Download presentation
Presentation is loading. Please wait.
Published byRichard Chorley Modified over 10 years ago
1
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire1 Security Architecture for GRID Applications Séminaire Croisé Sécurité Informatique Ubiquitaire 1. Introduction to the GRID 2. ProActive 3. Declarative Security 4. Example Arnaud Contes - OASIS
2
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire2 1. Introduction : Context Net Applications Single Grid Distributed Grid
3
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire3 Issues for Grid Security Authentication of Computers, Users, and Applications Creation, connection to, and monitoring of activities Authentication, Integrity and Confidentiality (AIC) of communications Hierarchical domains Security Policies: Application, Domain Variation in Grid network links : LAN, Wireless, VPN, Internet Variation in deployment
4
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire4 Objectives Goals : Authentication of Computers, Users, and Applications Communication authentication, privacy and integrity Security defined at user and administrator level Easy and adaptable configuration Support for current middlewares features : deployment, migration, group communication, components Ways : Ubiquitous Security (Meta Object Protocol) Logical Security Architecture / Abstract Deployment Declarative Security Language
5
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire5 A Java API + Tools for Parallel, Distributed Computing A uniform framework: An Active Object pattern A formal model behind: Prop. Determinism, insensitivity to deploy. Main features: Remotely accessible Objects Asynchronous Communications with synchro: automatic Futures Group Communications, Migration (mobile computations) XML Deployment Descriptors Interfaced with various protocols: rsh,ssh,LSF,Globus,Jini,RMIregistry Visualization and monitoring: IC2D Security 2. ProActive
6
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire6 Standard system at Runtime No sharing between activities Active Object Passive Object Node
7
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire7 Secure Active Object Body Reply Receiver Service A Security Manager Reply Sender Request Sender Request Receiver B Stub_A Proxy node1node2
8
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire8 Abstract Deployment Model A key principle: Abstract Away from source code: Machine names, Creation Protocols, Lookup and Registry Protocols In program source: Virtual Node (a string name) In XML descriptors: Mapping of VN to JVMs Create or Acquire JVMs Program Source Descriptor (RunTime) |----------------------------------| |-------------------------------------------| Activities (AO) --> VN VN --> JVMs --> Hosts
9
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire9 Descriptors: Mapping Virtual Nodes VirtualNodes: Dispatcher RendererSet Mapping: Dispatcher --> DispatcherJVM RendererSet --> JVMset JVMs: DispatcherJVM = Current // (the current JVM) JVMset=//ClusterSophia.inria.fr/
10
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire10 3. Security Non-functional security Hierarchical security domains Dynamic policy negotiation Certification chain to identify users, JVMs, objects Application security policies set by deployment descriptors
11
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire11 Authentication : X509 Certificate Requestor Generates Key Pair CA Verifies ID, Key Pair, and User Eligibility CA Binds Public Key to ID by Signing the Certificate CA Presents Signed X509 v3 Certificate to Requestor
12
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire12 Application authentication User certificate Application certificate Entities certificates Generate certificate
13
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire13 Hierarchical Domains Logical way to group many entities that have the same security needs. Domains are hierarchical. Sub-domains inherits parent’s security policies. Default : Sub-domains cannot weaken parent’s security policies. ‘Can override‘ : a domain authorizes an entity to override its policies Find the first common domain if exists Dynamically configurable via SSL connections
14
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire14 Multi-level Policies DnDn Accept Deny D0D0 D n-1 Accept Deny VN Accept Deny AO Accept Deny Computing a security policy according all matching rules from domains, Virtual Node and Active Object. Security policy Administrator-/ User-level policy Application- level policy
15
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire15 Security Rule Interactions : JVMCreation NodeCreation CodeLoading ObjectCreation ObjectMigration Request Reply Listing Entities : Domain User Virtual Node Object Entities -> Entities : Interactions # Security Attributes Attributes : Authentication Integrity Confidentiality Each attribute can be : Allowed Optional Disallowed
16
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire16 Combining Policies Search for the most specific rule in each domain. Retrieve all matching rules in the Domain hierarchy, the Virtual Node and the Active Object. Compute policies according to security attributes. Required (+) Optional (?) Disallowed (-) Optional (?) Disallowed (-) Sender Receiver + + + ? - - - invalid
17
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire17 Descriptor Security Model A key principle: Specify security policies according to the deployment In program source: Virtual Node (VN, a string name): In XML descriptors: List of policy rules Trusted Certification Authorities
18
