140 likes | 246 Views
Security, Accounting, and Assurance. Mahdi N. Bojnordi 2004 mnbojnordi@yahoo.com. Overview. Requirements What is expected from grids nowadays? Technologies Which are developed to provide the security. Current Practice Existing implementation of security services. Future Directions
E N D
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004 mnbojnordi@yahoo.com
Overview • Requirements • What is expected from grids nowadays? • Technologies • Which are developed to provide the security. • Current Practice • Existing implementation of security services. • Future Directions • What is met by existing technologies insufficiently?
Requirements • Authentication • The process of verifying the identity of a participant. • A verified entity called principal (e.g. user logged into system). • Authority to use delegation of identity. • Authorization • The process determining whether a particular operation is allowed. • Supporting delegation of authority.
Requirements (cont’d) • Assurance • A form of authorization validating the authority of service provider (i.e. accreditation). • Allow the requester to decide whether a system is secure, reliable, etc. • Accounting • A means to manage the quotas.
Requirements (cont’d) • Audit • Records what have been performed by a system on behalf of a principal. • Integrity and Confidentiality • Correct functioning of applications on the network. • Optional Security Services • Is all the described requirements needed for our system?
Technologies • Cryptography • The most basic technology for distributed system security. System is conditioned on secrecy of key. • Symmetric & Asymmetric methods
Technologies (cont’d) • Authentication • There is several authentication methods including assertion, passwords, encryption-based protocols. • Certification • Provides binding between a particular key and a principal. • This binding certified by a Certification Authority.
Technologies (cont’d) • Distributed Authorization & Assurance • Privilege attribute certificates or assurance credentials. • Accounting • Distributed database • Intrusion Detection & Auditing • www.cert.org/archive/pdf/IEEE_IDS.pdf
Current Practice • File Encryption, Email, and Public-Key Auth. • Pretty Good Privacy (PGP) • http://www.pgp.com • http://www.davidyaw.com/crypto/PGP.pdf • http://www.pgpi.org/cgi/download.cgi?filename=pgpsrc658win32.zip • Secure Sockets Layer & Transaction-Level Sec. • Embedded in most Web browser
Current Practice (cont’d) • Kerberos
Current Practice (cont’d) • IPSec, IPv6, and Virtual Private Networks • Disabling sniffers • Firewalls • A barrier at the boundary
Future Directions • Group Communication • Better ways needed • Distributed Accounting • NetCheque