1 / 18

Daonity: Grid Security with Behaviour Conformity from Trusted Computing

Daonity: Grid Security with Behaviour Conformity from Trusted Computing. Daonity Team Led by HP Labs China Joint work with Wuhan University Huazhong University of Science & Technoloby Oxford University. Outline. Grid Security: Requirements & Solutions Project Daonity

blythe
Download Presentation

Daonity: Grid Security with Behaviour Conformity from Trusted Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Daonity: Grid Security withBehaviour Conformityfrom Trusted Computing Daonity Team Led by HP Labs China Joint work with Wuhan University Huazhong University of Science & Technoloby Oxford University

  2. Outline • Grid Security: Requirements & Solutions • Project Daonity • Work so far (with innovations) • Deliverables (to Global Grid Forum)

  3. Grid Security: Requirements 1 Authentication (the basics: user/resource identification) 2 Single-sign-on (SSO, one credential to rule them all, with ubiquitous usability) 3 Authorization (policy, e.g., access control list) 4 Security for dynamic virtual organization with policy enforcement 5 Security for federated computing (e.g., science collaboration)

  4. Grid Security: GSI – Grid Security Infrastructure for Globus Tookit 4 1 (Authentication) PKI applications, proxy certificates for Virtual Organisation (VO) 2 (SSO) MyProxy: an online credential server using shared password 3 (Authorization) GridMap: a file mapping between VO policy to local policy 4 (Security tuned for VO): unclear in GSI 5 (Security for federated computing): unclear in GSI

  5. Authentication: PKI applications – notion of proxy certificate in GSI CA Alice Proxy 1 Proxy n sign sign sign Certificates Certificate Certificates Certificates Certificates • A typical VO (tapping computation from super computers elsewhere): • Denote user Alice by Proxy 0 • Proxy i has a proxy cryptographic credential created by Proxy i-1 • A proxy credential (and certificate) is short-lived (default lifetime = 12h if sent to a foreign machine or 7 days if stored in the owner’s) • Verification of proxy certificates at each proxy must trace back to CA along the chain (so it’s a genuine resource request from Alice)

  6. Authorization: GridMap in GSI GSI utilizes a gridmap file to map an accessing user to a local user in order to resolute policy status for the former CAS = Community Authorization Service Similar to leaving a proxy private key in disk, a weak protection for GridMap file: a plaintext file in the file space, modifiable by the root user, readable by CAS

  7. Project Daonity A Grid security standard development track in Global Grid Forum (GGF) https://forge.gridforum.org/projects/tc-rg/ “Trusted Computing for Grid Security” (TC-RG) RG = “Research Group” which I co-chair with Andrew Martin of Oxford University Implementation work is with the Chinese colleagues: Wuhan Univ: Trusted Computing (hot in China) Huazhong Univ of Sci & Tech: ChinaGrid (a big grid project)

  8. Mission Trusted Computing for Grid Security • TCG based cryptographic credential protection • Using TPM in the Grid security environment Approach • To work on the standards of TCG and Grid (GT & EGEE) • To port OpenSSL to TSS  TC enabled GSI • To develop open source software package as on-going GSI open standard development Not just code implementation • Non-trivial research results obtained: (security suitable for VO; policy enforcement for VO; sharing of security resource; solutions to grid authorization problems, etc.)

  9. Description of Work

  10. TC for Grid Security Innovations– VO with Behavior Conformity Instead of using a long chain of proxy certificates, Daonity uses TC’s key migration technique between TPMs Result: • Constant time and storage cost for certificate verification • Behavior conformity I: No need of short lifetime stipulation. As a migration authority, Alice has her liberty to switch the migrated copy of her certificate off after the job completes • Behavior conformity II: Property-based VO, using property certificates, Alice can have a VO satisfying given properties (eg, hardware configurations) Server CA Alice Server n 1 Migration to TPM Migration to TPM sign Certificate private key in TPM Certificate private key in TPM Certificate

  11. TC for Grid Security Innovations– MyProxy MyProxy is an online server to achieve single sign on (SSO) using shared password between user and server. Weak security of course, (encryption of private key using password), but SSO is indispensable Problems as a result of TC enhanced GSI: • How can a user without a TPM use TC enhanced GSI with SSO? • How can a user of a desktop TPM roam without downgrading security?

  12. Grid is about resource sharing! Property of TC: behaviour conformity: TPM owner is prohibited from doing certain things, eg, accessing the private key of a user New Protocol between a guest user and MyProxy: 1) MyProxy generates a user proxy credential as usual (i.e., password protected); 2) It encrypts the result using a public key of the TPM of a hosting platform; So, not only SSO is preserved with TC strengthened security, but also TPM becomes a shared resource; the owner cannot use the guest’s credential One may not own a TPM. But from Daonity, TPM enhanced Grid security will make shared use of TPM to become available to ALL in one go

  13. TC for Grid Security Innovations – Gridmap • Gridmap Modify:a module for modifying gridmap files, writing to persistent storage,and signing for integrity protection • Gridmap Use:a module for allowing GSI to read and verify signature of the current gridmap file, and alerting integrity failure • Gridmap Renew:a module for keeping in TPM an audit trail of gridmap files: PCR  SHA-1(PCR || gm_i) The audit trail is: PCR, gm_1, gm_2, …, gm_i, … This is also a mechanism allowing proof of proper conduct by the root user (protection from being framed)

  14. Auditing trail for Gridmap

  15. Implementation Status Daonity’s implementation has enjoyed great benefit from the open source availability of TrouSerS, GT4 and OpenSSL Credential migration is the most significant bit in the implementation so far, and done in open source for the first time (TrouSerS has no migration for Daonity to work with) So far, implementation is done only for TPM (version 1.1b) of Infineon Technology AG, and HP platforms Since Daonity will be open source, so it can soon become available to TPM-platforms of all vendors

  16. Implementation Status Still very buggy, and because of so, the demo is limited to “credential migration” (the most difficult and significant bit) Difficult because Infineon has not made hardware development manual available for the Daonity team to use, and TrouSerS has not done migration either Significant because we think migration is the key element to achieve property-based Grid VO (this is in fact a Daonity’s contribution to TCG proper, i.e., not just a TCG application, it’s a return)

  17. What will be shown today A proxy “certificate” in GT includes a private key in cleartext in order for a destination proxy to use. Not anymore in Daonity, a proxy cert is now 100% public! The matching private key stays in TPMs and transfers (in TCG’s term: migrates) from one to another, never to be exposed outside TPM The demo will show a general case of three-hop credential migration: Alice let her proxy credential migrate to a server, then the server follows Alice’s order to let it further migrate (or duplicate to a number of TPMs)

  18. Future Work The following will be worked in Daonity Phase II Grid security requirement 5: Grid for science collaboration, secure multiparty computation. This involves attestation technique. TPM for servers: Trusted Servers Technology. This should be in accordance with TCG standard progress.

More Related