320 likes | 429 Vues
Security in Grid Computing. GRID COMPUTING. Three basic approaches for managing code, data and computer resource: 1. Remote Computing: (as provided by CORBA) The code of interest is at a computer-server.
E N D
GRID COMPUTING • Three basic approaches for managing code, data and computer resource: • 1. Remote Computing: (as provided by CORBA) • The code of interest is at a computer-server. • The user sends his data for processing to the computer server and gets back the results. Ref: Ch.16 : “Security, Accounting and Assurance” by Clifford Neuman
Three basic approaches: (continued) • 2. Code Shipping: (as used in ‘network computers’) • The requesting location gets the code, which is normally located on a server. • The code operates on the local data at the clients environment.
The Third approach: • 3. Proxy Computing: (as used in Legion and Globus) • Both the code and the hardware may be obtained from other parties. • Both the code and data are transferred to the compute-server and the results are made available to the user.
Requirements • Requirements: • Validation of • source and code-integrity, • the client, • the computer server, and, • The code provider.
Grid Security Traditional Security System : To protect the system, owned by one user, against attempts at unauthorized “entry” from all the other unauthorized users (supposed to be of malicious intent). GRID Security Systems : • To protect application and data from the owner/administrator of the system and • to protect local programs and data on the system on which another remote user’s process may also be getting executed • Data, Code and resources accepted after proper authentication • Integrity of data and code is required to be verified.
Security Requirements 1. AUTHENTICATION Verifying a principal’s claimed identity. Principal:- a user logged on a remote system or - a local user logged on the server or - the server itself Two - step process: - User Name - Password (check: - something you know (common) - Something you have - Something you are - what you do (key-stroke patterns) - where you are )
Security Requirements (cont’d) GRID: Mutual authentication required for user and service provider. (The resources and data being provided by a server could be provided by an attacker.) Data origin authentication : To determine whether a program was modified or sent by an attacker to compromise the server. Data origin authentication : does not inform the data was recently sent by the principal. Delegation of Identity : When an application or a process is authorized to assume the identity of a different principal.
Security Requirements : Authorization 2. AUTHORIZATION : Authentication is used for granting authorization. Authorization is based on • the successful authentication of a principal and • the information available with the server. The information is the Access Control List for a file/directory/service. Example : - Authorization for accessing a file in a digital library. - Authorization for reserving bandwidth on a network by using RSVP(Resource Reservation Protocol). - Authorization to run a task on a given node. Access Control Lists may also contain - Names of authorized programs - Checksums of authorized programs - Names of principals authorized to invoke the program.
Security Requirements : Authorization (cont’d) Delegation of Authority : by a user or a process authorized to perform an operation to another process. Delegation of Authority vs Delegation of Identity : DA is more restrictive than DI. Important for running tasks on remote nodes since the tasks may have to be given the authority to read/write data on entities across the network. Example : A Resource Manager may allocate a node to a task. It delegates to the task’s initiator the authority to use the node.
Security Requirements : Assurance 3. ASSURANCE/Accreditation : Authorization So that the service provider may decide whether to perform the job of the requester of the service. Assurance So that the requester of the service may decide whether the service provider/node satisfies his needs for security, reliability etc. Example : If the service provided is a software package : A Resource Manager has to verify assurance credentials of the programbefore it is run.
Security Requirements : Accounting 4. ACCOUNTING : Grid requires distributed accounting servers and the systems should be scalable beyond organizational boundaries. Scenario of Excess Processing Power : equitable distribution of load/earnings. Scenario of Excess Processing Loads : equitable decision about which jobs to run. cost ? in cash/barter ?
Security Requirements : Audit and Integrity & Confidentiality 5. AUDIT : Audit function records • the operations performed by each system on the grid ; • the principal for whom the operation was performed etc. This is to analyze failures, security breaches, intrusions. To detect Network attacks, audit function should be distributed. Or audit records sent to a central location for each organization. And summary information shared across network boundaries. 6.Integrity and confidentiality of program and data sent from one node to another.
Security Requirements : Comments Authentication Authorization Integrity Are Mandatory Others may be needed for some applications/ environments. Basically Authentication establishes who you are. Authorization establishes what you can do. In Grid applications, the User is also to be protected from Interference by others. The needs of the user would depend upon his application.
Technologies : Cryptography symmetric asymmetric – public/private key system Comparison : Asymmetric systems require the generation of only one key-pair for every user, Symmetric system requires the generation of a key for every pair of users. Thus the number of keys required for a symmetric key system is n(n-1)/2, where is it is 2n for asymmetric case. (for n >= 6, the number of keys for symmetric system is more than that for an asymmetric system.)
