Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 The GIDS project A Grid-based, federated Intrusion Detection System to secure the D-Grid.

Published byJasmine Graham Modified over 11 years ago

Similar presentations

Presentation on theme: "1 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 The GIDS project A Grid-based, federated Intrusion Detection System to secure the D-Grid."— Presentation transcript:

1 1 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 The GIDS project A Grid-based, federated Intrusion Detection System to secure the D-Grid infrastructure Nils gentschen Felde, Felix von Eye

2 2 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 The MNM Team Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften

3 3 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Grid-related projects (excerpt: @LMU) European projects –Deployment of Remote Instrumentation Infrastructure (DORII) –Open Grid Forum Europe (OGF-Europe) –European Grid Initiative (EGI) –EMANICS - Management Solutions for Next Generation Networks –g-Eclipse German projects –Horizontale Integration des Ressourcen- und Dienst-Monitoring im D-Grid (D-MON) –Authentication and Authorization Infrastructure for VO Management (AAI/VO) –Ein Grid-basiertes, föderiertes Intrusion Detection System zur Sicherung der D-Grid Infrastruktur (GIDS) Previous research projects –Interoperabilität und Integration der VO-Management Technologien im D-Grid (IVOM) –VO-Management im D-Grid –Monitoring und Accounting im D-Grid

4 4 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 44 Project overview Partners: Associated Partners: Start:01.07.2009 Duration:36 months Project leader:LRZ/LMU –mailto:felde@nm.ifi.lmu.demailto:felde@nm.ifi.lmu.de –www.grid-ids.dewww.grid-ids.de

5 5 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Usage scenario of Grids Intend Loose coupling of autonomous providers Hiding heterogeneity Functionalities Job-Scheduling Storage... Management User/VO-management Monitoring Accounting... Users grouped in Virtual Organizations (VO) With respect to scientific affiliation Not regarding real organizations any more Scientific environment Generous resource sharing Security management neglected Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C

6 6 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Security considerations in Grids Grid- Middleware Coupling resources Abstracted by middleware Collaborative use of distributed resources Security considerations Isolated view on domains Security is based on trustworthiness of resource providers Resource- provider A Resource- provider B Resource- provider D Resource- provider C FW IDS Uplink Admin Anti-Vir

7 7 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C Example: attack scenario Break-in at one site suffices Access to Grid-middleware Access to all resources! Example: –Compromised SSH private key, i.e. well-known SSL vulnerabilities –Grid-wide login attempts inter-organizational! –Only global event correlation yields success

8 8 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Goal State of the art –IDS for autonomous systems –Distributed IDS: always based on total trust –No concept of customers Now –Stepping towards a Grid-wide solution –Conception of an IDS for Grids (GIDS) First glance challenges –Inter-organizational system –Autonomous partners –Heterogeneity –GIDS as a service with user-specific views Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C

9 9 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Vision: GIDS as a federation Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C Intent: –New service in the Grid Surveying the Grid with respect to security Reporting thereof –Economical use of The service The Grid itself Idea: –Grid-wide consolidation of security-relevant data –Derivation of security reports

10 10 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Methodology Analysis Architecture design Prototypical implementation Evaluation Conclusion

11 11 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Analysis: Methodology Threat analysis –Attack goals and risks –Classification of possible attackers Attack patterns Origin of attack (positional and organizational) Types of attacks in Grids Use-case driven requirements analysis –User groups and customers –Information providers Requirements induced by Grids –Generic requirements –Cooperation patterns –Trust relationships Classes of requirements: Functional Non-functional Security requirements Organizational and privacy data protection Requirements related to detection capabilities

12 12 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Methodology Analysis Architecture design (work in progress) Prototypical implementation Evaluation Conclusion

13 13 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Architecture overview GIDS-/IDMEF-bus IDSGIDS-agentIDSGIDS-agent GIDS-operator GIDS GIDS-agent portal...... Resource- provider A Resource- provider X

14 14 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 IDSFW Resource-provider agent GIDS- DB … Admin store data in filtering data & reports aggregation/ correlation data & reports local (G)IDS- instance store reports in resporting to data & reports anonymization/ pseudonymization data & reports store data and reports in GIDS-agent GIDS-/IDMEF-bus

15 15 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Methodology Analysis Architecture design Prototypical implementation (work in progress) Evaluation Conclusion

16 16 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Example: Grid-wide event correlation Reminder –Break-in at one site is sufficient –Access to Grid-middleware Access to all resources! Example: –Compromised user account in context of a VO –VO may use selected resources Possibility of detection –Grid-wide event correlation –i.e. faulting login attempts Resource- provider C Resource- provider D Resource- provider B Resource- provider A Grid- Middleware

17 17 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Failing login attempts GIDS-/IDMEF-bus IDSGIDS-agentIDSGIDS-agent GIDS-operator GIDS GIDS-agent portal...... Resource- provider A Resource- provider X login- attempt 172.16.112.20 22 TCP... has VO-members SSH-private-key

18 18 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Exemplary Dataflow GIDS-/IDMEF-bus IDSGIDS-agentIDSGIDS-agent GIDS-operator GIDS GIDS-agent portal...... Resource- provider A Resource- provider X has VO-members SSH-private-key login- attempt

