180 likes | 340 Views
SESEC. Storage Element (In)Security hepsysman, RAL 0-1 July 2009 Jens Jensen. What is an SE. Control interface – SRM via SOAP via HTTPG Information interface – GLUE via BDII GridFTP. Basics. Using X.509 certificates for AuC GSI = Globus Security Infrastructure
E N D
SESEC Storage Element (In)Security hepsysman, RAL 0-1 July 2009 Jens Jensen
What is an SE • Control interface – SRM via SOAP via HTTPG • Information interface – GLUE via BDII • GridFTP
Basics • Using X.509 certificates for AuC • GSI = Globus Security Infrastructure • HTTPG = HTTPS over GSI socket • GSI adds support for delegation • Delegation = of identity, proxy (cf RFC3820)
Basics – Data Transfer • GridFTP – FTP with Grid extensions, uses GSI • Control channel always authenticated and encrypted • Data channel sometimes not authenticated • Data channel usually not encrypted
Basics – Data Transfer • Local protocols • RFIO and DCAP have secure versions • DPM uses secure RFIO by default • dCache uses insecure DCAP by default • secure xroot…?
Architecture User (UI) Service Discovery Information Publisher Database SRM Head Node data transfer Not secure Secure pool to pool transfer (maybe) Sometimes secure Disk pool
Architecture User (UI) A B
Authorisation • Typically, people are mapped to Unix accounts • Direct mapping DNuid,gid • Pool account mapping DN{uid},gid • Map by FQAN (sometimes) • Need consistency – SRM, GridFTP, local protocols
Authorisation • GridMap – you only map to 1st entry • New DN needed for second VO • Unix mapping – coarse grained ACL • (Usually) • Learn how to set ACLs correctly! (Friday)
Higher Security at Higher Level • See EGEE biomed use cases • Goes waaaay back to EDG • Storing keys in Hydra • Encrypted data in SEs
Logging • Use toolkit for DPM (see Friday’s talk) • SSSCs • Storage Security Service Challenges • Get Mingchao to organise one
Availability • Grid is sometimes not very resilient… • DoS attacks possible • Most likely unintentional… • Cf. banning/unbanning user discussion • Cf. reporting who-used-all-our-space to VO
Accounting • Less a security issue • Until people start paying for their allocations… • (cf Alice’s accounting system)
Firewalls • Can’t inspect HTTPS (or G) packets • SOAPful firewalls proposed • Not necessarily a good idea…? • PASV available for GridFTP
Performance Root CA Root CA “Easy” public exponents, eg 0x11 or 0x10001 eSc CA eSc CA 2048 bits only make things slower… CA certs MUST be 2048 though Host User Server validates client’s id Client validates server’s Proxy(ies)
Performance • For SRM, lots of ways to improve performance • There can be (many) other bottlenecks • The case for insecurity • RFIO or DCAP without GSI security • RFIO using UID for AuC (16 bit…)
Standards • …are important! • Certificates – X.509, PKIX, IGTF • SSL/TLS GSI • gLite delegation API • Standard proxies (or not) – RFC 3820
What we don’t do(that others (sometimes) do (with storage)) • Access control policies • Fine grained access control • SAML • “Normal” user access, browser, password,