Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Groep Nikhef Amsterdam PDP & Grid Traceability in the face of Clouds EGI-GEANT Symposium – cloud security track With grateful thanks for the input.

Published byStuart Abner Collins Modified over 9 years ago

Similar presentations

Presentation on theme: "David Groep Nikhef Amsterdam PDP & Grid Traceability in the face of Clouds EGI-GEANT Symposium – cloud security track With grateful thanks for the input."— Presentation transcript:

1 David Groep Nikhef Amsterdam PDP & Grid Traceability in the face of Clouds EGI-GEANT Symposium – cloud security track With grateful thanks for the input from Romain Wartel, CERN and wLCG Sven Gabriel, Nikhef and EGI Ian Collier, STFC/RAL

2 David Groep Nikhef Amsterdam PDP & Grid wLCG experience Incidents happen on a regular basis, 10-12 per year Attacks continue to improve over the years ◦ More and more sophisticated  For example, Zeus (Windows botnet) used to steal HEP accounts  No easy or public mean to detect modern malware ◦ No longer a side-effect of being connected to the Internet  State-of-the-art malware used against WLCG  Attackers being arrested for attacking WLCG resources ◦ No reduction of the severity or # of incidents in the recent years  Yet most of them follow the same pattern  We have now built the necessary expertise and have experience Slide content courtesy Romain Wartel, CERN and wLCG

3 David Groep Nikhef Amsterdam PDP & Grid “Be able to answer the basic questions who, what, where, and when concerning any incident.” Prevent re-occurances of the incident Prevent a ‘waterbed effect’ in our federated infrastructure ‘in building our infrastructure to federate we also help miscreants spread through federated access – so we now also need rapid, coordinated, and federated response’ Larger federation  larger risk of (apparent) ‘insider actions’ The Traceability Premise

4 David Groep Nikhef Amsterdam PDP & Grid Record (‘who, what, when, where’) ◦ at minimum be able to identify the source of all actions (executables, file transfers, portal jobs) and the individual who initiated them ◦ traceability commensurate with scope of action and React ◦ sufficiently fine-grained controls, such as blocking the originating user and monitoring ◦ communicate controls information rapidly throughout the federation (resource centres, users, communities) and only then Recover ◦ understand the cause and to fix any problems before re-enabling access for the user Traceability for the HTC platform

5 David Groep Nikhef Amsterdam PDP & Grid A policy framework Number of security policies apply to participants: ◦ http://wlcg.web.cern.ch/security/computer-security http://wlcg.web.cern.ch/security/computer-security Important operational security: ◦ Security Incident Response Policy  https://edms.cern.ch/document/428035 https://edms.cern.ch/document/428035  “A security incident is the act of violating an explicit or implied security policy “  Report suspected incidents locally and to the infrastructure  “Perform appropriate investigations and forensics and share the results with the incident coordinator”  “Aim at preserving the privacy of involved participants and identities” ◦ Traceability and Logging Policy  https://edms.cern.ch/document/428037 https://documents.egi.eu/document/81 https://edms.cern.ch/document/428037 https://documents.egi.eu/document/81 Slide content courtesy Romain Wartel, CERN and wLCG

6 David Groep Nikhef Amsterdam PDP & Grid Idea: understand and prevent incidents* Requirements: ◦ Software MUST produce application logs:  Source of any action  Initiator of any action ◦ Logs MUST be collected centrally [resource centre] ◦ Logs MUST be kept 180 days Sites currently know what to do in order to be able to answer who, what, where & when Current EGI/wLCG Security Traceability and Logging Policy

7 David Groep Nikhef Amsterdam PDP & Grid Forensics & trace analysis capabilities scarce ◦ Mostly at the larger resource centres and with a few specialised institutes and individuals ◦ Logs and audit records needed for experts to work on ◦ Collaborate widely with the trusted community to maintain integrity of our ecosystem at large Capabilities

