Download
grid security research n.
Skip this Video
Loading SlideShow in 5 Seconds..
Grid Security Research PowerPoint Presentation
Download Presentation
Grid Security Research

Grid Security Research

117 Vues Download Presentation
Télécharger la présentation

Grid Security Research

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Grid Security Research Olle Mulmo <mulmo@pdc.kth.se>

  2. No Cross- Domain Trust Trust Mismatch Cross “Certification” Issue Certification Certification Authority Authority Domain B Domain A Policy Policy Authority Authority Task Server Y Server X Sub-Domain A1 Sub-Domain B1

  3. Certification Authority Authority Policy Policy Authority Authority Sub-Domain B1 Sub-Domain A1 Domain B Task Server X Server Y Grid Solution: Virtual Organizations No Cross- Domain Trust Certification Domain A Federation Service common mechanism Virtual Organization Domain

  4. VO management • VOs today = 100s of users • DOE Science Grid, European Data Grid • Centrally kept, highly secure, repository • Databases, LDAP directories, additional software, … • Research groups today = 10s of users • Administration = pain • Current VO software too heavy-weight • Mismatch

  5. Different trust models for dynamic VOs • Look at peer-to-peer models • Sociological web-of-trust models • “Simple secret” based security model • Group creation based on invitation (One-time passwd) • Common problem: traceability • Who invited whom? • Can models above be extended? • Grid & P2P is a “hot topic”

  6. Account management • AAAccounting == accountability • Who did what at what time? • Accounting == billing • Who consumed what resources, for how long, at what price? • Distributed quota problem • 6000 CPUh == 1*6000 CPUh or 6*1000 CPUh • (Swegrid needs at least a short-term solution)

  7. Account management (cont.) • Mapping each individual into unique user account… • Doesn’t scale • Need dynamics • Existing quotas and scheduler limits must apply • Other initiatives to watch/interact with • Slashgrid (UK E-Science) • Large-site AAA (GGF) • EGEE proposal

  8. Authorization Policy • Tightly related to quota management • The “You have access” part of the“You have access to this piece of the pie” problem • Same software, different authority • Current implementations are based on group membership • Either you’re in, or you’re out • Support for expressiveness is missing • “access between 8am and 5pm” • “only if CPU load is less than 50%” • Large portion of a policy needs dynamic information from runtime context

  9. Authorization Policy (cont.) • Another Grid and OGSA “hot topic” • But emphasis on integration of old software • Opportunity to ignore and do real and relevant work • Does not need to start from scratch – may reuse an existing framework

  10. Proposed VR-IT research • Authentication and distributed file system technologies • Credential translation / mapping • Privilege inflation • Prototype implementation (AFS) • Authorization, Accounting and Policy • Develop dynamic trust models • Develop scalable models for user account mgmt • Develop expressiveness of authorization policy