratory 12/14/2001 COPYRIGHT STATUS: Documents authored by Argonne National.

Proxy Certificate Profile Douglas E. Engert Argonne National Laboratory 12/14/2001 COPYRIGHT STATUS: Documents authored by Argonne National.
Introduction of Grid Security

Introduction of Grid Security
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.

Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
MyProxy: A Multi-Purpose Grid Authentication Service

MyProxy: A Multi-Purpose Grid Authentication Service
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:

Presentation Two: Grid Security Part Two: Grid Security A: Grid Security Infrastructure (GSI) B: PKI and X.509 certificates C: Proxy certificates D:
Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 GRID SECURITY INFRASTRUCTURE (GSI) - Globus Toolkit - ADINA RIPOSAN Department of Applied Informatics.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Grid Security Infrastructure Globus Toolkit™ Developer Tutorial The Globus Project™ Argonne National Laboratory USC Information Sciences Institute

Grid Security Infrastructure Globus Toolkit™ Developer Tutorial The Globus Project™ Argonne National Laboratory USC Information Sciences Institute
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.

National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
DGC Paris 4.03.02 Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.

DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
Security NeSC Training Team International Summer School for Grid Computing, Vico Equense, 10 - 22.6.2005.

Security NeSC Training Team International Summer School for Grid Computing, Vico Equense,
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.

INFSO-RI Enabling Grids for E-sciencE Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.
Grid Security Overview The Globus Project™ Copyright (c) 2002 University of Chicago and The University of Southern California. All.

Grid Security Overview The Globus Project™ Copyright (c) 2002 University of Chicago and The University of Southern California. All.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

Similar presentations

Ads by Google