1 / 25

Fine-grained Continuous Usage Control of Service based Grids – The GridTrust Approach

Fine-grained Continuous Usage Control of Service based Grids – The GridTrust Approach. Philippe Massonet CETIC ServiceWave Madrid, 10-13/12/2008. GridTrust Framework Objectives. General Objective: definition and management of security and trust in dynamic virtual organisations

Download Presentation

Fine-grained Continuous Usage Control of Service based Grids – The GridTrust Approach

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Fine-grained Continuous Usage Control of Service based Grids – The GridTrust Approach Philippe Massonet CETIC ServiceWave Madrid, 10-13/12/2008

  2. GridTrust Framework Objectives General Objective: definition and management of security and trust in dynamic virtual organisations Expected results – « framework » composed of: environnement and analysis method at all levels of the NGG architecture A reference security architecture for Grids An open source reference implementation of the architecture, validated by some innovative businessscenarios. GridTrust NGG Architecture GRID Application Layer GRID Service Middleware Layer GRID Foundation Middleware Layer Network Operating System

  3. Trust and Security in Grids (Outsourcing) Infrastructure Provider (IP) Service Instance Shared resources Is the selected IP secure? Can I trust the SR and SP? Service Requestor (SR) Service Provider (SP) VO Res. Res. Is SP using my resources with malicious intent? Service Request

  4. Trust: Reputation based on Resource Usage Gather low level resource usage information SLA violations Successful performance Compliance with security policies Based on utility functions Modelling feedback on an entity behaviour Update VO level reputation Reputation at different levels User Service VO member VO as a whole Reputation based on past behaviour (history, performance) ResourceProvider Resource UsageMonitoring Service User-Resource Interaction Resources User Reputation Service

  5. Secure Brokering of Resources Issue: how to determine if resources returned by a resource broker are secure? Secure resource broker It implements all the authorisation logic needed for the VO creation Performing policy matching (XACML policies) between VO sec policy and service provider’s sec policy VO sec policy and VO users’ sec policy

  6. Usage Control Service Enforce usage control policies at both VO level and computational (node) level Building Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) for POLPA and XACML languages Monitor the actions executed on behalf of the grid users VO level Global VO policies Service level Policy describes behaviour of the user in the local service invocation Computational level Highly detailed description of the correct behaviour of the application being executed

  7. From Access Control to Usage Control Continuity of decision Ongoing decision Ongoingusage After usage Pre update Post update Ongoing update Mutability of attributes Usage Decision still valid ? Can you revoke access ? Pre decision Before usage Time

  8. Design Decisions Use of Globus Toolkit 4.0.x Services as Globus Services Resources are casted as services Use of the Globus CA (even if we extended certificates format) for authentication We address only authorization

  9. General Architecture Globus PPMService SRBService Service Providers VBEService VO C-UCONService VO Manager Enforcer TRSService

  10. Usage Control Services Monitor the actions executed on behalf of the grid users and enforce a UCON security policy Computational level (C-UCON) The policy consists of a highly detailed description of the correct behaviour of the application being executed Only the applications whose behaviour is consistent with the security policy are executed on the computational resource VO level (Enforcer) Policy evaluation point that support UCON policies The usage control service will be integrated into the Globus middleware GRID Service Middleware Layer GRID Foundation Middleware Layer WP3/WP4

  11. Secure Resource Broker Service Integrate access control with resource/service scheduling Both resource owners and VO define their resource access and usage policies The resource broker schedules a user request only within the set of resources whose policies match the user credentials (and vice-versa) Scalability and efficiency It will be integrated into the Globus middleware GRID Service Middleware Layer GRID Foundation Middleware Layer WP3/WP4

  12. Trust and Reputation Service Collect, distribute and aggregate feedbacks about entities' behaviour in a particular context in order to produce a rating about the entities  Entities could be either users, resources/ services, service providers or VOs The reputation service is based on ideas of utility computing Can be used in both centralised and distributed settings The reputation service will be also integrated into the Globus middleware GRID Service Middleware Layer WP2/WP4

  13. VBE: Virtual Breeding Environment Service It manages the Virtual Breeding Environment composed of users and service providers (user, service provider registration, certificate management, etc.)

