Presentation is loading. Please wait.

Presentation is loading. Please wait.

SecPAL*: A security policy language to support grid on demand Jason Hogg Program Manager Grid Security Advanced Technology Incubation.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SecPAL*: A security policy language to support grid on demand Jason Hogg Program Manager Grid Security Advanced Technology Incubation."— Presentation transcript:

1 SecPAL*: A security policy language to support grid on demand Jason Hogg (jason.hogg@microsoft.com) Program Manager Grid Security Advanced Technology Incubation Group Microsoft Corp. *Security Policy Assertion Language

2 Agenda Introduction Research motivation SecPAL Syntax and Semantics Walkthrough securing a simple scenario Demonstration Next steps

3 3 Introduction SecPAL developed to address security challenges in large-scale distributed systems such as computing grids – Comprehensive solution with uniform semantics – Flexibility to support different operational models – Fine-grained trusts and constrained delegation SecPAL is Research – It is not a product and is not officially supported – The.NET research release has been made available to encourage organizations with complex security requirements to establish proof-of- concept applications and provide feedback which can be used to improve SecPAL should it be incorporated into a product at a future point in time Joint research being developed by the Advanced Technology Incubation Group and Microsoft Research in Cambridge January 9, 2007Private & Confidential

4 Utility Computing TeraGrid is one example of how this model is used for scientific computing. – TeraGrid aims to build the world's largest, most comprehensive grid computing cyber-infrastructure for open scientific research. – Scientific Gateway solutions are being developed combining portals and desktop applications as gateways to access computational resources, information, and instruments. – Gateways provide communities of like-minded scientists access to a variety of capabilities including workflows, visualization, resource discovery and job execution services. Software as a Service model for accessing compute / grid resources is also gaining mainstream popularity – Sun Grid, Amazon S3, Microsoft all have utility computing offerings.

5 TeraGrid Network

6 Motivation for SecPAL Existing approaches are complex to manage, fail to meet important customer needs – especially in federated environments, are hard to maintain, and impossible to analyze Existing policy mechanisms a major contributor – Disjoint, often ad hoc approaches for establishing Trust, attribute binding, authZ, delegation, audit, … and almost certainly many different semantics – Can’t express some customer needs (distributed mgt, fine-gained trusts, delegations, revocation etc) – Composition of policies is problematic Token Policy semantic differences exacerbate the situation – Mapping tables often needed for attribute translation or binding to local attributes – Typically support only limited name/attribute formats 6January 9, 2007Private & Confidential

7 7 What is SecPAL? Declarative, logic-based, security policy language – Easily read as English sentences with a restricted grammar – Simple syntactic checks ensure evaluation safety – XML-based: serializes as XML, uses standard parsers, schema, XMLDSIG, XMLENC Complete solution for Grid access control requirements – Trust, authorization, delegation policies, auditing, PKI for identity management – Can work with existing identity management mechanisms January 9, 2007Private & Confidential

8 Assertion (Token, Policy, AuthorizationQuery) – A says claim Claim (conditional fact) – fact [if fact1, fact2, …, factn, constraint] Fact – P can verb resource [qual](action) – P possess attrib=value [qual](possession) – P can say fact(delegation) – P can act as P’(alias) – P can revoke [ClaimId](revocation) Example: ResourceGuard says Bob can read http://foo.com/http://foo.com/ if Bob can write http://foo.com/http://foo.com/ January 9, 20078Private & Confidential Facts, Claims and Assertions

9 Variables SecPAL assertions can include variables – allowing generic policies to be authored Variables are substituted for concrete values at evaluation-time Example: CHPCAdmin says VO-ReseachGrid-STS can say %p possesses %a where %a matches rfc822Name:".*@contoso\.edu"

10 Canonical Grid Environment 10

11 Scenario: User Schedules a Job User from within a virtual organization (called Research Grid VO) wants to submit grid jobs to a computational cluster in an external organization (called the Center for High-Performance Computing). Requires two types of policies: – Trust relationship – Resource access policy

12 Step 1: Establish a trust relationship Master Scheduler could establish a trust-relationship directly with our end-user Bob; however, this interaction quickly becomes unmanageable for any sizable environment. Rather, the common practice is for CHPC to establish a trust relationship with an authority, such as the Research Grid Security Token Service (STS), responsible for certifying grid users. CHPCAdmin says VO-ReseachGrid-STS can say %p possesses %a (from %t1 until %t2) where %t2 - %t1 <= "366.00:00:00", %t1 <= CurrentTime() <= %t2, %a matches rfc822Name:".*@contoso\.edu"

13 Step 2: Define resource access policy The CHPC master scheduler would have a local authorization policy controlling who may use the job management services. This will typically rely on the organizational trust policy since the scheduler service administrator won’t typically be responsible for cross-organizational relationships. CHPCAdmin says %p can execute service:"http://www.chpc.org/scheduleJob" if %p possesses %a where %a matches rfc822Name:".*@contoso\.edu "

14 Step 3: User requests an identity token For our user Bob to schedule a job, he first needs to obtain an identity token from the Research Grid STS which contains his email name. This might require he authenticate using a Contoso supplied authentication credential (such as an X.509 certificate, Kerberos token, SAML token or another SecPAL token) which is accepted by grid services. The grid token obtained from the STS would contain the assertion: VO-ReseachGrid-STS says Bob possesses rfc822Name:"Bob@contoso.edu" (from "2007-01-01" until "2007-12-31")

15 Step 4a: User submits a job Now Bob can submit a request to initiate a job on the CHPC cluster by sending an authenticated message containing his SecPAL token along with the job information needed by the CHPC master scheduler. The scheduler can then formulate a SecPAL query similar to: CHPCAdmin says Bob can execute service:"http://www.chpc.org/scheduleJob"?