19 19 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 IDSFW Correlation agent GIDS- DB … Admin store data in filtering data & reports aggregation/ correlation data & reports local (G)IDS- instance store reports in resporting to data & reports anonymization/ pseudonymization data & reports store data and reports in GIDS-agent GIDS-/IDMEF-bus login- attempt correlation- alarm

20 20 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Methodology Analysis Architecture design Prototypical implementation Evaluation ( To be done!) Conclusion

21 21 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Methodology Analysis Architecture design Prototypical implementation Evaluation Conclusion

22 22 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Conclusion Challenge: Conception of an GIDS Proceeding: –Analysis: Threats, use cases, requirements induced by Grids –Design of a generic GIDS architecture –Development of privacy-protection concept –Prototype later: Production ready –Evaluation: Simulation und measurements in D-Grid Results: –Catalogue of criteria to evaluate IDS for their use in Grids –Generic GIDS architecture –Privacy-protection concept –GIDS in production for D-Grid

23 23 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Further research question Management aspects –Specification of processes as in e.g. ISO20000 or ITIL –Special challenges in inter-organizational environments Attack detection –Which analysis techniques are appropriate in Grids, which arent? –Implication of dynamics in Grids in regard to attack detection methods –Valuable use of additionally available information in Grids (e.g. (job-)monitoring or VO-management systems) Compliance –Enhancing the GIDS by making use of trust-level management data

24 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Thank you! Project details: www.grid-ids.de Contact: Nils gentschen Felde felde@nm.ifi.lmu.de 24

Download ppt "1 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 The GIDS project A Grid-based, federated Intrusion Detection System to secure the D-Grid."

Similar presentations

Towards Data Mining Without Information on Knowledge Structure

Towards Data Mining Without Information on Knowledge Structure
Bernard Casier Member Quality Audit Cell The Flemish Quality Audit System Brussels, 26 th June 2012.

Bernard Casier Member Quality Audit Cell The Flemish Quality Audit System Brussels, 26 th June 2012.
1 Towards an Open Service Framework for Cloud-based Knowledge Discovery Domenico Talia ICAR-CNR & UNIVERSITY OF CALABRIA, Italy Cloud.

1 Towards an Open Service Framework for Cloud-based Knowledge Discovery Domenico Talia ICAR-CNR & UNIVERSITY OF CALABRIA, Italy Cloud.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
ENHANCING ATTRACTIVENESS OF ENVIRONMENTAL ASSESSMENT AND MANAGEMENT HIGHER EDUCATION Seminar on Experiences in China and the EU Nankai University, Tianjin,

ENHANCING ATTRACTIVENESS OF ENVIRONMENTAL ASSESSMENT AND MANAGEMENT HIGHER EDUCATION Seminar on Experiences in China and the EU Nankai University, Tianjin,
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.

Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Trusted Query Network (TQN) A Novel Approach to Generating Information Security Data Vijay Vaishnavi Richard Baskerville Art Vandenberg Jack Zheng Department.

Trusted Query Network (TQN) A Novel Approach to Generating Information Security Data Vijay Vaishnavi Richard Baskerville Art Vandenberg Jack Zheng Department.
Chapter 1 Image Slides Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Chapter 1 Image Slides Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Lousy Introduction into SWITCHaai

Lousy Introduction into SWITCHaai
Multi Domain Monitoring NORDUnet 2008 Espoo, 2008-04-09 Jon Kåre Hellan, UNINETT R&D.

Multi Domain Monitoring NORDUnet 2008 Espoo, Jon Kåre Hellan, UNINETT R&D.
Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.

Systems Security Engineering An Updated Paradigm INCOSE Enchantment Chapter November 8, 2006 John W. Wirsbinski.
National Infrastructure – Citizen’s Account

National Infrastructure – Citizen’s Account
Document #07-12G 1 RXQ.11.4.1 Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.

Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
Document #07-12G 1 RXQ.11.4.1 Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.

Document #07-12G 1 RXQ Customer Enrollment Using a Registration Agent Process Flow Diagram (Switch) Customer Supplier Customer authorizes Enrollment.
SDI Business Phases and derived INSPIRE Horizontal Services Relates to INSPIRE DT Network Services, DT Sharing Relates to OGC GeoDRM WG, Price & Order.

SDI Business Phases and derived INSPIRE Horizontal Services Relates to INSPIRE DT Network Services, DT Sharing Relates to OGC GeoDRM WG, Price & Order.
Cultural Heritage in REGional NETworks REGNET Project Meeting Content Group 2002-06-24 - 2002-06-26.

Cultural Heritage in REGional NETworks REGNET Project Meeting Content Group
Cultural Heritage in REGional NETworks REGNET Technological Implementation Plan – D12.

Cultural Heritage in REGional NETworks REGNET Technological Implementation Plan – D12.
© 2006 Open Grid Forum Ellen Stokes, IBM Michel Drescher, Fujitsu Information Model, JSDL and XQuery: A proposed solution OGF-19 Chapel Hill, NC USA.

© 2006 Open Grid Forum Ellen Stokes, IBM Michel Drescher, Fujitsu Information Model, JSDL and XQuery: A proposed solution OGF-19 Chapel Hill, NC USA.

Similar presentations

Ads by Google