180 likes | 334 Views
Computer Security and the Grid. … or how I learned to stop worrying and love The Grid. Dane Skow Fermilab Computer Security Awareness Day 8 March 2005. Grid, grid(s), and more grids. No commonly accepted definition of a grid. Grid: New function parallel to Web noosphere
E N D
Computer Security and the Grid … or how I learned to stop worrying and love The Grid. Dane Skow Fermilab Computer Security Awareness Day 8 March 2005
Grid, grid(s), and more grids • No commonly accepted definition of a grid. • Grid: New function parallel to Web noosphere • grid: Particular instance of a internally consistent grid. • Parallels Internet being network of networks • FNAL participates in Grid at many different levels • Open Science Grid (OSG) • LHC Computing Grid (LCG) • Particle Physics Data Grid (PPDG) • FermiGrid • SAMGrid • Resources may participate in multiple grids
Why allow Grids ? • To get the work done • Better integration host lab and remote resources • Facilitate resource sharing among larger communities • Establish common standards for use of services • There’s nothing in the Grid that users can’t (and aren’t ) already do independently. • Faith that facilitating this leads to innovation and improvement
Four Pillars of (Grid) Security • Identity (DN or public key) • Isolation • Traceability • Authentication (TLS handshake) • Prevent Identity Theft • Authorization (gridmapfile or Globus+OGSA-AuthZ+Services) • Access Control • Resource Control • Audit (logfiles) • Troubleshooting • Forensics • Accounting
Identity • Needs globally unique name • Cert (or DN) is managed namespace • /etc/grid-security/certificates lists trusted CAs • /etc/grid-security/xxxxxxxx.signing_policy files are tool for this • Public keys statistically unique • Granularity of identity under debate • Process level ? • Human vrs. Agent moderated ?
Authentication • Openssl is your friend • Debate over scope of authentication • Session level • .1 Msec ≈ 1 day • 1 Msec ≈ AFS token lifetime • 10-100 Msec ≈ account revalidation lifetime • Privacy is serious concern
Authorization • Gridmapfile is default at /etc/grid-security/grid-mapfile • Authorization callouts at /etc/grid-security/gsi-authz.conf • Expression and interpretation of policy by 3rd parties is TBD
Audit • No common standard or requirement yet. • Rely on local expertise and experience to guide • Not clear what tools are useful/needed
ACLs on Resource Object AuthZ Policy Engine Management of ACLs Putting it all together 3rd party authN VOMS Attribute Server (push - user,VO) AuthZ Access Control (VO - eg. RB, Site - eg.SAZ, Resource) AuthZ Provisioning (Site, eg. GUMS, Resource) Grid Resource
Incident Response • Identify • Requester identity (full cert preferred) • Requesting IP address • Requesting identity (full cert preferred) • Contain • Local action first priority • Now frequently requires coordinated action • FCSC Alert grid incident response channel • Explain • Need to identify thresholds of investigation (wipe vrs investigate decision) • Respond • Authorization is “big stick”, not network directly
Vulnerability Assessment • Troubles of new software/ideas • Exploit of software vulnerabilities • Configuration errors • Logic errors • All the same old stuff only more so • Inventory attacks (worms) • Broad authentication cells • Explicit, not just shared/sniffed passwords • Trojan applications and system software
Forensics • New services • Gatekeeper is port 2119 TCP • GSIftp (aka Gridftp) is port 2811 TCP • Various monitoring/directory services • Grid Service logs • GLOBUS_LOCATION default is /usr/local/grid/globus • Gatekeeper log is at $GLOBUS_LOCATION/var/globus-gatekeeper.log • GridFTP log is at $GLOBUS_LOCATION/var/gridftp.log
Authorization Services • SAZ at FNAL • Site AuthoriZation service • Provides single point access control • Offloads CRL maintenance from servers • GUMS identity mapping • Grid Identity is X509 SubjectName and Issuer • Local Identity is uid (resource scope) • Kerberos/AFS not mapped (site scope) • Local Service authorization may do provisioning
Forensics (cont’d) • System tools • Same as before • Grid tools • Non-existent • Not clear what can/should be automated • Need to involve VO in most investigations
Roles and Responsibilities • FCIRT continues as FNAL Incident Response Team • Site Autonomy • Focus on local defense first • Second priority contain damage • Now include consideration of Grid partners in assessment • Coordinate with others using OSG Incident Response Plan • Currently in effect for OSG • Adopted as new model for LCG. Migrating.
Roles and Responsibilities • Notification • Notification infrastructure to support adhoc and best effort collaboration on incident response. • Issues: • Skill level and tolerance vary widely • Reasonable response expectations need to be developed • Likely that some contention will occur while level-setting is achieved.
Recommended Reading • SSL and TLS Essentials, Stephen Thomas • OSG Incident Response Plan • http://computing.fnal.gov/docdb/osg_documents/0000/000019/002/OSG_incident_handling_v1.0.pdf • LCG Security Policy Documents • http://proj-lcg-security.web.cern.ch/proj-lcg-security/documents.html • Globus Documentation • http://www-unix.globus.org/toolkit/docs/3.2/index.html