570 likes | 702 Views
Implementing Grid Security Concepts EU FP6 Projects AssessGrid & GridTrust. Syed Naqvi Syed.Naqvi@cetic.be. 07 September 2007, Budapest - Hungary. Acknowledgements. AssessGrid Project Consortium Particularly Stéphane Mouton Karim Djemame GridTrust Project Consortium Particularly
E N D
Implementing Grid Security ConceptsEU FP6 Projects AssessGrid & GridTrust Syed Naqvi Syed.Naqvi@cetic.be 07 September 2007, Budapest - Hungary
Acknowledgements • AssessGrid Project Consortium • Particularly • Stéphane Mouton • Karim Djemame • GridTrust Project Consortium • Particularly • Chritophe Ponsard • Philippe Massonet CoreGRID Summer School 2007, Budapest, Hungary
Assets Requirements & Policies Security Architecture Security Architecture Security Features or Services Attackers/Intruders/ Malfeasors Security Mechanisms CoreGRID Summer School 2007, Budapest, Hungary
Security Fundamentals • Authentication • Verification of the identity of a person or process • Authorization • Determination of what an entity is allowed to do • Confidentiality • Prevention of unauthorized disclosure of information • Integrity • Prevention of data from being inappropriately changed • Availability • Assuring the disposition of resources to the users CoreGRID Summer School 2007, Budapest, Hungary
Security Fundamentals • Authentication • Challenge-response, biometric, certificates, tickets, UID • Authorization • Access Control, RBAC, CAS, … • Confidentiality • Bell-LaPadula Model • Integrity • Biba Model, Clark-Wilson Model • Availability • Security Policy CoreGRID Summer School 2007, Budapest, Hungary
Grid Security - Specific Aspects • Grid-specific • Huge bunch of nodes, dynamic creation of VOs, … • Virtual Paradigm • Abstraction, Implementation Independent, … • Adaptable Features • Vision of OGSA Security Model • Standard Security Practices • Risks analysis, evaluation criteria, simulations, … CoreGRID Summer School 2007, Budapest, Hungary
Some Misunderstandings • Login/password is sufficient • In-depth Security • Cryptography is a silver bullet • Availability, Denial of Service, … • No security for non-confidential data • Integrity, Availability, … • Ideal Security is the Pre-condition of Use • eBusiness Applications CoreGRID Summer School 2007, Budapest, Hungary
Trust Requirements • Identification, Access Control, Privacy, … • User-based Trust Relationships • If a user has the right to use sites A and B, the user should be able to use sites A and B together without requiring the security administrators from sites A and B to interact. • Conflict of Interests may arise – Data isolation is to be assured • Distributed Trust Evaluation • The decentralized nature of administration makes it difficult to establish and propagate trust. CoreGRID Summer School 2007, Budapest, Hungary
Trust Requirements • Non-History-based Trust Establishment • If there is no trust among parties and there is no mechanism to build some trust based on a history of previous interactions. • Delegation of trust • Decentralized hierarchical administration, scalability of certificate issuing capacity, … CoreGRID Summer School 2007, Budapest, Hungary
Trust Requirements • Continuous monitoring of the changes to the trust level of each node • Dynamic evaluation of the trust relationships, broadcast the presence of a malicious node in the environment, … • Consideration of context and state • Determination of the access control on the basis of user’s location and the state of the user’s environment. CoreGRID Summer School 2007, Budapest, Hungary
Analyses • Requirements Analysis • Functional requirements • Non-functional requirements • Goal-based • Business Analysis • Strategy • Organisational capabilities • Return on Investment CoreGRID Summer School 2007, Budapest, Hungary
Analyses • Risks Analysis • Probability of loss(es) • Associated costs (compensations etc.) • Threats Analysis • Potential threats/attacks • Countermeasures • Forensic Analysis • Post-accident analysis • Digital fingerprinting CoreGRID Summer School 2007, Budapest, Hungary
