Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Security Risks in Clouds and Grids Condor Week May 5, 2011 Barton P. Miller James A. Kupsch Computer Sciences Department University of Wisconsin

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Security Risks in Clouds and Grids Condor Week May 5, 2011 Barton P. Miller James A. Kupsch Computer Sciences Department University of Wisconsin"— Presentation transcript:

1 1 Security Risks in Clouds and Grids Condor Week May 5, 2011 Barton P. Miller James A. Kupsch Computer Sciences Department University of Wisconsin bart@cs.wisc.edu Elisa Heymann Computer Architecture and Operating Systems Department Universitat Autònoma de Barcelona Elisa.Heymann@uab.es

2 Efficient execution of SPMD Applications on Multicore Environments Multicore Environment Problem Hierarchical communication architecture 5 1 4 2 3 SPMD Application Message Passing Interface SPMD Tile Communications Core Idle Time Ideal Size of Supertile Ideal Number of Core Internal tile Edge tile SuperTile allows to overlap the internal computation with edge communication Methodology How?  Maximum Speedup  Efficiency over a defined threshold Objective

3 Base Machine Build Parallel Application Signature (Coordinated Checkpoint + Phases + Weights) Build Parallel Application Signature (Coordinated Checkpoint + Phases + Weights) Instrumentation Parallel Application Collection data Parallel Application Model Patterns Identification Extract Phases and Weights Target Machine B Target Machine A Time of each Phase by weight Prediction S Time of each Phase by weight Prediction S

4 Possible Threat? ›Clouds and Grids have databases with management and operational information ›Denial of Service: –Prevent updates in the database 4

5 Possible Threat? ›Hijack machines –Process escapes Cloud/Grid/control: Keeps forking and exiting to escape detection. Evil Job PID 1 Evil Job PID 2 Evil Job PID 3 fork Evil Job PID n... ? 5

6 Possible Threat? ›Cloud/Grid Accounting System –Maintains a Grid-wide view of resource utilization. Job Submission (Priority in the batch queue, CPU time, Memory usage) Storage (Disk usage, Tape storage) –Accounting Information easily available to people (web interface) and to applications (Web Services) ›Use the Accounting System for bad purposes. 6

7 7 Possible Threat?

8 8 Real Threat!

9 9 What the bad guys can do ›Gain root access ›Privilege escalation –Gain higher privilege access (admin, condor) ›Hijack machines –Attack the process running there

10 10 What the bad guys can do ›Injections –Command –SQL –Directory traversal –Log 1.String user = request.getParameter("user"); 2.String password = request.getParameter("password"); 3.String sql = "select * from user where username=' " + user + " ' and password=' " + password + " ' "; ' or '1'='1'--

11 11 What the bad guys can do ›Injections –Command –SQL –Directory traversal –Log ›Denial of Service (DoS)

12 12 What the bad guys can do ›Injections –Command –SQL –Directory traversal –Log ›Denial of Service (DoS)

13 13 Why do we care ›Machines belonging to a cloud/grid site are accessible from the Internet ›Hundred of thousands of machines are appealing ›Those machines are continuously probed: –Attackers trying to brute-force passwords –Attackers trying to break Web applications –Attackers trying to break into servers and obtain administrator rights

14 14 Why do we do it ›SW has vulnerabilities ›Cloud and Grid SW is complex and large ›Vulnerabilities can be exploited by legal users or by others

15 15 Why do we do it ›Attacker chooses the time, place, method, … ›Defender needs to protect against all possible attacks (currently known, and those yet to be discovered)

16 16 Key Issues for Security ›Need independent assessment –Software engineers have long known that testing groups must be independent of development groups ›Need an assessment process that is NOT based solely on known vulnerabilities –Such approaches will not find new types and variations of attacks

17 17 Our Piece of the Solution Space First Principles Vulnerability Assessment: ›An analyst-centric (manual) assessment process. ›You can’t look carefully at every line of code so: then identify key resources and privilege levels, component interactions and trust delegation, then focused component analysis. Don’t start with known threats … … instead, identify high value assets in the code and work outward to derive threats. Start with architectural analysis,

18 First Principles Vulnerability Assessment Understanding the System Step 1: Architectural Analysis –Functionality and structure of the system, major components (modules, threads, processes), communication channels –Interactions among components and with users

19 Architectural Analysis: Condor condor & root OS privileges user master Condor submit host schedd shadow submit 1. fork 3. submit job ClassAd 8. fork master Condor execute host startd starter job 1. fork 8. fork 10. start job master Stork server host stork_server 1. fork Condor execute host master negotiatorcollector 1. fork 5. Negotiator cycle 2. machine ClassAd 4. job ClassA d 5. Negotiator cycle 6.Report match 7.claim host 9. establish channel

20 First Principles Vulnerability Assessment Understanding the System Step 2: Resource Identification –Key resources accessed by each component –Operations allowed on those resources Step 3: Trust & Privilege Analysis –How components are protected and who can access them –Privilege level at which each component runs –Trust delegation

21 condor OS privileges root user generic Condor daemon (a) Common Resources on All Condor Hosts Condor Binaries & Libraries Condor Config etc Operational Data & Run-time Config Files spool Operational Log Files log ckpt_server (b) Unique Condor Checkpoint Server Resources Checkpoint Directory ckpt (d) Unique Condor Submit Resources shadow User’s Files user (c) Unique Condor Execute Resources User Jobstarter Job Execution Directories execute System Call Forwarding and Remove I/O (with Standard Universe Jobs) Send and Receive Checkpoints (with Standard Universe Jobs) Resource Analysis: Condor

