Objectives :
description
Transcript of Objectives :
![Page 1: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/1.jpg)
Overview of Security Standards in the Grid
CSE 225High Performance
andComputational Grids
Spring 2000
Prepared [email protected]
![Page 2: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/2.jpg)
Objectives:
• Gain familiarity with computer and network security standards.
• Gain understanding of security requirements in Grid environments.
• Gain understanding of some standards based security technologies present in Grid environments.
• Learn about various Grid security models and system approaches to security.
• Learn about some test bed implementations of security enabled Grid projects.
![Page 3: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/3.jpg)
Technology Standards SSH PGP
SSL X.509 PKI Kerberos DCE IPSec VPN
Security Requirements
Authentication
Authorization
Assurance
Accounting
Audit
Integrity
Confidentiality
![Page 4: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/4.jpg)
SD
Sunmicrosystem
Sun E10K
vBns Abilene CommodityInternet
Calren198.32.248.0
UNIVERSITYUNIVERSITY
UNIVERSITY
UNIVERSITY
Virtual ULegion UCondor Flock U
S D
Sunmicrosystem
Sun E10K
Globus U
UNIVERSITY
SD
Sun SPARCcluster 1
Sun
SPARCclassicSun
Sun
SPARCclassicSun
Sun
SPARCclassicSun
Sun
SPARCclass icSun
Sun
SPARCclassicSun
Sun
SPARCclass icSun
Sun
SPARCclass icSun
Sun
SPARCclass icSun
Sun
SPARCclass icSun
Sun
SPARCclass icSun
Sun
SPARCclass icSun
Sun
SPARCclass icSun
SD
Sun SPARCcluster 1
SD
Sunmicrosystem
Sun E10K
S D
Sunmicrosystem
Sun E10K
Grid U
From Grid U's policy perspective, what are the securityrequirements of Condor, Legion, Globus, and the commodityInternet?
![Page 5: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/5.jpg)
Security Domains
• Intradomain - internal to a given location or single organization. Contained security boundary.
• Interdomain - encompasses two or more locations or organizations. Agreed on security boundaries and protocols between organizations.
![Page 6: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/6.jpg)
Security - The Protection of Assets
• Prevention: take measure that protect your assets from damage
• Detection: take measures that allow you to detect when an asset has been damaged, and who caused the damage.
• Reaction: take measures that allow you to recover your assets or recover from damage to your assets.
![Page 7: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/7.jpg)
Computer Security
• Confidentiality: prevention of unauthorized disclosure of information.
• Integrity: prevention of unauthorized withholding of information.
• Availability: prevention of unauthorized withholding of information or resources.
![Page 8: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/8.jpg)
Network Security (1)
• Trusted Networks• Identification and Authentication• Discretionary Access Control• Labels and Mandatory Access Control• Audit
![Page 9: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/9.jpg)
Technology - Cryptography
• DES (Data Encryption Standard)• DSA (Digital Signature Algorithm)• RSA (Rivest, Shamir, and Adelman)• Blowfish• IDEA (International Data Encryption Algorithm)• AES (Advanced Encryption Standard)
![Page 10: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/10.jpg)
Technology - SSH (1)
• SSH is a packet-based binary protocol that implements a transport layer security mechanism.
• Encompasses authentication, key exchange, encryption, and integrity.
• TCP/IP is used as the transport usually• Basically an end to end encrypted tunnel• SSH logins the most prevalent between domains.
![Page 11: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/11.jpg)
Technology - SSH (2)
![Page 12: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/12.jpg)
Technology - PGP
• Pretty Good Privacy• Public Domain• Popular for email and email of files• PGP user builds key ring of all public keys he has
been given.• When message of file received from contact, can
decrypt if key is on key ring
![Page 13: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/13.jpg)
Shortcomings of PGP in distributed systems
• Reasonable basis for key management among friends, but once it passes the bounds of direct friends, the credibility becomes strained.
• Example– Carol’s key is P1 signed with P2– Alice’s key is P2 signed with P4– Carol’s key is P1 signed with P5
• What is the last certificate said Carol’s key is P3 signed with P5?
![Page 14: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/14.jpg)
Kerberos (1)
• Supports authentication in distributed systems.• Used for authentication between intelligent
processes, client to server tasks or workstation to other hosts.
• Basis of Kerberos is central server that provides authenticated tokens, called tickets.