Risk Management in Grids • Grid technologies reached high level of development • Large-scale Grid deployment needs • Commercial Grid providers and services • Working demonstrators in different areas • Standardisation efforts for access and interoperability • Early adopters underline core shortcomings • Quality of Service guaranteed resource usage over time • Security, Trust, and Dependability • Service Level Agreements (SLAs) address shortcomings • Definition of business relationship • Forces development of QoS-aware middleware/OS CoreGRID Summer School 2007, Budapest, Hungary
Name ID or Description of SLA Context Contract Parties, Responsible Persons Terms R-Type:HW, OS, Compiler, Software Packages, … R-Quantity: Number CPUs, main memory, … R-Quality:CPU>2GHz, Network Bandwidth, … Deadline:Date, Time,… Policies:Demands on Security and Privacy, … Price for Resource Consumption (fulfilled SLA) Penalty Fee in case of SLA violation Service Level Agreement Service Level Agreement Service Level Agreements • Specified amount and quality of resources over certain time mandatory to reach desired performance • Delegation of particular resource capabilities over a defined time interval from resource owner to requester • SLA as explicit statement of expectations and obligations in a business relationship between service provider and customer CoreGRID Summer School 2007, Budapest, Hungary
Grid Providers and SLAs SLAs needed, but providers are cautious about adoption Why? Business case risk SLA violation and penalties due failures, DoS attacks, overloading Missing indicators QoS level to be offered? Enough resources for Grid jobs? Fault tolerance available? Actions to be initiated? What is the risk of accepting an SLA? CoreGRID Summer School 2007, Budapest, Hungary
Grid Brokers, Users and SLAs Reliability as selection criterion QoS? Trustable QoS level information? Reliability with respect to utilisation? QoS information service? Decision-support for job assignment? What is the risk of assigning an SLA? CoreGRID Summer School 2007, Budapest, Hungary
Trust and Security for Next Generation Grids CoreGRID Summer School 2007, Budapest, Hungary
GRIDTRUST Project • Funded by the EU Framework Programme 6 (FP6) • Specific Targeted Research Project (STREP) • Coordinator: CETIC • Project Reference: 033817 • Project Cost: 3.86 M€ • Project Funding: 2.2 M€ • Start date: 01 June 2006 • Duration: 36 months • www.gridtrust.eu CoreGRID Summer School 2007, Budapest, Hungary
Project Partners 5 countries 4 companies 3 research institutes 1 university CoreGRID Summer School 2007, Budapest, Hungary
Partner Roles CoreGRID Summer School 2007, Budapest, Hungary
GridTrust: Objectives and Expected Results • General Objective: definition and management of security and trust in dynamic virtual organisations • Expected results – « framework » composed of: • environnement et analysis method at all levels of the NGG architecture • A reference security architecture for Grids • An open source reference implementation of the architecture, validated by several innovative business scenarios. NGG Architecture GRID Application Layer GRID Service Middleware Layer GRID Foundation Middleware Layer Network Operating System CoreGRID Summer School 2007, Budapest, Hungary
3’ Dynamic VOs “ Virtual organizations are distributed business processes” 2 Examples • Supply chain (ex: Airbus) • Distributed authoring • Knowledge management Services 1 4 5 3 Centralised or decentralised VO Management Avoid manual reconfiguration CoreGRID Summer School 2007, Budapest, Hungary
Trust in Virtual Organisations “Since VOs are based on sharing information and knowledge, there must be a high amount of trust among the partners. Especially since each partner contribute with their core competencies” Collaboration • Threats: • Bad service (contract not respected) • Attacks – loss of information • Attacks – disruption of service • Vulnerability to attacks (bad level of security at one of the partners) • … 2 1 4 5 3 Need for Trust and security mechanisms CoreGRID Summer School 2007, Budapest, Hungary
3 • If trust of node x < Min trust threshold • Then tighten security for node x • If trust of node x < Min trust threshold • Then replace node x 3’ Desired Self-Organization/ Self -Protection Behavior Trust requirement: always all nodes sufficiently trusted 2 1 4 5 VO policy rules: 3 Security should adapt -> avoid manual intervention of operator CoreGRID Summer School 2007, Budapest, Hungary
