1 / 13

Enhancing SINDES: A Secure Management and Delivery System for Confidential Information

SINDES (Secure Information Delivery System) serves as a Certificate Authority (CA) that manages certificates and securely stores and delivers confidential information. While it operates effectively at CERN, serving over 8,000 hosts, it faces several weak points, including usability issues and security vulnerabilities. Notable concerns include a lack of file management features, limited target types, and inadequate user privileges. Proposed improvements focus on enhancing usability, adopting new tools, and improving security measures to ensure reliable information management and delivery. Feedback is welcome.

dian
Télécharger la présentation

Enhancing SINDES: A Secure Management and Delivery System for Confidential Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SINDESSecure INformationDElivery SystemCERN IT/CF-ASI

  2. Outline • What is SINDES • Weak points • How to improve

  3. What is SINDES • Main purpose: • CA - manage the certificates • Store & deliver confidential information

  4. SINDES – Certificate Authority • CA functionality: • Create certificates • Sign certificates • Confirm identities • Revoke certificates

  5. SINDES – Storage & delivery • Storage centre • Upload secret files • Store passwords • Deliver files in a secure way

  6. What is SINDES • Main purpose: • CA - manage the certificates • Store & deliver confidential information • Architecture based on OpenSSL x509 standard, Apache with mod_ssl and mod_rewrite • Automated certification process – client has defined time window to ask for a certificate

  7. Outline • What is SINDES • Weak points • How to improve

  8. Weak points of SINDES • Usability • No delete file feature • Only two target types: • cluster • host today also subcluster type needed • No mechanism to move a machine between clusters • No view file feature; fetch file to client only • No file versioning

  9. Weak points of SINDES • Security issues: • Only one SINDES system user • anybody with the access may tamper any file stored with SIDNES • no user information in log files • No privileges granularity

  10. Weak points of SINDES • On the one hand: • System in production serving more than 8.000 hosts at CERN • A number of crucial applications relying on SINDES CA functionality to authenticate (i.e. Lemon, CDB, CluMan) • On the other hand: • Limited functionality • Room for improvement in security aspect

  11. Outline • What is SINDES • Weak points • How to improve

  12. How to improve SINDES • Ways of improvement • Enhance the usability and security in the current version of the system • Find and adopt a new tool, keep the functionality • Freeware tools: i.e. wallet by Russ Allberyhttp://www.eyrie.org/~eagle/software/wallet/ • Write a completely new tool • We have 1 year manpower starting from the 1st October 2010

  13. Thank you We would be glad to receive any feedback from You! jan.dudziec@cern.ch

More Related