Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 GENI Operational Security GEC4 Stephen Schwab Miami, Florida.

Published byPhyllis Campbell Modified over 9 years ago

Similar presentations

Presentation on theme: "1 GENI Operational Security GEC4 Stephen Schwab Miami, Florida."— Presentation transcript:

1 1 GENI Operational Security GEC4 Stephen Schwab Miami, Florida

2 2 Operational Security GENI Control Frameworks – Are deploying now, or commencing operations within the next 6 months – In many cases already operate testbed component managers/aggregate managers – Will need guidance about how and when to align with GENI operational security concerns What does it mean for something to be part of GENI?

3 3 Security Architecture “Major Points” Explicit Trust Least Privilege Revocation Auditability and Accountability – All of the above address central security properties of GENI Infrastructure

4 4 Security Architecture Draft Spiral 1 Action Items list – Roots of Trust: GENI Control Frameworks with root or CA certificates – adopt posture to protect private keys Generate true self-signed super-root certificates, use to sign operational root certificates, backup and limit exposure of super-root private keys. May not be supported yet. Alternative is to have a way replace root or CA certificates – pre-plan for this change-over. – POCs and operational information Who are the system admins/super users? Register contact information for primary and alternate POCs with GPO. (Plan for registering/updating contact information when system admins change.) Super-users should have non-super-user identities and certificates for exercising GENI or doing regular work – Physical and Configuration Audits Identify list of and physical location of security relevant machines.

5 5 Security Architecture Draft Spiral 1 Action Items list – Source Code reviews Have someone other than the developers review the security relevant code in new control frameworks (should SPARTA staff be tasked to help, within available limits?) Not a formal process – slides and a talk on what the security source code does would be adequate – Emergency Shutdown procedures Not expected to be used, but if GENI substrate can support a shutdown or kill-switch mechanism, is there someone designated by GPO to grant this privilege to? For each cluster: identify if the cluster control framework or each individual GENI project has “emergency shutdown authority”, and who that individual will b – Draft Security Architecture for Review and Comments: groups.geni.net/geni/attachments/wiki/GENISecurity/ GENI-SEC-ARCH- 0.4.{doc,pdf}

6 6 User and Site Management Research User Management – Document how identities/credentials assigned for new users – Maintain list of users, GENI identities, real world contact information, privileges/slices/access rights Site testbed component monitoring – Plan/tools to monitor local activities – Coordination with Campus NOC

7 7 GENI Resource Usage Policy Are we setting the right usage policy out-of-the- gate? How should the usage policy be managed to evolve over time? – Can we gauge the risk of experiment activities each quarter and adjust as GENI grows or adds capabilities? What sanity checks do we need to see if we are over- or under- estimating the risks? – To each site/campus – To the Internet – To the GENI project’s reputation

Download ppt "1 GENI Operational Security GEC4 Stephen Schwab Miami, Florida."

Similar presentations

Www.geni.net1 1 Spiral 1 Requirements Demonstrate GENI Clearinghouse & control framework in Spiral 1 projects as a central GENI concept. Demonstrate End-to-end.

1 Spiral 1 Requirements Demonstrate GENI Clearinghouse & control framework in Spiral 1 projects as a central GENI concept. Demonstrate End-to-end.
RPKI Certificate Policy Status Update Stephen Kent.

RPKI Certificate Policy Status Update Stephen Kent.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services 704-814-0004.

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
A responsibility based model EDG CA Managers Meeting June 13, 2003.

A responsibility based model EDG CA Managers Meeting June 13, 2003.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Professional Behaviour

Professional Behaviour
Contractor Safety Management

Contractor Safety Management
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
SOX and IT Audit Programs John R. Robles Thursday, May 31, 2007 Tel: 787-647-396.

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.

Resource PKI: Certificate Policy & Certification Practice Statement Dr. Stephen Kent Chief Scientist - Information Security.
National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney

National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Similar presentations

Ads by Google