  14. PPM: Profile and Policy Management Service The policy and profile management service is a database service that keeps information about security policies of all the entities of the system. Support several types of query Service ID, Type, Name, attribute (OS, Memory, CPU type, Library, Certificate)

  15. VO Library To be used by the VO Manager to use and interface with GridTrust services Offers a full set of functionalities to manage VO life cycle (Creation, Termination,…) Manage access at communication and authentication level from applications to GridTrust Services. Hides complexity of certificates management between users and GridTrust CA

  16. GridTrust Framework - Components service providers PKI • GridTrust Services • TRS • VBE • SRB • PPM • C-UCON VO Library users ENFORCER

  17. Secure VO Lifecycle: Formation TRS SRB PPM VO C-UCON VO Manager VBE Manager PKI

  18. Secure VO Lifecycle: VO Operation Service2 Service2 Service1 Done Denied Policy: Service1 ; Service2 Virtual Breeding Environment VO TRS ENFORCER VO user Service2 Application Service1 Service3

  19. Fine Grained Continous Usage Control Service Provider (SP) Local Policy Opened Start Service Instance Res. Monitor Closed Reading Policy EnforcementPoint Violation Hosting Environment Service Program … OpenFile() … ReadFile() … OpenFile() Shared resources … CloseFile() …

  20. Supply Chain Case Study: Business Context Transporters Small transporters, to avoid being crushed between raising oil prices and competitive pressure must increase the optimization level of their business The Transporters' Association proposes to its members a common Grid system that can optimize the routes of their whole vehicles' fleets Daily optimization is already a big leap forward for most transporters, but a Grid allows more than that: to re-optimize the allocation of tasks every time that a quotation for a new one has to be produced, thus calculating the lowest possible price for each offer

  21. Supply Chain Demo

  22. Bad Behavior Example Application ... ... ... ... ... ... ... ... open(HPlibfile,..)‏ ... read(HPlibfile,..)‏ ... read(HPlibfile,..)‏ ... close(HPlibfile,..)‏ ... ... ... ... ... Security Policy ... OpenHPlibs:=false.HPLibs:={/usr/local/libs/HPLibs/*}...... ... ...tryaccess(u,fs,open(fname, flags, mode, res)).[(fname ∈ HPlibs),(Attribute(u,reputation)>0.7)]. OpenHPlibs:=true.fdlib:=res. permitaccess(u,fs,open(fname, flags, mode, res)). endaccess(u,fs,open(fname, flags, mode, res)).......... ... ... tryaccess(u,fs,open(fname, flags, mode, res)).[(fname ∈ userHome)].permitaccess(u,fs,open(fname, flags, mode, res)). endaccess(u,fs,open(fname, flags, mode, res)).... ... ... ... Applications can open the HP libs if the user reputation is more than 0.7 Applications can open files in the user home directory DENIED!!

  23. Supply Chain Case Study Service Deployment TRS SRB GridTrust CA C-UCON VO MGT PPM

  24. Conclusions - GridTrust Framework Introduces usage control into Grids Integrates many existing concepts into a single model Key innovations: mutable attributes, continuous decision Server, user side usage control Provides trust and security services VO Level: Secure resource broker, Service level usage control, Reputation management service, Security aware VO management Node level: Computational usage control Provides policy refinement tools: Usage Control Policy editor, Usage control refinement tool Will be Released in open source

  25. Conclusions - Innovation UCON for Grids (improves state of the art: mutable attributes, obligations, continuous enforcement) Computational level Service level Combining Brokering and security Combining security with reputation Globus reputation used for service discovery and selection Here we wanto to use reputation for authorization decision Derivation of Business trust and security requirements to policies VO management integrated with GridTrust services

More Related