![Page 15: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/15.jpg)
Kerberos (2)Initiating Kerberos Session
UserU Ticket
GrantingServer
Session KeySg
Ticket Tg
SessionKey Sg
KerberosServer
Encrypted under password
1
2U's
Idenity
Encrytped Under KS-TGSKey
2
![Page 16: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/16.jpg)
Kerberos (3)Obtaining a ticket to access file
UserU
TicketGrantingServer
Ticket to FileServer to Access
File F +Sf
Request toaccess File F1
2
Encrypted Under TGS-F Key +Sf
![Page 17: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/17.jpg)
Kerberos (4)Strengths
• No password communicated on the network.• Cryptographic protection against spoofing.• Limited period of validity• Time stamps to prevent replay attacks• Mutual authentication
![Page 18: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/18.jpg)
Kerberos (5)Shortcomings in distributed systems
• Requires continuous availability of a trusted ticket granting service.
• Authenticity of servers requires a trusted relationship between the ticket granting server and every server.
• Requires timely transactions.• Subverted workstation can save and later replay user
passwords.• Does not scale well.
![Page 19: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/19.jpg)
Public Key Infrastructure (1)
• PKI: consists of software and procedures put in place by an organization
• Supports the use of Public Keys for authentication and identifying users, services, and confirming digital signatures.
• Public keys usually conform to the X.509 standard for certificates, and usually are based on the RSA public/private key encryption algorithm
![Page 20: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/20.jpg)
Public Key Infrastructure (2)Goals
• Application enabler • Secure Sign-On
– Secure “Single” Sign Security• End-User Transparency• Comprehensive Security
![Page 21: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/21.jpg)
Public Key Infrastructure (3)Components and Services
• Certification Authority• Certificate repository• Certificate Revocation• Key backup and recovery• Automatic key update• Key history management• Cross-certification• Support for non-repudiation• Time stamping• Client software
![Page 22: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/22.jpg)
Public Key Infrastructure (4)Current Standards Activities
• X.509• PKIX• X.500• LDAP• S/MIME• IPsec• TLS
![Page 23: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/23.jpg)
Section Break
• Security in Legion and Globus
![Page 24: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/24.jpg)
Security in Legion (1)Design Principals
• 1- As in the Hippocratic Oath, do no harm!
• 2- Caveat emptor - let the buyer beware.
• 3- Small is beautiful.
![Page 25: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/25.jpg)
Security in LegionStandards
• X.509 ?
• Keberos ?
![Page 26: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/26.jpg)
Security in LegionLegion Security Model
![Page 27: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/27.jpg)
Security in Legion (2)Basic Concepts
• Every object provides certain known member functions - MayI, CanI, Iam, and Delegate. (Can be defaulted to NIL.)
• Two objects associated with each operation: a responsible agent (RA) and a calling agent (CA)
• Every invocation of member function is performed in the context of a certificate which contains the Legion Object ID. Certificate digitally signed by maker
![Page 28: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/28.jpg)
Security in Legion
![Page 29: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/29.jpg)
Security in Legion
• Legion users responsible for own security.• Object might trust that the CA is correct.• Policies defined by objects themselves.• Every class defines a special member function, MayI. • MayI defines the security objects for a class.• Every member function invocation permitted only if
MayI sanctions it.
![Page 30: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/30.jpg)
Security in LegionAutomatic invocation of outgoing calls
![Page 31: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/31.jpg)
Security in Legion
• Authentication aided by use of Legion certificates - based on public-key cryptography by default. Must know private key to authenticate.
• MayI functions can code their own authentication protocols
• Every Legion object required to supply special member function Iam for authentication purposes.
![Page 32: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/32.jpg)
Security in Legion
• Login establishes user identity and creates responsibility agent for user.
• Login is building block for authentication and delegation.
• Object can delegate new certificate to delegate rights.
• Delegation policy defined by object.
![Page 33: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/33.jpg)
Security in LegionFuture Work
• Legion does not specify any particular encryption. Future standardization?