16 Step 4b: Authorization Decision SecPAL evaluation engine evaluates the authorization query based on relevant policies and tokens Positive authorization decisions include a proof graph showing relevant policies and tokens that lead to the authorization decision Critical for auditing / compliance requirements

17 Step 6: User delegates rights Bob can also take advantage of SecPAL to formulate a delegation of his rights to access a data file on a server at Birch University where the job data may reside. Bob says Scheduler can say %p read file://BirchFileShare/jobData (from %t1 tio %t2) if %t2-%t1<5 days Scheduler says Bob-Job can read file://BirchFileShare/jobData [from 2007-04- 28 to 2007-05-01]

18 Demonstration

19 Summary SecPAL was designed to solve challenges such as: How does an organization establish a fine-grained trust relationship with another organization across organizational boundaries? How does a user delegate a subset of a user’s rights (constrained delegation) to another user residing either in the same organization or in a different organization? How can access control policy be authored and reviewed in a manner that is human readable - allowing auditors and non- technical people to understand such policies? How does an organization support compliance regulations requiring that a system be able to demonstrate exactly why it was that a user was granted access to a resource? How can policies be authored, composed and evaluated in a manner that is efficient, deterministic and tractable?

20 Research Availability Public Availability – SecPAL Formal Model and Whitepaper – SecPAL Preview Binaries and Developer Documentation – SecPAL Schema and Schema Specification – http://research.microsoft.com/projects/secpal http://research.microsoft.com/projects/secpal Community Workspace – Additional scenarios – API questions – Additional downloads – query editor available shortly – http://www.codeplex.com/secpal http://www.codeplex.com/secpal January 9, 2007Private & Confidential20

21 Call to Action Evaluate – Download the.NET Research Release – Look at the 15 authorization patterns – Follow the tutorial in the developmer docs – Build a prototype to meet your requirements Provide feedback – This work is currently research – perfect time to have your feedback incorporated What other patterns does your organization use? How successful were you at solving these with SecPAL? … – Feedback can be submitted to http://www.codeplex.com/secpal or directly to myself at jason.hogg@microsoft.comhttp://www.codeplex.com/secpaljason.hogg@microsoft.com Tell your colleagues – especially those responsible for planning your long-term security strategy!

22 Questions?

Download ppt "SecPAL*: A security policy language to support grid on demand Jason Hogg Program Manager Grid Security Advanced Technology Incubation."

Similar presentations

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.

Using PHINMS and Web-Services for Interoperability The findings and conclusions in this presentation are those of the author and do not necessarily represent.
LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (http://lead.ou.edu)

LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun. 2005 Ionut Constandache Daniel Olmedilla.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.
CLARIN AAI, Web Services Security Requirements

CLARIN AAI, Web Services Security Requirements
EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop 7.7.2011 London, UK.

EMI Development Plans for Identity Management Henri Mikkonen / HIP Moonshot, Grid and HPC Workshop London, UK.
A Unified Approach to Trust, Delegation, and Authorization Blair Dillaway, Greg Fee Microsoft Corporation Presented at GGF18 Copyright © 2006, Microsoft.

A Unified Approach to Trust, Delegation, and Authorization Blair Dillaway, Greg Fee Microsoft Corporation Presented at GGF18 Copyright © 2006, Microsoft.
High Performance Computing Course Notes 2007-2008 Grid Computing.

High Performance Computing Course Notes Grid Computing.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
T-110.5140 Network Application Frameworks and XML Service Federation 30.04.2007 Sasu Tarkoma.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.
 Amazon Web Services announced the launch of Cluster Compute Instances for Amazon EC2.  Which aims to provide high-bandwidth, low- latency instances.

 Amazon Web Services announced the launch of Cluster Compute Instances for Amazon EC2.  Which aims to provide high-bandwidth, low- latency instances.
Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.

Web Services Security Multimedia Information Engineering Lab. Yoon-Sik Yoo.
Certificate Management Using Distributed Trusted Third Parties Alexander W. Dent Joint work with Geraint Price.

Certificate Management Using Distributed Trusted Third Parties Alexander W. Dent Joint work with Geraint Price.
Copyright B. Wilkinson, 2008. This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.

Copyright B. Wilkinson, This material is the property of Professor Barry Wilkinson (UNC-Charlotte) and is for the sole and exclusive use of the students.
OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.

OpenID And the Future of Digital Identity Alicia Bozyk April 1, 2008.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

Similar presentations

Ads by Google