1 / 29

Grid Security

Grid Security. Steve Tuecke Argonne National Laboratory. Overview. The Grid Concept Community Authorization Implementation Approach. The Grid Concept. Grid Computing.

lynner
Télécharger la présentation

Grid Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Grid Security Steve Tuecke Argonne National Laboratory

  2. Overview • The Grid Concept • Community Authorization • Implementation Approach

  3. The Grid Concept

  4. Grid Computing • Enable communities (“virtual organizations”) to share geographically distributed resources as they pursue common goals—in the absence of central control, omniscience, trust relationships • Via investigations of • New applications that become possible when resources can be shared in a coordinated way • Protocols, algorithms, persistent infrastructure to facilitate sharing

  5. http:// Web: Uniform access to HTML documents http:// Software catalogs Computers Sensor nets Colleagues Data archives The Grid: The Web on Steroids Grid: Flexible, high-perf access to all significant resources On-demand creation of powerful virtual computing systems

  6. Grid Communities and Applications:NSF National Technology Grid

  7. Grid Communities & Applications:Online Instrumentation Advanced Photon Source wide-area dissemination desktop & VR clients with shared controls real-time collection archival storage tomographic reconstruction DOE X-ray grand challenge: ANL, USC/ISI, NIST, U.Chicago

  8. Grid Communities and Applications:Mathematicians Solve NUG30 • Community=an informal collaboration of mathematicians and computer scientists • Condor-G delivers 3.46E8 CPU seconds in 7 days (peak 1009 processors) in U.S. and Italy (8 sites) • Solves NUG30 quadratic assignment problem • 14,5,28,24,1,3,16,15, • 10,9,21,2,4,29,25,22, • 13,26,17,30,6,20,19, • 8,18,7,27,12,11,23 MetaNEOS: Argonne, Iowa, Northwestern, Wisconsin

  9. Grid Communities and Applications:Network for Earthquake Eng. Simulation • NEESgrid: national infrastructure to couple earthquake engineers with experimental facilities, databases, computers, & each other • On-demand access to experiments, data streams, computing, archives, collaboration NEESgrid: Argonne, Michigan, NCSA, UIUC, USC

  10. ~PBytes/sec ~100 MBytes/sec Offline Processor Farm ~20 TIPS There is a “bunch crossing” every 25 nsecs. There are 100 “triggers” per second Each triggered event is ~1 MByte in size ~100 MBytes/sec Online System Tier 0 CERN Computer Centre ~622 Mbits/sec or Air Freight (deprecated) Tier 1 FermiLab ~4 TIPS France Regional Centre Germany Regional Centre Italy Regional Centre ~622 Mbits/sec Tier 2 Tier2 Centre ~1 TIPS Caltech ~1 TIPS Tier2 Centre ~1 TIPS Tier2 Centre ~1 TIPS Tier2 Centre ~1 TIPS HPSS HPSS HPSS HPSS HPSS ~622 Mbits/sec Institute ~0.25TIPS Institute Institute Institute Physics data cache ~1 MBytes/sec 1 TIPS is approximately 25,000 SpecInt95 equivalents Physicists work on analysis “channels”. Each institute will have ~10 physicists working on one or more channels; data for these channels should be cached by the institute server Pentium II 300 MHz Pentium II 300 MHz Pentium II 300 MHz Pentium II 300 MHz Tier 4 Physicist workstations Grid Communities & Applications:Data Grids for High Energy Physics Image courtesy Harvey Newman, Caltech

  11. Grid Communities and Applications:Home Computers Evaluate AIDS Drugs • Community = • 1000s of home computer users • Philanthropic computing vendor (Entropia) • Research group (Scripps) • Common goal= advance AIDS research

  12. Broader Context • “Grid Computing” has much in common with major industrial thrusts • Business-to-business, Peer-to-peer, Application Service Providers, Internet Computing, … • Distinguished primarily by more sophisticated sharing modalities • E.g., “run program X at site Y subject to community policy P, providing access to data at Z according to policy Q” • Secondarily by unique demands of advanced & high-performance systems

