1 / 16

Active Security Infrastructure

Active Security Infrastructure. Stuart Kenny Trinity College Dublin. Active Security. Building on concepts investigated during CrossGrid project (2002-2005) and Int.Eu.Grid (2006-2008) Existing Grid security activities focused on prevention Authentication, authorization

alden-hinton
Download Presentation

Active Security Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Active Security Infrastructure Stuart Kenny Trinity College Dublin

  2. Active Security • Building on concepts investigated during CrossGrid project (2002-2005) and Int.Eu.Grid (2006-2008) • Existing Grid security activities focused on prevention • Authentication, authorization • Active security focused on • Detection • Reaction • 3 components • Security monitoring • Alert Analysis • Control Engine

  3. Active Security Infrastructure

  4. Security Monitoring (Site Level) • Monitors state of security of a site • Reports detected security events to security alert archive • Monitoring performed by ‘R-GMA enabled’ security tools • Snort • Prelude-LML • Rkhunter • Extensible • Easy inclusion of additional tools, e.g., Tripwire

  5. Alert Analysis (Management Level) • Filter and analyse alerts contained in alert archive • Detect patterns that signify attempted attack • Attempts to join alerts into high-level attack scenarios • Output • Correlated high-priority Grid alert • New Grid policy • Define actions to be taken in response to security event • Extensible • Define additional ‘attack scenarios’ and base policies

  6. Control Engine (Site Level) • Input: • Grid policies generated by analysis component • Site Policy Decision Point • Evaluates requests for guidance from service agents • Decision based on applicable policies • Decision contains action to be taken to mitigate risk of possible security incident • Extensible • Provision of service agents or plug-ins Pull

  7. Control Engine (Site Level) • Active Plug-in • Simple plug-in interface • Plug-ins invoked on policy update • Evaluate plug-in request against updated policy set • User defined code handles response and enforces obligations • Grid-Ireland example • Grid4C iptables management endpoint • Dynamic host blocking Push

  8. Grid-Ireland Deployment • Grid-Ireland Gateway • Point-of-presence at 18 institutions • Homogenous set of hardware and software • Centrally managed by Grid Operations Centre (OpsCentre) at TCD • ASI deployment • Security monitoring installed on gateways at 10 of 18 sites • Analysis component hosted at OpsCentre • Continuously monitoring infrastructure since June 2008

  9. Grid-Ireland Deployment

  10. Grid-Ireland Deployment

  11. Analyzer Scenarios: Job Monitoring • Scenario models attack as series of state changes • Models states job passes through once submitted to a site • State changes triggered by published alerts • Prelude LML and PBS scripts • Can be used as basis for ‘higher-level’ scenarios • E.g., job executing restricted command

  12. Analyzer Scenarios: Job Monitoring

  13. Analyzer Scenarios: Job Monitoring

  14. Analyzer Scenarios: Job Monitoring

  15. Future Work • Correlation • Prelude correlation engine • LUA rules based • Messaging • ActiveMQ • Additional scenarios • Control Engine • Implement agents and deploy

  16. Questions?

More Related