1 / 25

Security Requirements Analysis for Large-scale Distributed Systems

Security Requirements Analysis for Large-scale Distributed Systems. Syed Naqvi 1 , Olivier Poitou 1 , Philippe Massonet 1 , Alvaro Arenas 2 1 Centre of Excellence in Information and Communication Technologies (CETIC) {syed.naqvi, olivier.poitou, philippe.massonet}@cetic.be

duard
Télécharger la présentation

Security Requirements Analysis for Large-scale Distributed Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Requirements Analysis for Large-scale Distributed Systems Syed Naqvi1, Olivier Poitou1, Philippe Massonet1, Alvaro Arenas2 1Centre of Excellence in Information and Communication Technologies (CETIC) {syed.naqvi, olivier.poitou, philippe.massonet}@cetic.be 2CCLRC Rutherford Appleton Laboratory a.e.arenas@rl.ac.uk

  2. Outline • Introduction • Grid Security Requirements • Solutions for these Requirements • Conclusions European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  3. Outline • Introduction • Grid Security Requirements • Solutions for these Requirements • Conclusions European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  4. Functional View of Grid Data Management taken from www.twgrid.org Application Location based on data attributes MetadataService Planner: Data location, Replica selection, Selection of compute and storage nodes Replica Location Service Location of one or more physical replicas Information Services State of grid resources, performance measurements and predictions Security and Policy Executor: Initiates data transfers and computations Data Movement Data Access Compute Resources Storage Resources European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  5. FileStamp – Distributed File System • Decentralized multi-writer file system • Based on a Peer-to-Peer technology • Self managing data storage location European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  6. FileStamp Architecture European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  7. File Redundancy • Dynamic replica regeneration European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  8. FileStamp – File Transfer • BitTorrent Technology • Moreover transfers can be interrupted and restarted from the last transferred bytes European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  9. Outline • Introduction • Grid Security Requirements • Solutions for these Requirements • Conclusions European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  10. Generic Requirements • Authentication • Each party establishes a level of trust in the identity of the other party • Authentication protocol sets up a secure communication channel between the authenticated parties • Authorization • Allows access to resources based on policies attached to each service. • VOs introduce challenging management & policy issues • Complex relationships between local site policies and the goals of VO European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  11. Generic Requirements • Availability • Legitimate users have access when they need it • Replication: well-known technique for improving availability in distributed systems • Total network load is also decreased if replicas & requests are reasonably distributed • Confidentiality • Assures that information does not reach unauthorized individuals, entities, or processes. • Achievable by a mechanism for ensuring access control • Confidentiality requirements include point-to-point transport as well as store-and-forward mechanisms. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  12. Generic Requirements • Integrity • Assurance that information can only be accessed or modi-fied by those authorized to do so. • Nontrivial problem • especially when storage hardware and networks are not perfect • Traceability • Mechanism of observing the various actions taken by the different actors • Used to develop audit trails • Events are recorded in log files • Can be used to determine the responsibility of incidents European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  13. Specific Requirements • Resilience • Provides an abstraction layer to hide the architectural changes from the overall security architecture • Security architecture should remain intact and should deliver the promised level of security even if its composition changes over time. • Grid links and nodes are very dynamic in nature and may change over the time. • Data Lifecycle Management (DLM) • Lifecycle is the time from the moment data is created until it is deleted or stored indefinitely. • Security assurances require spanning the entire lifecycle of data. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  14. Specific Requirements • Fault-tolerance • Highly desirable feature especially for large data files transfer. • Overlay networks provide caching of transfers. • But caching reduces performance of the overall data transfer. • Amount of data that can be cached is dependent on the storage policies at the intermediate network points. • The caching and other techniques do not consider security parameters • Appropriate negotiations protocol is indispensable to negotiate the terms and conditions of security before moving or (temporarily) storing data. • Negotiations process should not take its toll on the system’s performance. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  15. Outline • Introduction • Grid Security Requirements • Solutions for these Requirements • Conclusions European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  16. Authentication • Current authentication mechanism • File owner issues a certificate for the write access to the file. • Authentication of the certificate is performed by the DHT (Distributed Hash Table) nodes and FS (File System) clients. • Both signatures are verified when storing/ retrieving a UCB (User Certificate Block) • This certificate has some major problems: • It always gives write permission even if the user only requires read permission. • It’s format is not standardized! • It renders compatibility problem with existing standard credentials (X.509, Kerberos, etc.) European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  17. Version Serial Number Signature Algorithm Issuer Name x509 v3 Bodypart Validity X.509 version 3 Subject Name Certificate Signature Algorithm Subject Public Key Signature of CA Issuer Unique ID (v2) Subject unique ID (v2) Extensions (v3) Digital Signature Authentication European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  18. Authorization • FileStamp employ local mapping of the user • Like UNIX authorization matrix • The mapping serves as an access control check • Access to the resource is denied if the user is not listed in the local mapping configuration • local policy management and enforcement mechanisms constrain the user’s actions to those allowed by local policy • Easy for site administrators to understand and configure • Shortcomings: scalability, lack of expressiveness, consistency of policies European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  19. Policy statement Community Signature Authorization (through CAS) CAS Server User proxy CAS-maintained community policy database What rights does the community grant to this user? Resource Server Client What local policy applies to this user? User proxy Local policy information Policy statement Does the policy statement authorize the request? Community Signature Is this request authorized for the community? European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  20. Availability, Confidentiality, Integrity Complex but strong solution Simple yet fragile solution European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  21. Factory Negotiation create() Ops: terminate(limits) negotiate(...) ... SDEs: negotiate() Terms Status Related Agrmts. Negotiator Factory Agreement create() Ops: terminate(limits) inspect(query) ... SDEs: inspect() Terms Status Related Agrmts. Manager Factory create() Policy Application Instance foo() Consumer Provider Resilience & Fault-tolerance (through WS Agreement) • Target is to maintain an optimal number of replicas of a data set • Key issues: • Determine optimal number of replicas • How efficiently the system recognizes faulty nodes • How transparent data is migrated • FileStamp should be able to negotiate the terms of security parameters with the nodes European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  22. Data Lifecycle Management (through HSM) • VO security policy should explicitly mention the desired lifecycle of the data being managed by the FileStamp • FileStamp should indicate the stage where the data generated by the VO operations should be destroyed from the storage devices • FileStamp should also employ some secure storage management technique such as HSM (Hierarchical Storage Management) European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  23. Outline • Introduction • Grid Security Requirements • Solutions for these Requirements • Conclusions European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  24. Conclusions • Global connectivity of computing and storage resources opens up the possibility of misusing information to a degree never seen before • The objective to facilitate use of these resources by protecting them against any misuse must, however, be realistic given the current technical infrastructure • Security technologies be integrated from the inception stage rather than considering them as add-on optional features • The risk and threat pictures are always changing, and their analysis needs to be continuously updated • REMEMBER • Security is not a product – Security is a process! European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

  25. Future Work • Formalising the FileStamp Security Requirements using the KAOS methodology • Obstacle model • Extending KAOS with templates for security requirements • Deriving Security Policies from the Security Requirements • Policy Refinement • Exploiting againg features from KAOS (e.g. goal refinement) European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies

More Related