Download presentation
Presentation is loading. Please wait.
Published byKazimierz Jasiński Modified over 5 years ago
1
Security Requirements Analysis for Large-scale Distributed Systems
Syed Naqvi1, Olivier Poitou1, Philippe Massonet1, Alvaro Arenas2 1Centre of Excellence in Information and Communication Technologies (CETIC) {syed.naqvi, olivier.poitou, 2CCLRC Rutherford Appleton Laboratory
2
Outline Introduction Grid Security Requirements
Solutions for these Requirements Conclusions European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
3
Outline Introduction Grid Security Requirements
Solutions for these Requirements Conclusions European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
4
Functional View of Grid Data Management
taken from Application Location based on data attributes Metadata Service Planner: Data location, Replica selection, Selection of compute and storage nodes Replica Location Service Location of one or more physical replicas Information Services State of grid resources, performance measurements and predictions Security and Policy Executor: Initiates data transfers and computations Data Movement Data Access Compute Resources Storage Resources European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
5
FileStamp – Distributed File System
Decentralized multi-writer file system Based on a Peer-to-Peer technology Self managing data storage location European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
6
FileStamp Architecture
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
7
Dynamic replica regeneration
File Redundancy Dynamic replica regeneration European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
8
FileStamp – File Transfer
BitTorrent Technology Moreover transfers can be interrupted and restarted from the last transferred bytes European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
9
Outline Introduction Grid Security Requirements
Solutions for these Requirements Conclusions European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
10
Generic Requirements Authentication Authorization
Each party establishes a level of trust in the identity of the other party Authentication protocol sets up a secure communication channel between the authenticated parties Authorization Allows access to resources based on policies attached to each service. VOs introduce challenging management & policy issues Complex relationships between local site policies and the goals of VO European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
11
Generic Requirements Availability Confidentiality
Legitimate users have access when they need it Replication: well-known technique for improving availability in distributed systems Total network load is also decreased if replicas & requests are reasonably distributed Confidentiality Assures that information does not reach unauthorized individuals, entities, or processes. Achievable by a mechanism for ensuring access control Confidentiality requirements include point-to-point transport as well as store-and-forward mechanisms. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
12
Generic Requirements Integrity Traceability
Assurance that information can only be accessed or modi-fied by those authorized to do so. Nontrivial problem especially when storage hardware and networks are not perfect Traceability Mechanism of observing the various actions taken by the different actors Used to develop audit trails Events are recorded in log files Can be used to determine the responsibility of incidents European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
13
Specific Requirements
Resilience Provides an abstraction layer to hide the architectural changes from the overall security architecture Security architecture should remain intact and should deliver the promised level of security even if its composition changes over time. Grid links and nodes are very dynamic in nature and may change over the time. Data Lifecycle Management (DLM) Lifecycle is the time from the moment data is created until it is deleted or stored indefinitely. Security assurances require spanning the entire lifecycle of data. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
14
Specific Requirements
Fault-tolerance Highly desirable feature especially for large data files transfer. Overlay networks provide caching of transfers. But caching reduces performance of the overall data transfer. Amount of data that can be cached is dependent on the storage policies at the intermediate network points. The caching and other techniques do not consider security parameters Appropriate negotiations protocol is indispensable to negotiate the terms and conditions of security before moving or (temporarily) storing data. Negotiations process should not take its toll on the system’s performance. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
15
Outline Introduction Grid Security Requirements
Solutions for these Requirements Conclusions European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
16
Authentication Current authentication mechanism
File owner issues a certificate for the write access to the file. Authentication of the certificate is performed by the DHT (Distributed Hash Table) nodes and FS (File System) clients. Both signatures are verified when storing/ retrieving a UCB (User Certificate Block) This certificate has some major problems: It always gives write permission even if the user only requires read permission. It’s format is not standardized! It renders compatibility problem with existing standard credentials (X.509, Kerberos, etc.) European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
17
Authentication x509 v3 Bodypart X.509 version 3 Certificate Version
Serial Number Signature Algorithm Issuer Name Validity Subject Name Subject Public Key Issuer Unique ID (v2) Subject unique ID (v2) Extensions (v3) x509 v3 Bodypart X.509 version 3 Certificate Signature Algorithm Signature of CA Digital Signature European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
18
Authorization FileStamp employ local mapping of the user
Like UNIX authorization matrix The mapping serves as an access control check Access to the resource is denied if the user is not listed in the local mapping configuration local policy management and enforcement mechanisms constrain the user’s actions to those allowed by local policy Easy for site administrators to understand and configure Shortcomings: scalability, lack of expressiveness, consistency of policies European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
19
Authorization (through CAS)
CAS Server User proxy CAS-maintained community policy database What rights does the community grant to this user? Policy statement Community Signature Resource Server Client What local policy applies to this user? User proxy Local policy information Policy statement Does the policy statement authorize the request? Community Signature Is this request authorized for the community? European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
20
Availability, Confidentiality, Integrity
Simple yet fragile solution Complex but strong solution European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
21
Resilience & Fault-tolerance (through WS Agreement)
Application Instance Factory Policy create() foo() Agreement Ops: terminate(limits) inspect(query) ... SDEs: Terms Related Status Agrmts. inspect() Consumer Provider Manager Negotiation negotiate(...) negotiate() Negotiator Target is to maintain an optimal number of replicas of a data set Key issues: Determine optimal number of replicas How efficiently the system recognizes faulty nodes How transparent data is migrated FileStamp should be able to negotiate the terms of security parameters with the nodes European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
22
Data Lifecycle Management (through HSM)
VO security policy should explicitly mention the desired lifecycle of the data being managed by the FileStamp FileStamp should indicate the stage where the data generated by the VO operations should be destroyed from the storage devices FileStamp should also employ some secure storage management technique such as HSM (Hierarchical Storage Management) European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
23
Outline Introduction Grid Security Requirements
Solutions for these Requirements Conclusions European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
24
Security is not a product – Security is a process!
Conclusions Global connectivity of computing and storage resources opens up the possibility of misusing information to a degree never seen before The objective to facilitate use of these resources by protecting them against any misuse must, however, be realistic given the current technical infrastructure Security technologies be integrated from the inception stage rather than considering them as add-on optional features The risk and threat pictures are always changing, and their analysis needs to be continuously updated REMEMBER Security is not a product – Security is a process! European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
25
Future Work Formalising the FileStamp Security Requirements using the KAOS methodology Obstacle model Extending KAOS with templates for security requirements Deriving Security Policies from the Security Requirements Policy Refinement Exploiting againg features from KAOS (e.g. goal refinement) European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.