Cryptographic Systems: Performance Performance : Asymmetric systems are much slower than the corresponding symmetric systems. Example (page 402, 1999 book) : RSA, with a common key size of 512 to 1024 bits, may take 100 ms or longer on PC’s. Problem of Certifying Authority/Trusted Third Party.
Technologies: (Cont’d) Application: Authentication Systems : -ASSERTION-based : for systems where processors and their associated software is trusted to identify users to other process. and where messages are protected from modification by adversaries. -Password-based : PW cannot be sent on a network. Use PW as an encryption key
Encryption: Applications Encryption used for - confidentiality of data - integrity of data (message digest/check sum) - authentication Certification for Authentication : provides the binding between - an Encryption key and - the authenticated identity X.509 used by – browsers - commercial e-mail - PK products based electronic payment systems.
Distributed Authorization & Assurance Hierarchical organization of CA’s Certification is also required for authenticity of authorization (PRIVILEGE ATTRIBUTE CERT) authenticity of assurance (CREDENTIALS CERT) To an authorization for an operation may be added restrictions and conditionalities. ALTERNATIVE : Authorization information may be provided by an authorization Server directly to the Service Provider. Integrity of communication between the Authorization Server and the Service Provider?
Accounting BILLING – requires authentication of user. - requires to know the constraints on authorization for levying charges correctly. Limits : - Limits on Resource Use by a User - Limits on use of the Resource – set by a Service Provider. may require co-ordination/some element of centralization even when accounting is distributed. Intrusion Detection & Audit Systems
CURRENT PRACTICES USE IN GRID SECURITY
Current Practices • File & e-mail encryption Technologies • Pretty Good Privacy • S/MIME • Transport Layer technologies/ Web Access Technologies • Secure Socket Layer • Network Encryption Technologies • IP sec used for implementing VPNs can use • Kerberos, • public key system or • symmetric keys- known to the two hosts
Current Security Practices… continued • Authentication Technologies • Kerberos • PK certificates • Assurance technologies • Microsoft Authenticode • Proposals : • Mechanism for issuing Credentials • Platform for Content Selection (PICS) • Confinement Technologies
Distributed Authorization Mechanism • Authorization: group information or authorization to perform certain operations OSF-DCE (Open Software Foundation’s Distributed Computing Environment) • Comprehensive frameworks for Authorization have become available; required to be designed, implemented and tested before rolling out on the grid
Distributed Authorization Mechanism …. contd • Authorization information can be sent to the Service Provider – - directly through restricted Credentials, or - through adding authorization information to certificates
Security at Transport layer • At transport layer, addition of security mechanism can provide • Authentication • Confidentiality • Integrity Security can be adapted to the requirements of communication. Example: for a multi-processor system communication, no encryption may be required. Authorization can be decided only after interrogating the application.
Distributed Authorization Mechanism …continued • Performance Issues: Authentication may be required only once. Authorization and delegation of authorization may be required many times during the execution of a job. PK based systems, like the certificates, may become a bottleneck.
Current Security Practices… continued • IPSec and VPNs • Firewalls: Open channel grid connected to others through a public network through encrypted message flow
Grid Practices 1. Grids use technologies similar to the ones used in PGP. • Procedure • Compute a Message Digest function over the message • Encrypt the message – Symmetric key • Encrypt the message Digest and Symmetric key by using the public key-system • Confidentiality – Use recipient’s public key. • Integrity (Digital Signature) – Use Sender’s private key In PGP, any user can certify another user’s certificate. The verifier decides whether he would accept the certificate or not. Grid: a more formal process
Grid Practices … continued 2. SSL is normally used in web browsers to authenticate the server. User: authenticated by password(over a secure channel) • In grid applications, the user certificate can be used to authenticate user. • To improve performance SSL may be permitted to cache symmetric keys The cached keys: To be used for subsequent connections between the server and the user for connections between the same entities.
Grid Practices … continued 3. Kerberos: Suitable for systems which require frequent authentication • Better performance than that of systems based on public-key cryptography • Can be integrated easily with ‘Intrusion Detection and Authorization systems. (due to its centralized nature) PKINIT extension to Kerberos
Grid Practices … continued • Disadvantage: A trusted on-line key Distribution Center (KDC) • Each pair of communicating entities have to go to KDC • 4.Others: Netcheque for distributed accounting