Download presentation
Presentation is loading. Please wait.
Published byAmbrose Hodges Modified over 9 years ago
1
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine
2
2 Grid Security Issues Grid Security Issues can be partitioned into three main categories - Architecture level; - Infrastructure level; - Management level. Architecture security issues are related to the whole architecture of the Grid. They are referred to: Information security - data confidentiality and integrity Authorization - resource level authorization Service - service level security issues Infrastructure security issues are related to network and host components, which constitute the grid infrastructure. These problems can be divided into the next sub- categories: Host level - data protection, job starvation, and host availability Network - access control, secure routing and multicasting Management Security issues are related to the next categories Credential management Trust management Monitoring
3
3 Grid Security Issues. General picture
4
4 Architecture Related Issues 1/2 Information security This kind of security related to the information exchanged between different hosts or between hosts and users –Existing solutions Grid Security Infrastructure (GSI) defines Security Standards for Grid and based on a concept of the Virtual Organization (VO) –Secure Communication: Based on PKI; assuming the existence of authorized CA; X.509 certificates; and SSL/TLS protocols for data encryption –Integration with Kerberos Kerberos is one of the most popular authentication systems used in enterprises Current version of GSI does not support Kerberos-based interaction –but Kerberos gateway can provide a bridge with GSI gateway and vice versa
5
5 Architecture Related Issues 2/2 Authorization –Particularly important for systems, where the resources are shared between multiple departments or organizations –Existing Solutions VO Level Components: centralized authorization systems for an entire VO –Examples: Community Authorization Service (CAS) Virtual Organization Membership Service (VOMS), and Enterprise Authorization and Licensing System (EALS) Resource Level Components: implements the decision to authorize the access to a set of resources –Examples: Akenti, Privilege and Role Management Infrastructure Standards Validation (PERMIS), and the GridMap solution
6
6 Infrastructure Related Issues 1/1 Host and Network level Solutions provides data protection via virtualization – VM deployment on the physical machine sandboxing – mechanism which traps system calls and sandboxes the applications to prevent them from accessing data and memory based on certain policies Access Control & Isolation: Adaptive Grid Firewalls (AGF)
7
7 Management Related Issues 1/3 Credential Management –becomes very important in a grid context as there are multiple different systems which require varied credentials to access them Solutions –Credential Repositories: to move the responsibilities of credential storage from the user to these systems; examples include smart cards, virtual smart cards, and MyProxy Online Credential Repository –Credential Federation Systems: used for managing credentials across multiple systems, domains, and realms; examples include VCMan (a specific solution for grid and Community Authorization Service (CAS)), KX.509 is a protocol which provides interoperability between X.509 and Kerberos systems
8
8 Management Related Issues 2/3 Trust Management –crucial in a dynamic grid scenario where grid nodes and users join and leave the system Existing Solutions –Reputation Based: based on trust metrics derived from local and global reputation of a system or an entity; examples include PeerTrust, XenoTrust, NICE, Secure Grid Outsourcing (SeGO) systems –Policy Based: different entities or components constituting the system, exchange and manage credentials to establish the trust relationships based on certain policies; examples include PeerTrust Trust Negotiation and TrustBuilder
9
9 Management Related Issues 3/3 Monitoring –Essential in grid scenarios primarily for two reasons different organizations or departments can be charged based on their usage resource related information can be logged for auditing or compliance purposes Existing Solutions –System Level: open source and popular system monitoring tools include Orca, Mon, Aide, Tripwire, etc. –Cluster Level: include Ganglia from University of Berkeley and Hawkeye from University of Wisconsin Madison –Grid Level: R-GMA, Globus Monitoring and Discovery Systems (MDS), Management of Adaptive Grid Infrastructure (MAGI), and GlueDomains
10
10 Conclusions Grid is the middleware, which supports different and up-to-date security mechanisms: -Uses the digital certificates (X.509 and KX.509 (Kerberos)) -Supports delegation of the rights based on proxy certificates -Supports different level security mechanisms -Gives the VO possibilities -Provides Single Sign On registration -Supports encryption on the transport or message level (TLS/MLS protocols) -Can use different realizations of third parties security components
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.