GENI Security Architecture Toolkit (GSAT) Spiral 2 Year-end Project Review

1. Project Graphic and/or Photo GENI Security Architecture Toolkit (GSAT)Spiral 2 Year-end Project Review SPARTA, Inc. PI: Stephen Schwab Staff: Alefiya Hussain Aug 31, 2010

2. Project Summary • GENI Security Architecture focuses on the broad set of security issues across the entire GENI eco-system. GENI is a large, distributed system with many computational and network resources. Moreover, there are multiple implementations of control frameworks, clearinghouses, aggregate and component managers, instrumentation & measurement tools, and other specialized resources. Finally, these elements all need to be deployed across multiple campuses, and use local campus, regional tier, and backbone networks for interconnection. • GENI Security Architecture project catalyzes conversations in the GENI community around control framework / SFA security requirements and mechanisms; aggregates and other cluster project requirements, experiences, and feedback regarding security mechanisms; and operational issues in a forward looking direction, laying groundwork for the future. • GENI Security Architecture documents and other GENI documents (such as SFA-2.0) are revised and updated to collect, track, distill and work towards defining a set of standard (rough consensus) GENI security mechanisms. INSERT PROJECT REVIEW DATE

3. Milestone & QSR Status INSERT PROJECT REVIEW DATE

4. Accomplishments 1: Advancing GENI Spiral 2 Goals • GENI Spiral 2 Goals are described in “GENI Spiral 2 Overview”, section 7. Project SoWs and milestones were crafted to support those goals. On this slide, summarize project accomplishments this year that contribute to the Spiral 2 goals. • GENI Security issues permeate control frameworks, but also burden aggregate/I&M developers and campus deployments/rollouts. By promoting alternate concepts (distributed authorization) and also listening to complaints/challenges, and documenting and analyzing what has been done, the project has helped to push toward rough consensus across many projects. • Revisions to the Control Framework interfaces (SFA) will continue to be important for the long-term evolution of GENI. By helping to get these interfaces (and the rationale underlying them, based on the D&P efforts) correct, we are ensuring that GENI balances short-term and longer-term objectives. INSERT PROJECT REVIEW DATE

5. Accomplishments 2:Other Project Accomplishments • On this slide highlight additional project accomplishments that contribute to GENI’s development. • Various activities centered on examining and discussing different facets of security across the entire project. These are examples of important issues that need to be pushed on independent of any specific project or prototyping goal, but requires deep understanding of what is being built to engage in discussions. • ABAC workshop presentations • Distributed authorization • NSF GENI-FIRE presentations • Resource management vs. access control • GMOC discussions/review and OMIS presentations/participation • Operations focus INSERT PROJECT REVIEW DATE

6. Issues • On this slide summarize any issues which cause you concern. The GPO is particularly interested in any issues which have or may affect your ability to complete the work described in your SoW/milestones. However, this is a chance to raise other issues as well. • Period-of-performance – Our contract year 2 ends 8/3/2010 (today!) • Projects in spiral 1 and 2 have been working to implement and demonstrate at a rapid pace (good), but this leaves little time for putting into documentation. We staggered the spiral 2 security report to come after GEC8 with the hope that more information would be available _after_ the developers had finished their GEC demonstrations – but in many cases, information is still hard to come by. • One-to-one and small group conversations remain the best way to glean information and details about security issues facing various projects. • We don’t see this changing – it is inherent to the rapid spiral process. INSERT PROJECT REVIEW DATE

7. Plans • What are you plans for the remainder of Spiral 2? • The GPO is starting to formulate goals for Spiral 3. What are your thoughts regarding potential Spiral 3 work? • At the end of Spiral 3, we anticipate that a GENI Testbed “Eco-system” will continue to support researchers and grow over time. The GENI Security Architecture, at that point, should: • 1. Document the Security Architecture and underlying trust assumptions and mechanisms used “in the field” by the various control frameworks, aggregates, backbone/regional/campus networks, and instrumentation, measurement & specialized GENI resources. • Security Architecture should explain how GENI works now, why it is secure. • 2. Serve as a reference to the Security Requirements for new participants wishing to join the Eco-system and engage with the GENI community, including new aggregates (resource providers), networks, other testbeds (including International ones), and other identity/authorization providers for sets of future GENI users. • Security Architecture should explain what one has to do to participate in GENI. • 3. Provide guidelines to operators across the GENI community, to enable them to continue to participate in the community, and ensure reliable and secure operations for the medium-to-long term. • Security Architecture should provide confidence to organizations in on-going commitment of GENI community to well-thought out, disciplined security practices. INSERT PROJECT REVIEW DATE