Dynamic VO VO Mngt VO Policies Reputationservice Secure res. broker … Usage Cont. service Fine grained Continuous computational usage control Usage Control Policies Trust and Security for Dynamic Virtual Organisations GridTrust Framework Services and Tools NGG Architecture OGSA Framework: -Method and policy refinement tools -Security architecture -Reference implementation Trust and SecurityGoals GRID Application Layer … Self-* GRID Service Middleware Layer GRID Foundation Middleware Layer … Network Operating System Resources CoreGRID Summer School 2007, Budapest, Hungary
Innovation in GridTrust • UCON (improves state of the art: mutable attributes, obligations, continuous enforcement) • Computational level • Service level • Combining Brokering and security • Combining security with reputation • Globus reputation used for service discovery and selection • Here we want to to use reputation for authorization decision • From Business security requirements to policies (NESSI-Grid challenge) • Not innovation: Glue the separate VO management components together • VOMS, CAS CoreGRID Summer School 2007, Budapest, Hungary
From Business level security requirements to operational policies Traceability of requirements to policies NGG Architecture Policy rule examples Business Trust and Security Requirements GRID Application Layer Confidentiality of client data Confidential data can only be used with a service that provides encryption with minimal key length GRID Service Middleware Layer Service Trust and Security Policies Derivation GRID Foundation Middleware Layer Fine Grained Computational Usage Control Policies Confidential data can only be sent over a secure socket to another trusted domain Network Operating System Layer CoreGRID Summer School 2007, Budapest, Hungary
GridTrust Framework Integrated in OGSA Application GridTrust Framework CoreGRID Summer School 2007, Budapest, Hungary
From Access Control to Usage Control • With access control technology • Trusted usage of resources • Access control under responsibility of software • Correct usage under responsibility of service/resource user • With usage control technology • Trusted Usage of resources • Access control is part of usage control under responsibility of software agent • Correct usage • Policies respected under responsibility of software • Correct usage under responsibility of user CoreGRID Summer School 2007, Budapest, Hungary
Updating reputation based on resource usage • Gather low level resource usage information • SLA violations • Successful performance • Update VO level reputation • Reputation at different levels • Service • VO member • VO as a whole • Reputation based on past behavior • History • Performance CoreGRID Summer School 2007, Budapest, Hungary
Experimentation - Innovative Business Case Studies • Distributed Supply chain application domain • Pharmacy • Fish (EU and national regulations) • Collaborative intra or inter-enterprise knowledge management • Distributed authoring • High-quality massive data transfers • Many actors • Can be viewed as a virtual organisation which implements a complex and articulated supply chain. • Safe and reliable data transfer services, but the distant and virtual cooperation is limited CoreGRID Summer School 2007, Budapest, Hungary
Advanced Risk Assessment and Management for Trustable Grids CoreGRID Summer School 2007, Budapest, Hungary
AssessGrid Project • Funded by the EU Framework Programme 6 (FP6) • Specific Targeted Research Project (STREP) • Coordinator: University of Paderborn • Project Reference: 031772 • Project Cost: 2.64 M€ • Project Funding: 1.97 M€ • Start date: 01 April 2006 • Duration: 33 months • www.assessgrid.eu CoreGRID Summer School 2007, Budapest, Hungary
Project Partners CoreGRID Summer School 2007, Budapest, Hungary
Partner Roles CoreGRID Summer School 2007, Budapest, Hungary
Project Goals • Risk indicators as core part of SLA assignment and acceptance • Customised risk presentation for improved usability and trust • Decision/planning/management-support for QoS-aware Grids • Grid provider evaluation and competition CoreGRID Summer School 2007, Budapest, Hungary
