Presentation is loading. Please wait.

Presentation is loading. Please wait.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Similar presentations


Presentation on theme: "Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine."— Presentation transcript:

1 Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine

2 2 Grid Security Issues Grid Security Issues can be partitioned into three main categories - Architecture level; - Infrastructure level; - Management level. Architecture security issues are related to the whole architecture of the Grid. They are referred to: Information security - data confidentiality and integrity Authorization - resource level authorization Service - service level security issues Infrastructure security issues are related to network and host components, which constitute the grid infrastructure. These problems can be divided into the next sub- categories: Host level - data protection, job starvation, and host availability Network - access control, secure routing and multicasting Management Security issues are related to the next categories Credential management Trust management Monitoring

3 3 Grid Security Issues. General picture

4 4 Architecture Related Issues 1/2 Information security This kind of security related to the information exchanged between different hosts or between hosts and users –Existing solutions  Grid Security Infrastructure (GSI) defines Security Standards for Grid and based on a concept of the Virtual Organization (VO) –Secure Communication: Based on PKI; assuming the existence of authorized CA; X.509 certificates; and SSL/TLS protocols for data encryption –Integration with Kerberos  Kerberos is one of the most popular authentication systems used in enterprises  Current version of GSI does not support Kerberos-based interaction –but Kerberos gateway can provide a bridge with GSI gateway and vice versa

5 5 Architecture Related Issues 2/2 Authorization –Particularly important for systems, where the resources are shared between multiple departments or organizations –Existing Solutions  VO Level Components: centralized authorization systems for an entire VO –Examples: Community Authorization Service (CAS) Virtual Organization Membership Service (VOMS), and Enterprise Authorization and Licensing System (EALS)  Resource Level Components: implements the decision to authorize the access to a set of resources –Examples: Akenti, Privilege and Role Management Infrastructure Standards Validation (PERMIS), and the GridMap solution

6 6 Infrastructure Related Issues 1/1 Host and Network level Solutions provides data protection via  virtualization – VM deployment on the physical machine  sandboxing – mechanism which traps system calls and sandboxes the applications to prevent them from accessing data and memory based on certain policies  Access Control & Isolation: Adaptive Grid Firewalls (AGF)

7 7 Management Related Issues 1/3 Credential Management –becomes very important in a grid context as there are multiple different systems which require varied credentials to access them Solutions –Credential Repositories: to move the responsibilities of credential storage from the user to these systems; examples include smart cards, virtual smart cards, and MyProxy Online Credential Repository –Credential Federation Systems: used for managing credentials across multiple systems, domains, and realms; examples include VCMan (a specific solution for grid and Community Authorization Service (CAS)), KX.509 is a protocol which provides interoperability between X.509 and Kerberos systems

8 8 Management Related Issues 2/3 Trust Management –crucial in a dynamic grid scenario where grid nodes and users join and leave the system Existing Solutions –Reputation Based: based on trust metrics derived from local and global reputation of a system or an entity; examples include PeerTrust, XenoTrust, NICE, Secure Grid Outsourcing (SeGO) systems –Policy Based: different entities or components constituting the system, exchange and manage credentials to establish the trust relationships based on certain policies; examples include PeerTrust Trust Negotiation and TrustBuilder

9 9 Management Related Issues 3/3 Monitoring –Essential in grid scenarios primarily for two reasons  different organizations or departments can be charged based on their usage  resource related information can be logged for auditing or compliance purposes Existing Solutions –System Level: open source and popular system monitoring tools include Orca, Mon, Aide, Tripwire, etc. –Cluster Level: include Ganglia from University of Berkeley and Hawkeye from University of Wisconsin Madison –Grid Level: R-GMA, Globus Monitoring and Discovery Systems (MDS), Management of Adaptive Grid Infrastructure (MAGI), and GlueDomains

10 10 Conclusions Grid is the middleware, which supports different and up-to-date security mechanisms: -Uses the digital certificates (X.509 and KX.509 (Kerberos)) -Supports delegation of the rights based on proxy certificates -Supports different level security mechanisms -Gives the VO possibilities -Provides Single Sign On registration -Supports encryption on the transport or message level (TLS/MLS protocols) -Can use different realizations of third parties security components


Download ppt "Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine."

Similar presentations


Ads by Google