Download presentation
Presentation is loading. Please wait.
Published byJasmine Graham Modified over 11 years ago
1
1 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 The GIDS project A Grid-based, federated Intrusion Detection System to secure the D-Grid infrastructure Nils gentschen Felde, Felix von Eye
2
2 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 The MNM Team Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften
3
3 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Grid-related projects (excerpt: @LMU) European projects –Deployment of Remote Instrumentation Infrastructure (DORII) –Open Grid Forum Europe (OGF-Europe) –European Grid Initiative (EGI) –EMANICS - Management Solutions for Next Generation Networks –g-Eclipse German projects –Horizontale Integration des Ressourcen- und Dienst-Monitoring im D-Grid (D-MON) –Authentication and Authorization Infrastructure for VO Management (AAI/VO) –Ein Grid-basiertes, föderiertes Intrusion Detection System zur Sicherung der D-Grid Infrastruktur (GIDS) Previous research projects –Interoperabilität und Integration der VO-Management Technologien im D-Grid (IVOM) –VO-Management im D-Grid –Monitoring und Accounting im D-Grid
4
4 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 44 Project overview Partners: Associated Partners: Start:01.07.2009 Duration:36 months Project leader:LRZ/LMU –mailto:felde@nm.ifi.lmu.demailto:felde@nm.ifi.lmu.de –www.grid-ids.dewww.grid-ids.de
5
5 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Usage scenario of Grids Intend Loose coupling of autonomous providers Hiding heterogeneity Functionalities Job-Scheduling Storage... Management User/VO-management Monitoring Accounting... Users grouped in Virtual Organizations (VO) With respect to scientific affiliation Not regarding real organizations any more Scientific environment Generous resource sharing Security management neglected Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C
6
6 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Security considerations in Grids Grid- Middleware Coupling resources Abstracted by middleware Collaborative use of distributed resources Security considerations Isolated view on domains Security is based on trustworthiness of resource providers Resource- provider A Resource- provider B Resource- provider D Resource- provider C FW IDS Uplink Admin Anti-Vir
7
7 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C Example: attack scenario Break-in at one site suffices Access to Grid-middleware Access to all resources! Example: –Compromised SSH private key, i.e. well-known SSL vulnerabilities –Grid-wide login attempts inter-organizational! –Only global event correlation yields success
8
8 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Goal State of the art –IDS for autonomous systems –Distributed IDS: always based on total trust –No concept of customers Now –Stepping towards a Grid-wide solution –Conception of an IDS for Grids (GIDS) First glance challenges –Inter-organizational system –Autonomous partners –Heterogeneity –GIDS as a service with user-specific views Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C
9
9 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Vision: GIDS as a federation Grid- Middleware Resource- provider A Resource- provider B Resource- provider D Resource- provider C Intent: –New service in the Grid Surveying the Grid with respect to security Reporting thereof –Economical use of The service The Grid itself Idea: –Grid-wide consolidation of security-relevant data –Derivation of security reports
10
10 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Methodology Analysis Architecture design Prototypical implementation Evaluation Conclusion
11
11 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Analysis: Methodology Threat analysis –Attack goals and risks –Classification of possible attackers Attack patterns Origin of attack (positional and organizational) Types of attacks in Grids Use-case driven requirements analysis –User groups and customers –Information providers Requirements induced by Grids –Generic requirements –Cooperation patterns –Trust relationships Classes of requirements: Functional Non-functional Security requirements Organizational and privacy data protection Requirements related to detection capabilities
12
12 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Methodology Analysis Architecture design (work in progress) Prototypical implementation Evaluation Conclusion
13
13 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Architecture overview GIDS-/IDMEF-bus IDSGIDS-agentIDSGIDS-agent GIDS-operator GIDS GIDS-agent portal...... Resource- provider A Resource- provider X
14
14 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 IDSFW Resource-provider agent GIDS- DB … Admin store data in filtering data & reports aggregation/ correlation data & reports local (G)IDS- instance store reports in resporting to data & reports anonymization/ pseudonymization data & reports store data and reports in GIDS-agent GIDS-/IDMEF-bus
15
15 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Methodology Analysis Architecture design Prototypical implementation (work in progress) Evaluation Conclusion
16
16 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Example: Grid-wide event correlation Reminder –Break-in at one site is sufficient –Access to Grid-middleware Access to all resources! Example: –Compromised user account in context of a VO –VO may use selected resources Possibility of detection –Grid-wide event correlation –i.e. faulting login attempts Resource- provider C Resource- provider D Resource- provider B Resource- provider A Grid- Middleware
17
17 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Failing login attempts GIDS-/IDMEF-bus IDSGIDS-agentIDSGIDS-agent GIDS-operator GIDS GIDS-agent portal...... Resource- provider A Resource- provider X login- attempt 172.16.112.20 22 TCP... has VO-members SSH-private-key
18
18 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Exemplary Dataflow GIDS-/IDMEF-bus IDSGIDS-agentIDSGIDS-agent GIDS-operator GIDS GIDS-agent portal...... Resource- provider A Resource- provider X has VO-members SSH-private-key login- attempt
19
19 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 IDSFW Correlation agent GIDS- DB … Admin store data in filtering data & reports aggregation/ correlation data & reports local (G)IDS- instance store reports in resporting to data & reports anonymization/ pseudonymization data & reports store data and reports in GIDS-agent GIDS-/IDMEF-bus login- attempt correlation- alarm
20
20 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Methodology Analysis Architecture design Prototypical implementation Evaluation ( To be done!) Conclusion
21
21 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Methodology Analysis Architecture design Prototypical implementation Evaluation Conclusion
22
22 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Conclusion Challenge: Conception of an GIDS Proceeding: –Analysis: Threats, use cases, requirements induced by Grids –Design of a generic GIDS architecture –Development of privacy-protection concept –Prototype later: Production ready –Evaluation: Simulation und measurements in D-Grid Results: –Catalogue of criteria to evaluate IDS for their use in Grids –Generic GIDS architecture –Privacy-protection concept –GIDS in production for D-Grid
23
23 Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Further research question Management aspects –Specification of processes as in e.g. ISO20000 or ITIL –Special challenges in inter-organizational environments Attack detection –Which analysis techniques are appropriate in Grids, which arent? –Implication of dynamics in Grids in regard to attack detection methods –Valuable use of additionally available information in Grids (e.g. (job-)monitoring or VO-management systems) Compliance –Enhancing the GIDS by making use of trust-level management data
24
Nils gentschen Felde & Felix von EyeOGF28 München, 16.03.2010 Thank you! Project details: www.grid-ids.de Contact: Nils gentschen Felde felde@nm.ifi.lmu.de 24
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.