Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Authorization System for Grid Applications Thesis Presentation 5 th Dec 2006 Author: Wang Xiao Supervisor: Professor Heikki Hämmäinen Instructor: MSc.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "An Authorization System for Grid Applications Thesis Presentation 5 th Dec 2006 Author: Wang Xiao Supervisor: Professor Heikki Hämmäinen Instructor: MSc."— Presentation transcript:

1 An Authorization System for Grid Applications Thesis Presentation 5 th Dec 2006 Author: Wang Xiao Supervisor: Professor Heikki Hämmäinen Instructor: MSc. Mikko Pitkänen Place: 3 months in CERN, Geneva and other time in HIP, Espoo

2 Agenda  Background  Objectives and Methodology  Grid Introduction  Grid Security  VOMS  Conclusion  Future Study

3 Background  CERN- European Laboratory for Particle Physics Built in 1954, research area is widely ranged World Wide Web is developed from CERN Large Hardron Collider (LHC) Project: Powerful particle accelerator brings protons and ions into head-on collisions. LHC will need a lot of computing power as it can produce 40 million collisions per second, and will be 10 petabytes per year. Requirement for computing power equivalent to 100,000 of today’s fastest PC processors. LHC Computing Grid Project in CERN- LCG  HIP- Helsinki Institute of Physics  EGEE project Largest European Grid project is coordinated at CERN

4 Objective and Methodology  Objective The objective is to study the Grid security systems, expecially focusing on Grid Authorization System VOMS- Vitual Organziation Membership Service  Methodology Literature survey over alternative solutions and architectures Studying current design architecture Studying current implementation by looking into source code repositories

5 Grid Introduction  Grid is emerged as a new field of distributed computing, which focuses on the resource sharing securely among dynamic number of people and organizations.  Grid can be a resource sharing infrastructure,a computing infrastructure or the next generation Internet.

6 Grid Security  Grid Security is a critical aspect of Grid service.  Security: Authentication and Authorization Authentication: ID of the person Authorization: User’s ability to perform operations  Grid Security Techniques Grid Security Infrastructures (GSI) EDG Java Security

7 Security Basics(1)  Cryptography and Public Key Infrastructure (PKI) Symmetric-key encryption Asymmetric-key encryption

8 Security Basics(2)--Certificates  X509v3 Certificate –driving license Most commonly used PKI standard. Certificate Authority (CA) Certificate contains public key information that is signed by the CA. Attribute Certificate, like Visa, binds a set of attributes of the user or other authorization information for the user.

9 Grid Security Infrastructure (GSI)  Provides fundamentals services for Grid Security.  Authentication: Makes use of Certificates User Certificate Server Certificate Mutual communications, the client and server exchange its certificate to make the authentication.

10 An Example of User Certificate  Certificate:  Data:  Version: 1 (0x0)  Serial Number: 150 (0x96)  Signature Algorithm: md5WithRSAEncryption  Issuer: C=CH, O=HIP, OU=TECH, CN=112 Test CA  Validity  Not Before: Jul 16 08:51:21 2004 GMT  Not After: Jul 23 08:51:21 2004 GMT  Subject: C=CH, O=HIP, OU=TECH, CN=Xiao  Subject Public Key Info:  Public Key Algorithm: rsaEncryption  RSA Public Key: (512 bit)  Modulus (512 bit):  00:c1:da:2e:5c:01:00:67:86:7c:b6:d0:69:43:f9:  0c:06:7b:83:85:35:19:6c:ea:ad:0c:ff:c5:4e:f3:  09:83:e4:39:08:63:df:4c:ab:43:4b:50:35:26:a4:  1b:42:f8:db:97:0c:4e:f1:55:93:10:d4:28:d7:eb:  86:58:3f:7c:6b  Exponent: 65537 (0x10001)  Signature Algorithm: md5WithRSAEncryption  59:86:1c:fc:ab:38:3c:bb:6c:06:02:e9:50:7a:00:35:c7:0f:  25:3b:f8:b1:f9:fa:5b:4a:95:99:03:a5:56:19:c0:5e:b7:a0:  fb:5f:df:e7:26:50:d2:b1:b1:c5:1a:c4:d9:be:05:68:71:24:  0e:42:12:59:b6:c4:90:a0:ef:8d:8e:bc:46:31:8c:c1:f7:65:  1b:d7:dc:cb:51:07:3d:bb:a2:39:5b:5f:82:7c:06:64:82:e1:  14:2d:d9:75:bd:bf:ee:2d:38:3a:ac:11:fb:91:12:79:f5:d4:  a8:dd:0a:15:7f:e2:04:45:9b:5f:c4:dc:dd:ef:2c:a9:ae:6b:  23:8c

11 Authorization in GSI  Makes use of Grid-mapfile  Maps the user to a local unix account

12 VOMS  Short for Virtual Organization Member Service  A centralized service that is used to manage the authorization in Virtual Organization(VO) scope.  Developed by EGEE  Problem with Current grid-mapfile, not scalable as the number of users increase. Thus strong requirement for VOMS.

13 Overview on Glite VOMS Environment

14 VOMS architecture  User Server  User Client  Administration Client  Administration Server

15 Use Case 1. The client (user) and the VOMS server authenticate each other by using the normal Grid certificates. 2. The client sends the request to the VOMS server. 3. The Server checks the user certificate and the request. 4. The Server signs the information that is retrieved from VOMS database based on the user request and sends the signed information back to the client. Here the VOMS server signature is used to verify that a trusted VOMS service has provided the authorization information that will be attached to the user’s proxy. 5. The client then checks the information received from the server. 6. The client application creates a proxy certificate on behalf of the user containing the information received from the VOMS server added as an extension to the user’s X509 certificate.

16 Conclusions 1. Java solution for VOMS 2. Shibboleth based AAI combined with VOMS and Grid

17 Future Studies 1. Secure Resource Sharing techniques, scalablility and reliability for the system 2. Usability of Grid Thank You!

Download ppt "An Authorization System for Grid Applications Thesis Presentation 5 th Dec 2006 Author: Wang Xiao Supervisor: Professor Heikki Hämmäinen Instructor: MSc."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Introduction of Grid Security

Introduction of Grid Security
The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK

The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.
CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
It’s not about security... it’s about access! Grid Security Pieter van Beek.

It’s not about security... it’s about access! Grid Security Pieter van Beek.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Similar presentations

Ads by Google