Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trust and Security for Next Generation Grids, www.gridtrust.eu Securing Grid-Based Supply Chains Marco Di Girolamo HP Italy Innovation Center, Italy On.

Published byHarry Colin Marsh Modified over 8 years ago

Similar presentations

Presentation on theme: "Trust and Security for Next Generation Grids, www.gridtrust.eu Securing Grid-Based Supply Chains Marco Di Girolamo HP Italy Innovation Center, Italy On."— Presentation transcript:

1 Trust and Security for Next Generation Grids, www.gridtrust.eu Securing Grid-Based Supply Chains Marco Di Girolamo HP Italy Innovation Center, Italy On behalf of the GridTrust Consortium EGEE Conference 2008, Business Track, Istanbul, September 23 rd, 2008

2 Trust and Security for Next Generation Grids, www.gridtrust.eu GridTrust Vision VOs operated over Service-Oriented Architectures VOs operated over Service-Oriented Architectures Trust handled through security and reputation management Trust handled through security and reputation management “Continuous Usage Control” concept permeating design and operation of VOs: “Continuous Usage Control” concept permeating design and operation of VOs:  Continuous Usage Control expressed at level of security requirements  VOs managed by policies derived from security requirements  Security policies enforced by means of GridTrust services  Reputation monitoring and dynamic update

3 Trust and Security for Next Generation Grids, www.gridtrust.eu GridTrust: Objectives and Expected Results General Objective: definition and management of security and trust in dynamic Virtual Organizations General Objective: definition and management of security and trust in dynamic Virtual Organizations  Improve Access Control – Authorization  Introduce usage control for Grids Expected results – “framework” composed of: Expected results – “framework” composed of:  Tools for reasoning about security at all levels of the NGG architecture  A reference security architecture for Grids  Including UCON authorization service, secure-aware broker, reputation management service, among others  An open source reference implementation of the architecture, validated by several innovative business scenarios. GRID Service Middleware Layer NGG Architecture GRID Application Layer GRID Foundation Middleware Layer Network Operating System GridTrust

4 Trust and Security for Next Generation Grids, www.gridtrust.eu Project Partners 5 countries 4 companies 3 research institutes 1 university Duration: 3 years (06/2006-05/2009) Global budget: 3 856 135 euros CETIC budget: 540 697 euros

5 Trust and Security for Next Generation Grids, www.gridtrust.eu A Grid-Based Transportation Supply Chain Scenario Scenario  Context is logistics services:  Moving customers’ goods from one place to another  Competitive driving factors:  Delivery time  Service price  Gap to bridge - transporter’s side :  Only big service providers can afford optimization tools (scale reasons)  Availability of optimization services could foster market competition (SME inclusion)  Gap to bridge - customer’s side:  Wanting to find the best transporter for each transportation task

6 Trust and Security for Next Generation Grids, www.gridtrust.eu The business case Solution pillars: Solution pillars:  Use of an auctioning system,  Exploit competition between transporters  Allow customers to find the best provider for each task  Use of route computing services,  Computational services providing maps and libraries to execute applications solving the logistic optimization problem  Enable small transporters to perform routing optimization  Hosted on GRID resources!

7 Trust and Security for Next Generation Grids, www.gridtrust.eu The business case – VO model The VBE model Association of organizations adhering to common operating principles and infrastructure Association of organizations adhering to common operating principles and infrastructure Main objective: participating in potential VOs. Main objective: participating in potential VOs. Organizations participating to a VO are selected from the VBE Organizations participating to a VO are selected from the VBE VBE Manager service provider provider user VBE VO Manager VO Owner VO

8 Trust and Security for Next Generation Grids, www.gridtrust.eu Auction based supply chain Fist-Price Sealed-Bid reverse auction model Fist-Price Sealed-Bid reverse auction model Producers (auction proponents) produce RfQs for transportation tasks Producers (auction proponents) produce RfQs for transportation tasks Transporters can recalculate routing exploiting routing computational services running on GRID resources Transporters can recalculate routing exploiting routing computational services running on GRID resources Offer selection based on customer requirements: time, price, transporter’s reputation Offer selection based on customer requirements: time, price, transporter’s reputation Producers create a Delivery VO (auction and delivery management) Producers create a Delivery VO (auction and delivery management) Transporters create Routing VOs to compute best routes for answering the auction Transporters create Routing VOs to compute best routes for answering the auction

