Download presentation
Presentation is loading. Please wait.
Published byEvan Harris Modified over 9 years ago
1
Active Security Infrastructure Stuart Kenny Trinity College Dublin
2
Active Security Building on concepts investigated during CrossGrid project (2002-2005) and Int.Eu.Grid (2006-2008) Existing Grid security activities focused on prevention –Authentication, authorization Active security focused on –Detection –Reaction 3 components –Security monitoring –Alert Analysis –Control Engine
3
Active Security Infrastructure
4
Security Monitoring (Site Level) Monitors state of security of a site Reports detected security events to security alert archive Monitoring performed by ‘R-GMA enabled’ security tools –Snort –Prelude-LML –Rkhunter Extensible –Easy inclusion of additional tools, e.g., Tripwire
5
Alert Analysis (Management Level) Filter and analyse alerts contained in alert archive –Detect patterns that signify attempted attack Attempts to join alerts into high-level attack scenarios Output –Correlated high-priority Grid alert –New Grid policy Define actions to be taken in response to security event Extensible –Define additional ‘attack scenarios’ and base policies
6
Control Engine (Site Level) Input: –Grid policies generated by analysis component Site Policy Decision Point –Evaluates requests for guidance from service agents –Decision based on applicable policies Decision contains action to be taken to mitigate risk of possible security incident Extensible –Provision of service agents or plug-ins Pull
7
Control Engine (Site Level) Active Plug-in –Simple plug-in interface –Plug-ins invoked on policy update –Evaluate plug-in request against updated policy set –User defined code handles response and enforces obligations Grid-Ireland example –Grid4C iptables management endpoint –Dynamic host blocking Push
8
Grid-Ireland Deployment Grid-Ireland Gateway –Point-of-presence at 18 institutions –Homogenous set of hardware and software –Centrally managed by Grid Operations Centre (OpsCentre) at TCD ASI deployment –Security monitoring installed on gateways at 10 of 18 sites –Analysis component hosted at OpsCentre –Continuously monitoring infrastructure since June 2008
9
Grid-Ireland Deployment
11
Analyzer Scenarios: Job Monitoring Scenario models attack as series of state changes –Models states job passes through once submitted to a site –State changes triggered by published alerts Prelude LML and PBS scripts –Can be used as basis for ‘higher-level’ scenarios E.g., job executing restricted command
12
Analyzer Scenarios: Job Monitoring
15
Future Work Correlation –Prelude correlation engine LUA rules based Messaging –ActiveMQ Additional scenarios Control Engine –Implement agents and deploy
16
Questions?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.