8 David Groep Nikhef Amsterdam PDP & Grid With new service classes (like IaaS clouds) our ‘attack surface’ increases ◦ Record?  we now need traceability capabilities for all access methods  with expertise for forensics and analysis ◦ React?  controlling access for suspected miscreants  both to the innards of the VM as well as to the ‘external controls’ (management interfaces, KVM console, networks, …) ◦ Recover?  different entities now responsible for the resolution  But re-enabling any service should wait for full resolution! Beyond the HTC platform offering

9 David Groep Nikhef Amsterdam PDP & Grid We cannot implement traceability in exactly the same way Sites can log observable behaviour ◦ VM launched at such and such a time ◦ Network connection to such and such an address at a certain time ◦ Etc. Sites can no longer see ◦ Credential used to run workload(s) inside VMs ◦ Detailed application logs from within past VMs CAN isolate running VMs for analysis ‘Sites’ can’t do it all Slide content courtesy Ian Collier, STFC/RAL

10 David Groep Nikhef Amsterdam PDP & Grid New territory VOs (research communities) will have to participate in incident response to provide the missing information. Are VOs going to maintain detailed central application logs and retain them? Could sites provide a central syslog service for VMs run at their site? ◦ But that would not help for public cloud work ◦ Perhaps just for some nodes Many more issues and questions Slide content courtesy Ian Collier, STFC/RAL

11 David Groep Nikhef Amsterdam PDP & Grid wLCG already faced distributed responsibility Distributed traceability in practice? End User Community overlay services Resource Centre 1 Resource Centre II Resource Centre III Overlay prepositioned jobs (“container”) Request VO service to execute their task Preplaced container retrieves user payload

12 David Groep Nikhef Amsterdam PDP & Grid For a test, a fake-malicious user payload was submitted through community container portal … Common & multiple-use containers made tracing impossible for the VO – and the VO-CSIRT existed (unique!) and was involved After a week (!) the intruder was not yet found Remarkable resources would have be needed for a proper response Retention times for needed logs are to short (<30 days). “It would have taken O(1 week) to scan all input sources for the offending code” Exercising traceability Slide content inspired by Sven Gabriel, Nikhef

13 David Groep Nikhef Amsterdam PDP & Grid Next steps We need to address this before workflows become too firmly established. ◦ Easier to build in early than to add on afterwards ◦ Traceability requires specific design at every level Working group (sites, communities, and users) ◦ Test different approaches to filling traceability gaps ◦ Update guidelines ◦ Disseminate ◦ Exercise the system – with planned and unscheduled challenges Slide content inspired by Ian Collier, STFC/RAL

Download ppt "David Groep Nikhef Amsterdam PDP & Grid Traceability in the face of Clouds EGI-GEANT Symposium – cloud security track With grateful thanks for the input."

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
EGI-InSPIRE RI-261323 EGI-InSPIRE EGI-InSPIRE RI-261323 AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI AAI in EGI Status and Evolution Peter Solagna Senior Operations Manager
Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.

Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
WLCG Cloud Traceability Working Group progress Ian Collier Pre-GDB Amsterdam 10th March 2015.

WLCG Cloud Traceability Working Group progress Ian Collier Pre-GDB Amsterdam 10th March 2015.
Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:

Chapter 1  Introduction 1 Overview  What is a secure computer system?  Concerns of a secure system o Data: Privacy, Integrity, Availability o Users:
SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.

SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.

WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
Website Hardening HUIT IT Security | Sep 30 2011.

Website Hardening HUIT IT Security | Sep
LHC Experiment Dashboard Main areas covered by the Experiment Dashboard: Data processing monitoring (job monitoring) Data transfer monitoring Site/service.

LHC Experiment Dashboard Main areas covered by the Experiment Dashboard: Data processing monitoring (job monitoring) Data transfer monitoring Site/service.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
INFSO-RI-508833 Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes

INFSO-RI Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes
Www.egi.eu EGI-InSPIRE RI-261323 www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE EGI services for the long tail of science Peter Solagna Senior Operations.

EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE EGI services for the long tail of science Peter Solagna Senior Operations.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper

Cloud Use Cases, Required Standards, and Roadmaps Excerpts From Cloud Computing Use Cases White Paper
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

Similar presentations

Ads by Google