9 Trust and Security for Next Generation Grids, www.gridtrust.eu Auction based supply chain

10 Trust and Security for Next Generation Grids, www.gridtrust.eu Computational problem overview Find a set of NV vehicle routes, originating from and terminating at the depot, such that Find a set of NV vehicle routes, originating from and terminating at the depot, such that  Each vehicle services one route  Each vertex v i i=1..N is visited only once  Quantity of goods on each vehicle never exceeds its capacity C  Start time of each route is >= r 0  End time of each route is <= d 0  Time of beginning of service at vertex i is >= r i (ready time)  If arrival time t i at vertex i is < r i then the vehicle waits for a waiting time w i = (r i - t i )  Time of ending of service at vertex i is <= d i (due date) VRPTW: Vehicle Routing Problem with Time Windows VRPTW: Vehicle Routing Problem with Time Windows Usually algorithms minimize NV and then the total distance TD Usually algorithms minimize NV and then the total distance TD

11 Trust and Security for Next Generation Grids, www.gridtrust.eu Securing the Grid-Based Supply Chain Objective Objective  Identify security challenges presented by Grid-based supply chain  Define security components helping to solve such challenges Methodology Methodology  Perform a security analysis to define security requirements for the application, using a goal-oriented requirements-engineering methodology  Identify and develop architecture components that could contribute to meet the main identified security challenges.  Evaluate how the architecture helps in solving security challenges

12 Trust and Security for Next Generation Grids, www.gridtrust.eu Security Issues in the Transportation Supply Chain Auction: Auction:  Secure identification of auction participants  Secrecy of offers at least until auction closure  Data integrity and non-repudiation of both offers and RfQs Routing services: Routing services:  Execution of unknown applications on behalf of potentially unknown or untrusted users  Need to prevent these applications from  performing bad actions  stealing valuable data  gaining unauthorized accesses  Reputation combined with security to increase trust  Transporters’ reputation measured based on their compliancy with global and local security policies defined for Grid resources

13 Trust and Security for Next Generation Grids, www.gridtrust.eu GridTrust Services Securing the Supply Chain Policy and Profile Manager Service VO Management Service Reputation Management Service Security-Aware Resource Broker Service UCON Service

14 Trust and Security for Next Generation Grids, www.gridtrust.eu VO Management Service The VO manager is responsible for setting up, operating and terminating the VO The VO membership manager service is responsible for managing the different members of the VO and their users The workflow management service is responsible for transforming job requests into workflows that are then managed The global VO policies apply to all VO members and describe their correct behaviour during the lifetime of the VO GRID Service Middleware Layer

15 Trust and Security for Next Generation Grids, www.gridtrust.eu Reputation Management Service Collect, distribute and aggregate feedbacks about entities' behaviour in a particular context in order to produce a rating about the entities Collect, distribute and aggregate feedbacks about entities' behaviour in a particular context in order to produce a rating about the entities  Entities could be either users, resources / services, service providers or VOs The reputation service is based on ideas of utility computing The reputation service is based on ideas of utility computing It can be used in both centralised and distributed settings It can be used in both centralised and distributed settings Using reputation with security Using reputation with security  Maintaining users’ reputation according to their usage of resources GRID Service Middleware Layer

16 Trust and Security for Next Generation Grids, www.gridtrust.eu Usage Control Service Enforcement of Usage Control policies at both VO level and computational (node) level Enforcement of Usage Control policies at both VO level and computational (node) level  Building Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) for POLPA and XACML languages Monitor the actions executed on behalf of the grid users and enforce a UCON security policy Monitor the actions executed on behalf of the grid users and enforce a UCON security policy  VO level  Global VO policies  Service level  The policy describes behaviour of the user in the local service invocation  Computational level  The policy consists of a highly detailed description of the correct behaviour of the application being executed  Only the applications whose behaviour is consistent with the security policy are executed on the computational resource GRID Service Middleware Layer GRID Foundation Middleware Layer

17 Trust and Security for Next Generation Grids, www.gridtrust.eu Secure–Aware Resource Broker Service Integrate access control with resource/service scheduling Integrate access control with resource/service scheduling Both resource owners and users define their resource access and usage policies Both resource owners and users define their resource access and usage policies  The resource broker schedules a user request only within the set of resources whose policies match the user credentials (and vice-versa) Support of UCON at VO level Support of UCON at VO level Scalability and efficiency Scalability and efficiency GRID Service Middleware Layer GRID Foundation Middleware Layer

18 Trust and Security for Next Generation Grids, www.gridtrust.eu Policy and Profile Manager Service The policy manager is responsible for managing policies at the global (VO level) and local levels (node level) The profile manager is responsible for managing profiles. Profiles allow users to specify personal default values GRID Service Middleware Layer GRID Foundation Middleware Layer

19 Trust and Security for Next Generation Grids, www.gridtrust.eu Conclusions Grid-based supply chains can be secured by associating them with trust and security management services Grid-based supply chains can be secured by associating them with trust and security management services The solution proposed, called GridTrust Security Framework (GSF), incorporates these services in a manner that is The solution proposed, called GridTrust Security Framework (GSF), incorporates these services in a manner that is  Interoperable: we are re-using an existing Grid infrastructure (Globus middleware)  Our system components are interoperable with other Globus- based components  Security-aware: the proposed design tackles security issues potentially arising in any Grid-based system  The security requirements were elicited using a requirements- engineering methodology that has been tailored for Grid systems

20 Trust and Security for Next Generation Grids, www.gridtrust.eu More Information Visit us at Visit us at http://www.gridtrust.eu Thanks!

