80 likes | 185 Vues
The EU DataGrid security issues for testbeds and applications. www.eu-datagrid.org Bob Jones (CERN) DataGrid Deputy Project Manager. 9.8 M Euros EU funding over 3 years 90% for middleware and applications (Physics, Earth Observation, Biomedical) 3 year phased developments & demos
E N D
The EU DataGrid security issues for testbeds and applications www.eu-datagrid.org Bob Jones (CERN)DataGrid Deputy Project Manager
9.8 M Euros EU funding over 3 years 90% for middleware and applications (Physics, Earth Observation, Biomedical) 3 year phased developments & demos Total of 21 partners Research and Academic institutes as well as industrial companies Extensions (time and funds) on the basis of first successful results: DataTAG (2002-2003) www.datatag.org CrossGrid (2002-2004) www.crossgrid.org GridStart (2002-2004) www.gridstart.org Project started on Jan. 2001 Testbed 0 (early 2001) International test bed 0 infrastructure deployed Globus 1 only - no EDG middleware Testbed 1 ( early 2002 ) First release of EU DataGrid software to defined users within the project Testbed 2 (end 2002) Builds on Testbed 1 to extend facilities of DataGrid Focus on stability Passed 2nd annual EU review Feb. 2003 Testbed 3 (2003) Advanced functionality & scalability Currently being deployed Project stops on Dec. 2003 The EU DataGrid Project
DataGrid in Numbers People >350 registered users 12 Virtual Organisations 16 Certificate Authorities >200 people trained 278 man-years of effort 100 years funded Testbeds >15 regular sites >40 sites using EDG sw >10’000s jobs submitted >1000 CPUs >15 TeraBytes disk 3 Mass Storage Systems Software 50 use cases 18 software releases Current release 1.4 >300K lines of code Scientific applications 5 Earth Obs institutes 9 bio-informatics apps 6 HEP experiments
Security Issues in EDG release 1.4 • Immaturity of grid middleware means there are still an number of important security risks • GSI based static mappings between users and accounts • LDAP servers used to manage VO membership are single points of failure and openly readable • Replica Catalog and information system (MDS & BDII) do not use the authorization scheme • Root-user access to proxies on trusted hosts • Resource Broker services requires host certificate and key readable from the account running the daemons • Possibility for replacement of binaries on Resource Broker hosts • Outward bound connectivity from worker nodes at certain sites could provide opportunity for denial of service attacks • No enforced limits or quota on usage (disk space and job submission) • Black-hole sites – bad published information can cause the resource broker to send many jobs to an ill-configured site • Debugging and development means some security restrictions are relaxed to simplify trouble-shooting
Security Requirements in DataGrid • Based on experience gathered, a security requirements document (deliverable D7.5) lists more than 100 individual requirements • Authentication (17: certificates) • Authorization (33: Virtual Organisations, access to files) • Auditing (5: logging) • Non-repudiation (3: integrity of audit logging) • Delegation (8: restricting passing of permission) • Confidentially (18: non-disclosure of information) • Integrity (4: unmodified information) • Network & Manageability (6) • Usability & Interoperability (13) • Scalability & Performance (6) http://edms.cern.ch/document/340234
Security Design in DataGrid • A Security framework has been designed taking into account the requirements (deliverable 7.6): • Authentication and Delegation • GSI/PKI/X509, CAs, etc. • Global Authorization • VO membership (VOMS) • Local Authorization • banned users, local policy (LCAS/LCMAPS) & Java security • Network Security • firewalls & ACLs, ports used by grid protocols • Accounting • economic model implemented using GSI authenticated messages between servers/clients • Confidentiality • don’t let sensitive info off-site & restrict access, use encryption • Data integrity • Use of Trusted Layer Security for data transfer https://edms.cern.ch/document/344562
Security Development • Security aspects need to be included in all layers of the middleware and integrated in all grid services • The current implementation does not cover all of the design but work is underway to integrate the framework into the following grid services • Resource Brokering • Data Management • Information Systems • Software Distribution and Installation • Fabric Management • Network features • VPNs, QoS, outward bound connectivity from worker nodes
Plans for the Future • Further developments in 2003 • Further iterative improvements to security driven by prioritized users needs • DataGrid will not address all identified security issues • Concentrating on Authorization • Participating in GGF Working Group • Prepare EDG software for future migration to Open Grid Services Architecture • Interaction with LHC Computing grid (LCG) • LCG deploys LCG-1 service in summer 2003 on 20 sites • LCG-1 service uses many software components from EDG 2.0 • New EU project • Security is an important aspect of the proposed EGEE project • Proposal for FP6 (www.cern.ch/egee) • EGEE – Enabling Grids for E-Science and industry in Europe