1 / 18

SESEC

SESEC. Storage Element (In)Security hepsysman, RAL 0-1 July 2009 Jens Jensen. What is an SE. Control interface – SRM via SOAP via HTTPG Information interface – GLUE via BDII GridFTP. Basics. Using X.509 certificates for AuC GSI = Globus Security Infrastructure

elockhart
Download Presentation

SESEC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SESEC Storage Element (In)Security hepsysman, RAL 0-1 July 2009 Jens Jensen

  2. What is an SE • Control interface – SRM via SOAP via HTTPG • Information interface – GLUE via BDII • GridFTP

  3. Basics • Using X.509 certificates for AuC • GSI = Globus Security Infrastructure • HTTPG = HTTPS over GSI socket • GSI adds support for delegation • Delegation = of identity, proxy (cf RFC3820)

  4. Basics – Data Transfer • GridFTP – FTP with Grid extensions, uses GSI • Control channel always authenticated and encrypted • Data channel sometimes not authenticated • Data channel usually not encrypted

  5. Basics – Data Transfer • Local protocols • RFIO and DCAP have secure versions • DPM uses secure RFIO by default • dCache uses insecure DCAP by default • secure xroot…?

  6. Architecture User (UI) Service Discovery Information Publisher Database SRM Head Node data transfer Not secure Secure pool to pool transfer (maybe) Sometimes secure Disk pool

  7. Architecture User (UI) A B

  8. Authorisation • Typically, people are mapped to Unix accounts • Direct mapping DNuid,gid • Pool account mapping DN{uid},gid • Map by FQAN (sometimes) • Need consistency – SRM, GridFTP, local protocols

  9. Authorisation • GridMap – you only map to 1st entry • New DN needed for second VO • Unix mapping – coarse grained ACL • (Usually) • Learn how to set ACLs correctly! (Friday)

  10. Higher Security at Higher Level • See EGEE biomed use cases • Goes waaaay back to EDG • Storing keys in Hydra • Encrypted data in SEs

  11. Logging • Use toolkit for DPM (see Friday’s talk) • SSSCs • Storage Security Service Challenges • Get Mingchao to organise one

  12. Availability • Grid is sometimes not very resilient… • DoS attacks possible • Most likely unintentional… • Cf. banning/unbanning user discussion • Cf. reporting who-used-all-our-space to VO

  13. Accounting • Less a security issue • Until people start paying for their allocations… • (cf Alice’s accounting system)

  14. Firewalls • Can’t inspect HTTPS (or G) packets • SOAPful firewalls proposed • Not necessarily a good idea…? • PASV available for GridFTP

  15. Performance Root CA Root CA “Easy” public exponents, eg 0x11 or 0x10001 eSc CA eSc CA 2048 bits only make things slower… CA certs MUST be 2048 though Host User Server validates client’s id Client validates server’s Proxy(ies)

  16. Performance • For SRM, lots of ways to improve performance • There can be (many) other bottlenecks • The case for insecurity • RFIO or DCAP without GSI security • RFIO using UID for AuC (16 bit…)

  17. Standards • …are important! • Certificates – X.509, PKIX, IGTF • SSL/TLS  GSI • gLite delegation API • Standard proxies (or not) – RFC 3820

  18. What we don’t do(that others (sometimes) do (with storage)) • Access control policies • Fine grained access control • SAML • “Normal” user access, browser, password,

More Related