Proposed Architecture Generic, customisable, and interoperable open-source software for risk assessment, risk management, and decision-support in Grids Provider/ Broker/ End-user perspective Integration in Grid service Risk assessment and management Integration in Grid middleware Broker service Monitoring Planning-based RMS Consultant /Confidence service Ad-hoc risk management Integration in Grid fabric CoreGRID Summer School 2007, Budapest, Hungary
Risk Assessment • Research Challenges • Methods and tools for monitoring, gathering, and aggregating relevant data • Static and dynamic data utilisation • Network-condition, overall Grid activity • Specific business policies • Methods for risk assessment • Customised presentation of risk-related indicators Risk granularity End user Broker Provider CoreGRID Summer School 2007, Budapest, Hungary
Risk Management • Research Challenges • Develop concepts for using risk • Estimate risk • Risk-indicators for self-organising fault tolerance • Risk-aware negotiations and SLAs • Risk-based decision-support for capacity planning and infrastructure management • Aggregation of risk-indicators for objective provider ranking and competition CoreGRID Summer School 2007, Budapest, Hungary
Aim integrate a risk-aware Service Level Agreement (SLA) model into current Grid technology Risk awareness incorporated across three layers System Overview • Therefore an architecture designed to • give resource providers the capability to perform risk assessments prior to making offers • give the broker the ability to • assess the reliability of provider risk assessments • rank offers from different resource providers, based on risk, price and penalty CoreGRID Summer School 2007, Budapest, Hungary
Usage Scenarios • Broker as a mediator • End-user submits SLA request to broker • Once end-user selects SLA offer • Broker’s responsibility ends • End-user interacts directly with provider • Broker as a contractor • Acts as a virtual provider • End-user agrees SLA with broker • Broker agrees SLAs with provider(s) • Useful to map workflows to resources • Direct SLA negotiation end-user – provider • End-user submits SLA request to provider • End-user can query broker’s confidence service CoreGRID Summer School 2007, Budapest, Hungary
Scenario 1: User-Provider Neg. • Fill Template • Job description • Max. PoF • Min. Penalty Get Template SLA Request Commit Contract SLA Offer Create Offer - Set Price RMS: Resource Management System PoF: Probability of Failure CoreGRID Summer School 2007, Budapest, Hungary
Scenario 2a: Broker = Mediator Get Templates Template Subscription CoreGRID Summer School 2007, Budapest, Hungary
Scenario 2a: Broker = Mediator SLA Request Evaluate Reliability SLA Offer CoreGRID Summer School 2007, Budapest, Hungary
Scenario 2a: Broker = Mediator Commit CoreGRID Summer School 2007, Budapest, Hungary
Scenario 2b: Broker=Contractor CoreGRID Summer School 2007, Budapest, Hungary
Architectural Overview • End-user • Portal • Broker • Risk Assessor • Confidence Service • Workflow Assessor • Provider • Negotiation Manager • Scheduler • Risk Assessor • Consultant Service CoreGRID Summer School 2007, Budapest, Hungary
Presentation of SLA templates, requests, offers of Probability of Failure (PoF) and reliability information of status of executing and pending jobs SLA violations and compensation (penalties) specific to user role (end user, administrator) End-User Layer – Portal Architecture • Follows the MVC (Model View Controller) design pattern • Based on GridSphere portal architecture CoreGRID Summer School 2007, Budapest, Hungary
Broker Layer • SLA Processor:Agreement and AgreementFactory WebService • Resource Filter:Find suitable resource providers that are likely to respond • Offer Manager:Used if broker acts as provider CoreGRID Summer School 2007, Budapest, Hungary
Broker layer: SLA Offers • Published risk enables End-users to compare different SLA offers • Risk of failure, price, and penalty fee • Broker’s Reliability measure classifies which offers are reliable CoreGRID Summer School 2007, Budapest, Hungary