• Legion eschews distinguished trusted objects - centralized key management server
• Composition of a security policy
![Page 34: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/34.jpg)
Security in Globus (1)Standards
• Standards subscribed to:– Generic Security Services (GSS) RFC 2078– Secure Socket Layer (SSL)
• [SSleay]
– Public Key Cryptography based on X.509 certificates
– Kerberos
![Page 35: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/35.jpg)
Security in Globus (2)
![Page 36: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/36.jpg)
Security in Globus (3)Security Requirements
• Single sign-on• Protection of credentials• Interoperability with local security solutions• Exportability• Uniform credentials/certification infrastructure• Support for secure group communication• Support for multiple implementations
![Page 37: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/37.jpg)
Layered ArchitectureApplications
Core ServicesMetacomputing
Directory Service
GRAMGlobus Security Interface
Heartbeat Monitor
Nexus
Gloperf
Local ServicesLSF
Condor MPI
NQEEasy
TCP
SolarisIrixAIX
UDP
High-level Services and ToolsDUROC globusrunMPI Nimrod/GMPI-IO CC++
GlobusView Testbed Status
GASS
![Page 38: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/38.jpg)
Security in Globus (4)
• assumes grid consists of multiple trust domains • assumes resource pool and user population are large
and dynamic • interoperate with local security solutions - local
security policies differ • authentication exportable - cannot directly or
indirectly require use of bulk privacy
![Page 39: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/39.jpg)
Security in Globus (5)
• uniform credentials/certification - a user will be associated differently with site it has access to single logon - number of processes used in a computation will be dynamic access control
![Page 40: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/40.jpg)
Security in Globus (8)
![Page 41: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/41.jpg)
Security in Globus (6)Grid Security Infrastructure
• GSI provides authentication and data integrity (data signing, not encryption) services for Unix and Windows client/server programs
• Can utilize an X.509 PKI• GSI library is layered on top of the SSLeay• Performs the X.509 certificate handling and SSL
protocol.
![Page 42: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/42.jpg)
Single sign-onvia “grid-id”
User
User Proxy
GlobusGlobusCredentialCredential
Site 1
Kerberos
GRAM Process
Process
ProcessGSI
TicketTicket
Site 2
Public Key
GRAM
GSI
CertificateCertificate
Process
Process
Process
Authenticatedinterprocess
communication
CREDENTIAL
GSSAPI:multiplelow-level
mechanisms
Mutualuser-resourceauthentication
Mappingto local ids
Assignment of credentials to“user proxies”
![Page 43: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/43.jpg)
Security in Globus (7)
![Page 44: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/44.jpg)
Technology Standards SSH PGP
SSL X.509 PKI Kerberos DCE IPSec VPN
Security Requirements
Authentication x x x x x x
Authorization x x x x x x x
Assurance x x x x x x
Accounting x x
Audit x x
Integrity x x x x x x
Confidentiality x x x x x x x
![Page 45: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/45.jpg)
Summary
• Computer security is machine access centric• Network security is network access centric• Grid security is application centric• Inter-domain communications based upon common
security standards such as PKI.• Metacomputing approach that embrace security
standards will be more widely adopted.
![Page 46: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/46.jpg)
Sources:
Clifford NeumanSecurity, Accounting, AssuranceChapter 16The Grid: Blueprint for a Future Computing Infrastructure
R. Butler, D. Engert, I. Foster, C. Kesselman, S. Tuecke, J . Volmer, V. WelchDesign and Deployment of a National-Scale Authentication Infrastructurehttp://www.globus.org/documentation/incoming/gsi-deploy.pdf
PKI/GSI: NPACI's Public Key Infrastructure/Grid Security InfrastructureAn interview with SDSC's Wayne SchroederNPACI OnlineVolume IV Issue 5 - March 8, 2000http://www.npaci.edu/online/v4.5/pki-gsi.html
I. Foster, C. Kesselman, G. Tsudik, S. TueckeA Security Architecture for Computational Grids1) ftp://ftp.globus.org/pub/globus/papers/security.pdf
![Page 47: Objectives :](https://reader035.fdocuments.in/reader035/viewer/2022062521/56814bf2550346895db8dc4f/html5/thumbnails/47.jpg)
Computer Security BasicsDeborah Russell and G.T Gangemi Sr.
Security in ComputingCharles P. Pfleeger
Network SecurityCharlie Kaufman, Radia Perlman, Mike Speciner
Computer SecurityDieter Gollmann
Understanding Public-Key InfrastructureConcepts, Standards, and Deployment ConsiderationsCarlisle AdamsSteve Lloyd
Globus Security Infrastructure (GSI)http://www.globus.org/security/
A Security Architecture for Computational GridsI. Foster, C. Kesselman, G. Tsudik, S. Tuecke, Proc. 5th ACM Conference onComputer and Communications Security Conferenceftp://ftp.globus.org/pub/globus/papers/security.pdf
GSSAPI SSLEAY for Globus SecurityPresentation by Douglas Engerthttp://www.globus.org/presentations/gssapi/sld001.htm
A New Model for Security for MetasystemsSteve J . Chapin, Chenxi Wang, William A. Wulf, Fritz Knabe, and AndrewGrimshaw
Legion System Administrator Manual 1.61) http://www.cs.virginia.edu/~legion/documentation/sysadmin_1.6.pdf