Presentation is loading. Please wait.

Presentation is loading. Please wait.

MyGrid Security Issues Simon Miles University of Southampton.

Published bySavannah O'Connell Modified over 10 years ago

Similar presentations

Presentation on theme: "MyGrid Security Issues Simon Miles University of Southampton."— Presentation transcript:

1 myGrid Security Issues Simon Miles University of Southampton

2 Sources of Security Requirements Service Providers Data Storage Providers Provenance Models

3 Service Providers - Authentication Currently Free and anonymous services No authentication Organisation-level auditing Future Plans User-level authentication (PKI) for update of databases, signed 3 rd party annotation, embargoed data access, pay-per-view… Social problems: co-authors, in-organisation data use

4 Service Providers - Authorisation Used for scheduling - provider gives a ticket to be used later Notifications sent indicating that jobs are complete should be sent securely Auditing of unauthorised access, 3rd party databases, job prioritisation Users concerned about SP security - prefer to download database Encryption: false sense of security

5 Data Storage Providers Authentication (integrate for single sign-on) Authorisation Granularity of access to database records (researcher: record, manager: table etc.) Actions: read, write, delete, update Role-Based Access Control: roles based on user group types Anonymous provenance logs (hidden through database views?) - company/country dependent Auditing

6 Provenance Early stage – largely undefined scenarios Unclear what level of security is desired Anonymous record of activity occurring (still requires some identification to retrieve) Activity recorded for re-enactment Activity recorded for publishing or legal proof Quality of service for provenance recording, including security level Right to delete, different party provenance for non-repudiation (ownership?)

7 Provenance – Use Case User enacts process using Workflow Enactment Engine The WEE dynamically discovers services using UDDI In order to generate provenance logs, user identity revealed How can user ensure privacy is safeguarded in this model?

8 Proxies In general, services such as the WEE will be interacting, on behalf of clients, with dynamically discovered services Dynamically discovered services are not known about at deployment time so how to authenticate service with user? GSI proxy certificates inadequate due to possibility of compromise

Download ppt "MyGrid Security Issues Simon Miles University of Southampton."

Similar presentations

Managing Service-Oriented Architectures Jim Bole VP Professional Services Infravio, Inc. 408-861-3003 June 7,

Managing Service-Oriented Architectures Jim Bole VP Professional Services Infravio, Inc June 7,
HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.

HCQ P MEDICARES HEALTH CARE QUALITY IMPROVEMENT PROGRAM QualityNet Exchange Dennis Stricker Director, Information Systems Group Office of Clinical Standards.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Abstraction Layers Why do we need them? –Protection against change Where in the hourglass do we put them? –Computer Scientist perspective Expose low-level.

Abstraction Layers Why do we need them? –Protection against change Where in the hourglass do we put them? –Computer Scientist perspective Expose low-level.
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
VO Support and directions in OMII-UK Steven Newhouse, Director.

VO Support and directions in OMII-UK Steven Newhouse, Director.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
-Gunjandeep Singh Khera. C1India (security Features) Digital Signature: The solution includes capturing Digital Signature Authorized and certified by.

-Gunjandeep Singh Khera. C1India (security Features) Digital Signature: The solution includes capturing Digital Signature Authorized and certified by.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Why provenance needs its own security model Uri Braun PASS Team Harvard University Workshop on Principles of Provenance November 19-20, ‘07.

Why provenance needs its own security model Uri Braun PASS Team Harvard University Workshop on Principles of Provenance November 19-20, ‘07.
The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.

The Community Authorisation Service – CAS Dr Steven Newhouse Technical Director London e-Science Centre Department of Computing, Imperial College London.
Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.

Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.
Security NeSC Training Team International Summer School for Grid Computing, Vico Equense, 10 - 22.6.2005.

Security NeSC Training Team International Summer School for Grid Computing, Vico Equense,
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.

INFSO-RI Enabling Grids for E-sciencE Security, Authorisation and Authentication Mike Mineter Training, Outreach and Education National.
Information Security of Embedded Systems 3.2.2010: Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.

1 Network Management and SNMP  What is Network Management?  ISO Network Management Model (FCAPS)  Network Management Architecture  SNMPv1 and SNMPv2.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.

Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Content TCD’s past experience with portals Plans for WS-Pgrade and SCI-BUS – Integration with HELIO to build a portal for the Heliophysics community –

Content TCD’s past experience with portals Plans for WS-Pgrade and SCI-BUS – Integration with HELIO to build a portal for the Heliophysics community –

Similar presentations

Ads by Google