1 / 25

WLCG Security TEG, risks and Identity Management

WLCG Security TEG, risks and Identity Management . David Kelsey GridPP28, Manchester 18 Apr 2012. Overview. WLCG Security TEG EGI & GridPP Security Risk Analysis Federated Identity Management. WLCG Security TEG. https://twiki.cern.ch/twiki/bin/view/LCG/WLCGSecurityTEG

jola
Download Presentation

WLCG Security TEG, risks and Identity Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester18 Apr 2012

  2. Overview • WLCG Security TEG • EGI & GridPP Security Risk Analysis • Federated Identity Management Security, Kelsey

  3. WLCG Security TEG • https://twiki.cern.ch/twiki/bin/view/LCG/WLCGSecurityTEG • Chaired by RomainWartel and Steffen Schreiner • ~20 active members • Security people, Sites and Experiments • More on mail list, but still not enough Site input • List of sub-tasks • Risk Assessment (Romain) • AAI on worker nodes (Steffen) • AAI on storage systems (Maarten Litmaath) • Usability versus security (Von Welch) • Federated Identity (Dave K) Security, Kelsey

  4. WLCG Security Risks • Risk Management • key aspect of security • Identify assets to be protected • Evaluate different threats • Prioritise and focus efforts • An ongoing process • Needs regular review Security, Kelsey

  5. Security incident & auditing • Must understand what happened • To prevent it happening again • Tocontain its impact • But keep services running • Traceability is essential for this • To protect against misused credentials • And keep services running • Response commensurate with problem Security, Kelsey

  6. Assets – to be protected Security, Kelsey

  7. Security threats Security, Kelsey

  8. Risk evaluation Security, Kelsey

  9. Risks (1) Security, Kelsey

  10. Risks (2) Security, Kelsey

  11. Mitigation • e.g. Misused identities • Compromised identitiesonce detected must be blocked and access to resources blocked too • Time is of the essence • A central blocking service is essential • Too many distributed services to rely on localblocking Security, Kelsey

  12. Security on WNs • 3 parts • Security of the pilot job • Security of the user jobs • Traceability & accountability • 5 requirements • Reduce pilot job credential to minimum • Protect the pilot job • Mutually isolate user jobs • Provide minimal credential for user job • Prove a job’s authenticity and log it before execution Security, Kelsey

  13. Pilots - protecion & isolation • Different options • Virtualisation • ID switching (gLExec, sudo) • SELinux • More? (Linux Containers?) • Only serious option – in short term • ID switching with gLExec • 4 LHC expts(getting) ready for this Security, Kelsey

  14. Beyond short term - WNs • Can we developa more secure proxy/delegation system • Current proxies are too powerful • No restrictions • (Often) too long-lived • Not secure – proxy can be exposed • Transfer of user proxy with pilot job does not tie user to the job Security, Kelsey

  15. Security: Storage & data access • Data protection issues • Do all types of data need same security? • Confidentiality – data one VO not readable by another VO • But data transferred over insecure channels • Access traceability (security and performance) • Information leakage (e.g. filenames) • Accidental commands • Malicious attacks • For insiders reduce privs • Require 2 users for bulk delete? Security, Kelsey

  16. Usability vs Security • Usability – key factor for security • Identified a number of issues • And recommendations • Issues for Users • Credential management • Proxy storage on complex systems • Lack of web authentication • Lack of internationlisation Security, Kelsey

  17. Usability – admins/ops • Managing revocation • Expired hosts and service certs • Managing authorisation policies • Client AuthZ of services • Inconsistent user banning • Mixing AuthN and AuthZ e.g. proxy • Lack of debugging and forensics • Inconsistent proxy implementations • X.509 validation overhead Security, Kelsey

  18. Usability – short term Some recommendations • Hide X.509 from end users • Easier enrolment via Federated IdM • Use of short-lived credentials • Tools for multiple credentials • Tools for service credentials • Improve revocation • Standards for logging • Usability evaluation Security, Kelsey

  19. Sec TEG Future work • Security model for WNs • More on security for storage • Usability evaluation • Identity Management (see later) Security, Kelsey

  20. EGI & GridPP risk analysis • EGI security assessment being completed now (EGI D4.4 refers) – more detailed than WLCG analysis • https://documents.egi.eu/public/ShowDocument?docid=863 • GridPPsecurity milestone • C3.11 Review GridPP Security Risk Assessment (related to EGID4.4) • August 2012 • Involve whole GridPP security team here! Security, Kelsey

  21. Federated Identity Management • Use of a digital identity credential issued by one body (typically home institute) for access to other services • Federations – common trust and policy framework • E.g. the UK Access Management Federation • For WLCG/GridPP/EGI we already use federated identities in form of X.509 PKI (IGTF) • TERENA Cert Service connects national identity federation to a CA for personal certs Security, Kelsey

  22. Federated IdM in HEP • But many other services (not just Grid) • E.g. Collaboration tools – Wikis, mail lists, webs, agenda pages, etc. • Today CERN has to manage 10s of thousands of users • eduroam is one solution (for wireless) • What about other services/federations? • Using Shibboleth, OpenID, etc Security, Kelsey

  23. Federated IdM in Research • A collaborative effort started in 2011 • Involves photon/neutron facilities, social science & humanities, high energy physics, atmospheric science, bioinformatics and fusion energy • 3 workshops to date (next one in June 2012) • https://indico.cern.ch/conferenceDisplay.py?confId=177418 • Documenting common requirements, a common vision and recommendations • To research communities, identity federations, funding bodies • An important use case for inter-federation Security, Kelsey

  24. WLCG Federated Identity • Security TEG just started on this • Very much linked to IdM for Research work • Trust is essential • not just technology • How to involve IGTF? • We need to agree a good HEP pilot project to get some experience Security, Kelsey

  25. More GridPP involvement in the WLCG Security TEG is welcome Questions? Discussion? Security, Kelsey

More Related