1 / 18

Two Aspects of Security Solution for Distributed Systems in the Grid on the Example of the OCM-G

Bartosz Baliś 1 , Marian Bubak 1,2 , Wojciech Rząsa 3 , Tomasz Szepieniec 2 , Roland Wismüller 4. Two Aspects of Security Solution for Distributed Systems in the Grid on the Example of the OCM-G. 1) Institute of Computer Science, AGH 3) Rzeszów University of Technology.

elton
Download Presentation

Two Aspects of Security Solution for Distributed Systems in the Grid on the Example of the OCM-G

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bartosz Baliś1, Marian Bubak1,2, Wojciech Rząsa3, Tomasz Szepieniec2, Roland Wismüller4 Two Aspects of Security Solution for Distributed Systems in the Grid on the Example of the OCM-G 1)Institute of Computer Science, AGH 3)Rzeszów University of Technology 2)Academic Computer Centre -- CYFRONET 4)LRR-TUM -- Technische Universitat Munchen

  2. Plan • OCM-G - on-line grid monitoring system • Security issues • Two aspects of the solution • Performance analysis • Generalization of the solution • Summary

  3. Tool request request SM SM request request request LM LM LM Node Node Node` Site Site OCM-G Architecture • Service Managers • one per site • permanent • handle multiple users • Local Monitors • one per host-and-user • transient • owned by the user

  4. SM fork() fork() fork() process process Shared component User 1 User 2 OCM-G startup site Node 2 Node 1 SM LM LM LM process process

  5. Virtual Monitoring System • A subset of OCM-G components involved in one application • Share information about the application • Only the VMS members are allowed to monitor the application • Service Managers may be shared between multiple VMSs

  6. Request membership register register Extending VMS VMS SM SM LM LM LM process process process process

  7. Security issues • Shared monitoring system components • Authentication required • OCM-G manipulates processes • Authorization required • Service Manager - permanent service • Security of the site cannot be lowered • Moreover: • Reliability of the results • Confidentiality of monitoring information

  8. 1st aspect of the solutionGSI and certificates • User certificates for: • tools • Local Monitors • Requirements • Issued by valid CA • Specific certificates for: • Service Managers • Requirements • Issued by valid CA • Issued specifically for the SM; specific DN, e.g. /C=PL/O=GRID/O=Cyfronet/CN=OCM-G-SM/ GSI for connections between components (authentication, authorization, integrity, confidentiality)

  9. Mutual authentication (certificates exchange) Secured connection (authenticity, integrity, confidentiality) Network connection Connections secured with GSI SM SM • Analogous LM – SM connection establishment • Valid certificates required to establish connection

  10. Remaining vulnerabilities(Service Manager problem) • Service Managers shared between users • Anyone can pretend SM • Valid SM certificate required to join VMS • Administrators can access SM certificate • ''Forged-component attack'' is possible

  11. Request membership Forged-component attack VMS SM SM LM LM process process process

  12. Should we trust site administrators? • We already trust: • Administrators can access users' accounts with private keys • Administrators can control his users' resources • ... possibly on the other sites (using his users' private keys) • By the forged-component attack administrator can access other users' resources on the other sites • Conclusion: we cannot authorize SM to join VMS using his certificate only.

  13. ''written permission'' exchange Request membership Digitaly signed ''written permission'' register Secured protocol of extending VMS VMS SM SM LM LM LM process process process process

  14. 2nd Aspect of the solution • Secured protocol of extending VMS • Request to join VMS digitally signed by the user • While extending VMS both SMs present: • Valid SM certificate • ''Written permission'' of the VMS owner • Consequence: administrators cannot access other users' resources on the other sites

  15. Performance • Low monitoring overhead essential for the on-line system • 1st aspect of the solution introduces additional overhead • 2nd security aspect affects startup only • Test: transmission of 100B packets between two processes, CPU time measured • CLEAR - data not secured • AUTH - authentication and authorization • PROTECT - authenticity/integrity protection • CRYPT - confidentiality protection

  16. Overhead test results Worst case latency of the order of 0.1 ms acceptable for on-line monitoring

  17. Distributed system User resource LM res. LM proc proc proc resource LM proc proc User res. LM res. LM proc proc Generalization tool Distributed agent SM SM SM tool

  18. Summary • The proposed security solution • 1st aspect – communication security • 2nd aspect – secured protocol of extending VMS • Acceptable overhead confirmed by the test results • We believe it is possible to adapt the solution to similar architecture systems

More Related