22 First Principles Vulnerability Assessment Search for Vulnerabilities Step 4: Component Evaluation –Examine critical components in depth –Guide search using: Diagrams from steps 1-3 Knowledge of vulnerabilities –Helped by Automated scanning tools

23 First Principles Vulnerability Assessment Taking Actions Step 5: Dissemination of Results –Report vulnerabilities –Interaction with developers –Disclosure of vulnerabilities

24 24 Our Experience Condor, University of Wisconsin Batch queuing workload management system 15 vulnerabilities 600 KLOC of C and C++ SRB, SDSC Storage Resource Broker - data grid 5 vulnerabilities 280 KLOC of C MyProxy, NCSA Credential Management System 5 vulnerabilities 25 KLOC of C glExec, Nikhef Identity mapping service 5 vulnerabilities 48 KLOC of C Gratia Condor Probe, FNAL and Open Science Grid Feeds Condor Usage into Gratia Accounting System 3 vulnerabilities 1.7 KLOC of Perl and Bash Condor Quill, University of Wisconsin DBMS Storage of Condor Operational and Historical Data 6 vulnerabilities 7.9 KLOC of C and C++

25 25 Our Experience Wireshark, wireshark.org Network Protocol Analyzer in progress 2400 KLOC of C Condor Privilege Separation, Univ. of Wisconsin Restricted Identity Switching Module 21 KLOC of C and C++ VOMS Admin, INFN Web management interface to VOMS data 35 KLOC of Java and PHP CrossBroker, Universitat Autònoma de Barcelona Resource Mgr for Parallel & Interactive Applications 97 KLOC of C++

26 26 Our Experience ARGUS 1.2, HIP, INFN, NIKHEF, SWITCH gLite Authorization Service in progress glExec 0.8, Nikhef Identity mapping service

27 27 What do we do ›Make cloud/grid software more secure ›Make in-depth assessments more automated ›Teach tutorials for users, developers, admin, managers: –Security risks –Vulnerability assessment –Secure programming

28 28 Who we are Elisa Heymann Eduardo Cesar Jairo Serrano Guifré Ruiz Manuel Brugnoli Bart Miller Jim Kupsch Karl Mazurak Rohit Koul Daniel Crowell Wenbin Fang

29 29 Security Risks in Clouds and Grids Barton P. Miller James A. Kupsch bart@cs.wisc.edu Elisa Heymann Elisa.Heymann@uab.es http://www.cs.wisc.edu/mist/ http://www.cs.wisc.edu/mist/papers/VAshort.pdf

Download ppt "1 Security Risks in Clouds and Grids Condor Week May 5, 2011 Barton P. Miller James A. Kupsch Computer Sciences Department University of Wisconsin"

Similar presentations

Current methods for negotiating firewalls for the Condor ® system Bruce Beckles (University of Cambridge Computing Service) Se-Chang Son (University of.

Current methods for negotiating firewalls for the Condor ® system Bruce Beckles (University of Cambridge Computing Service) Se-Chang Son (University of.
4/2/2002HEP Globus Testing Request - Jae Yu x2814 1 Participating in Globus Test-bed Activity for DØGrid UTA HEP group is playing a leading role in establishing.

4/2/2002HEP Globus Testing Request - Jae Yu x Participating in Globus Test-bed Activity for DØGrid UTA HEP group is playing a leading role in establishing.
Introduction CSCI 444/544 Operating Systems Fall 2008.

Introduction CSCI 444/544 Operating Systems Fall 2008.
Seminar Grid Computing ‘05 Hui Li Sep 19, 2005. Overview Brief Introduction Presentations Projects Remarks.

Seminar Grid Computing ‘05 Hui Li Sep 19, Overview Brief Introduction Presentations Projects Remarks.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Condor Overview Bill Hoagland. Condor Workload management system for compute-intensive jobs Harnesses collection of dedicated or non-dedicated hardware.

Condor Overview Bill Hoagland. Condor Workload management system for compute-intensive jobs Harnesses collection of dedicated or non-dedicated hardware.
Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.

Slide 3-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 3 Operating System Organization.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Chapter 6: Hostile Code Guide to Computer Network Security.

Chapter 6: Hostile Code Guide to Computer Network Security.
Condor Project Computer Sciences Department University of Wisconsin-Madison Security in Condor.

Condor Project Computer Sciences Department University of Wisconsin-Madison Security in Condor.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
1 Update on the Vulnerability Assessment Effort Elisa Heymann Computer Architecture and Operating Systems Department Universitat Autònoma de Barcelona.

1 Update on the Vulnerability Assessment Effort Elisa Heymann Computer Architecture and Operating Systems Department Universitat Autònoma de Barcelona.
Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 The EGI Software Vulnerability Group and EMI Dr Linda Cornwall, STFC, Rutherford.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI The EGI Software Vulnerability Group and EMI Dr Linda Cornwall, STFC, Rutherford.
Distributed Systems Early Examples. Projects NOW – a Network Of Workstations University of California, Berkely Terminated about 1997 after demonstrating.

Distributed Systems Early Examples. Projects NOW – a Network Of Workstations University of California, Berkely Terminated about 1997 after demonstrating.
SECURITY IN CLOUD COMPUTING By Bina Bhaskar Anand Mukundan.

SECURITY IN CLOUD COMPUTING By Bina Bhaskar Anand Mukundan.
Automated Tracing and Visualization of Software Security Structure and Properties Symposium on Visualization for Cyber Security 2012 (VizSec’12) Seattle,

Automated Tracing and Visualization of Software Security Structure and Properties Symposium on Visualization for Cyber Security 2012 (VizSec’12) Seattle,
Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Drupal Security Securing your Configuration Justin C. Klein Keane University of Pennsylvania School of Arts and Sciences Information Security and Unix.

Similar presentations

Ads by Google