Download ppt "Trust and Security for Next Generation Grids, www.gridtrust.eu Securing Grid-Based Supply Chains Marco Di Girolamo HP Italy Innovation Center, Italy On."

Similar presentations

The Next Generation Grid Kostas Tserpes, NTUA Beijing, 22 of June 2005.

The Next Generation Grid Kostas Tserpes, NTUA Beijing, 22 of June 2005.
Grids for Complex Problem Solving, 29 January 2003 Grid based collaborative working in large distributed organisations

Grids for Complex Problem Solving, 29 January 2003 Grid based collaborative working in large distributed organisations
Public B2B Exchanges and Support Services

Public B2B Exchanges and Support Services
GT 4 Security Goals & Plans Sam Meder

GT 4 Security Goals & Plans Sam Meder
Performance Testing - Kanwalpreet Singh.

Performance Testing - Kanwalpreet Singh.
ARGUGRID Use Case using Instrumentation Mary Grammatikou National Technical University of Athens OGF 2009, Catania.

ARGUGRID Use Case using Instrumentation Mary Grammatikou National Technical University of Athens OGF 2009, Catania.
An ecosystem for freight information services: the iCargo project

An ecosystem for freight information services: the iCargo project
The FI-WARE Project – Base Platform for Future Service Infrastructures FI-WARE MAY 2011 Presentation at proposers day.

The FI-WARE Project – Base Platform for Future Service Infrastructures FI-WARE MAY 2011 Presentation at proposers day.
Trust and Security for Next Generation Grids, www.gridtrust.eu Fine-grained Continuous Usage Control of Service based Grids – The GridTrust Approach Philippe.

Trust and Security for Next Generation Grids, Fine-grained Continuous Usage Control of Service based Grids – The GridTrust Approach Philippe.
1 st Review Meeting, Brussels 5/12/12 – Technical progress (P. Paganelli, Bluegreen) www.i-cargo.eu iCargo 1st Review Meeting Brussels 5/12/12 Technical.

1 st Review Meeting, Brussels 5/12/12 – Technical progress (P. Paganelli, Bluegreen) iCargo 1st Review Meeting Brussels 5/12/12 Technical.
SLA-Oriented Resource Provisioning for Cloud Computing

SLA-Oriented Resource Provisioning for Cloud Computing
Eugen Volk High Performance Computing Center – HLRS University Stuttgart AgroGrid Composition and Monitoring of dynamic Supply Chains.

Eugen Volk High Performance Computing Center – HLRS University Stuttgart AgroGrid Composition and Monitoring of dynamic Supply Chains.
ICT and Civil ProtectionSenigallia, 18-19 June 2007 A Service-Oriented Middleware for EU Civil Protection cooperation Regione Marche.

ICT and Civil ProtectionSenigallia, June 2007 A Service-Oriented Middleware for EU Civil Protection cooperation Regione Marche.
CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.

CoreGRID Workpackage 5 Virtual Institute on Grid Information and Monitoring Services Authorizing Grid Resource Access and Consumption Erik Elmroth, Michał.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Distributed Collaborations Using Network Mobile Agents Anand Tripathi, Tanvir Ahmed, Vineet Kakani and Shremattie Jaman Department of computer science.

Distributed Collaborations Using Network Mobile Agents Anand Tripathi, Tanvir Ahmed, Vineet Kakani and Shremattie Jaman Department of computer science.
New Challenges in Cloud Datacenter Monitoring and Management

New Challenges in Cloud Datacenter Monitoring and Management
WORKFLOWS IN CLOUD COMPUTING. CLOUD COMPUTING  Delivering applications or services in on-demand environment  Hundreds of thousands of users / applications.

WORKFLOWS IN CLOUD COMPUTING. CLOUD COMPUTING  Delivering applications or services in on-demand environment  Hundreds of thousands of users / applications.
Private Cloud: Application Transformation Business Priorities Presentation.

Private Cloud: Application Transformation Business Priorities Presentation.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Similar presentations

Ads by Google