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire18 Descriptors: Security VirtualNodes vn1, vn2 SECURITY: VN [vn1] -> VN [vn2] : Q,P # [+A,?I,+C] VN [vn1] -> VN [vn2] : M # Forbidden VN [vn2] -> VN [vn1] : Q,P # [?A,?I,?C] VN [vn2] -> VN [vn1] : M # Forbidden Mapping: vn1 --> GridAComputers, GridBComputers vn2 --> GridAComputers JVMs: /…/
19
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire19 ProActive Security Manager In charge of security for an active object Retrieve, combine and negotiate policies Negotiate session key, Encrypt/decrypt messages
20
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire20 Request to an Active Object Body Request Receiver Reply Receiver Service Object Security Manager Reply Sender Body Request Receiver Reply Receiver Service Object Security Manager Reply Sender Proxy Request Sender Policy computation Keys exchange Request pathSecurity mechanims encrypt decrypt Active Object
21
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire21 4. Example 2 domaines GridA & gridB with security policies Domain [GridA]-> Domain [GridB]: Q,P,M # [+A,+I,+C] Domain [GridB]-> Domain [GridA]: Q,P,M # [+A,+I,+C] Application : 2 Virtual Nodes (vn1,vn2) 2 Active objects
22
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire22 Example Domain GridADomain GridB VN1 VN2 Policy rules database JVM
23
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire23 Descriptors: Security VirtualNodes vn1, vn2 SECURITY: VN [vn1] -> VN [vn2] : Q,P # [+A,?I,+C] VN [vn1] -> VN [vn2] : M # Forbidden VN [vn2] -> VN [vn1] : Q,P # [?A,?I,?C] VN [vn2] -> VN [vn1] : M # Forbidden Mapping: vn1 --> GridAComputers, GridBComputers vn2 --> GridAComputers JVMs: /…/
24
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire24 Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah);
25
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire25 Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah);
26
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire26 Example Domain GridADomain GridB VN1 VN2 Policy rules database JVM
27
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire27 Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah);
28
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire28 Example Domain GridADomain GridB Rose Daliah VN1 VN2 Policy rules database JVM
29
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire29 Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah);
30
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire30 Example Domain GridADomain GridB Rose Daliah VN1 VN2 Policy rules database Migration : - same VN - same domain Can I migrate to the next VN1 node ? JVM
31
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire31 Example Domain GridADomain GridB Daliah VN1 VN2 Policy rules database Rose Migration : - same VN - same domain 1 - retrieve VN policy 2 - migration allowed JVM
32
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire32 Example Domain GridADomain GridB Rose Daliah VN1 VN2 Policy rules database Migration : - same VN - same domain JVM
33
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire33 Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah);
34
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire34 Example Domain GridADomain GridB Rose Daliah VN1 VN2 Policy rules database Method call : - other VN - same domain JVM Can I make a method call to Daliah on vn2 ?
35
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire35 Example Domain GridADomain GridB VN1 VN2 Policy rules database Method call : - other VN - same domain JVM Rose 1 - VN1 -> VN2 : [?A,?I,?C] 2 - result policy : [?A,?I,?C] 3 - method call allowed Daliah
36
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire36 Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah);
37
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire37 Example Domain GridADomain GridB Daliah VN1 VN2 Policy rules database Migration : - other VN - same domain JVM Rose Can I migrate to the next VN2 node ? VN1 policy : forbidden
38
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire38 Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah);
39
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire39 Example Domain GridADomain GridB Rose Daliah VN1 VN2 Policy rules database Migration : - same VN - other domain JVM Can I migrate to the next VN1 node on GridB domain?
40
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire40 Example Domain GridADomain GridB Daliah VN1 VN2 Policy rules database Migration : - same VN - other domain Rose JVM 1- VN1 policy -> none 2- GridA -> GridB : [+A,+I,+C] 3- migration with [+A,+I,+C]
41
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire41 Example Domain GridADomain GridB Rose Daliah VN1 VN2 Policy rules database Migration : - same VN - other domain JVM
42
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire42 Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah);
43
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire43 Example Domain GridADomain GridB Daliah VN1 VN2 Policy rules database Method call : - other VN - other domain Rose JVM
44
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire44 Conclusion ProActive Security Features Authentication of users and applications Authentication, integrity and confidentiality of communications Security model for mobile applications Dynamically negotiated policies, non-functional security Logical security representation : security is easily adaptable to the deployment Perspectives: Group communication, OGSA Security: Open Grid Services Architecture, Hardware mobility : PDAs
45
26 Mai 2004 Séminaire Croisé : Sécurité Informatique Ubiquitaire45 Questions ?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.