  13. The Globus Project • Started in 1995 (I-WAY software) • Globus R&D • Definition of Grid architecture • Grid protocols, services, APIs • Security, resource mgmt, data access, information, communication, etc. • Development of Globus Toolkit • Large user base among tool developers & in production Grids • Open source • Numerous application projects • Outreach & leadership

  14. More Details • www.globus.org • “The Anatomy of the Grid: Enabling Scalable Virtual Organizations” • Foster, Kesselman, Tuecke • www.globus.org/research/papers/anatomy.pdf

  15. Community Authorization

  16. Community Properties • 100s of resource providers, 1000s of users • N users from many institutions, worldwide • M independent resource providers which contribute resources to one or more communities • How to avoid N X M trust relationships? • Resource providers grant/sell to communities • Grant bulk access to community • Community representative handles fine grained authorization and prioritization within bulk grants • Users may combine community resources with own resources to solve problems • Various services carrying out requests of users

  17. Capability Based Solution • A community service & administrator, which: • Maintains user membership to the community. • Maintains resource service agreements to community. • Maintains access control database, granting users access to (part of) resources, based on community policies and priorities. • May employ groups, roles, etc. • Issues capabilities to community members (users) to grant them access to resources. • User presents capability directly to resource to claim service. • AAAArch “push” model

  18. Community Authorization (1) Community Authorization Service Site A Resources User 1 1: Obtain capability for service User 2 Site B Resources 2: Request service User N Site M Resources

  19. Community Authorization (2) Community Authorization Service Site A Resources User 1 2: Obtain capability for services, on behalf of user 2 User 2 Site B Resources 1: Delegate user proxy Request Manager 3: Request services User N Site M Resources

  20. Community Authorization (3) Community Authorization Service Site A Resources User 1 2: Obtain capabilities for services, on behalf of user 2 User 2 Site B Resources Request Planner 1: Delegate user proxy 3: Delegate capabilities User N 4: Request services Site M Resources Task Manager

  21. Implementation Approach

  22. Grid Security Infrastructure (GSI) • Authentication and message protection • Extensions to existing standard protocols & APIs • Standards: SSL/TLS, X.509, GSS-API • Extensions for single sign-on and delegation • Internet X.509 PKI Impersonation Proxy Certificate Profile • TLS Delegation Protocol • Globus Toolkit reference implementation of GSI • OpenSSL + GSS-API + delegation • Tools and services to interface to local security • Simple ACLs; SSLK5 & PKINIT for access to K5, AFS, etc. • Tools for credential management • Login, logout, cert request, smartcards, cred repository, etc.

  23. X.509 Proxy Certificate Overview • To support single sign-on and delegation • Proxy Certificate (PC) is signed by End Entity Certificate (EEC) or another Proxy Certificate • We are NOT using an EEC to as if it were a CA • CA performs two functions: 1) Assigns a name (or identity), and 2) Binds the name to the a key. • PC only does #2. It binds the name to an proxy key. • PC inherits its name from its signing EEC • Subject name used for two purposes: 1) Path discovery & validation, and 2) To hold the assigned name. • In a PC, the subject is used only for #1, path discovery • “TLS Delegation Protocol” draft defines how to create a remote Proxy Certificate

  24. Features Of This Approach • Ease of integration • Requires only a small change to path validation • SSL/TLS requires no protocol change to use PC • Authorization based on identity still works • Ease of use • Enables single sign-on & credential repositories • Protection of EEC private key • Single sign-on & delegation w/o sharing EEC keys • Limits consequences of a compromised key • Can restrict PC (e.g. lifetime, uses, etc.) • Compromised PC does not compromise EEC

  25. Implementation Status • Globus Toolkit’s Grid Security Infrastructure (GSI) has used similar approach for ~4 years • GSI = GSS-API + X.509 + PC + SSL + delegation • Integrated into numerous “Grid” tools (C & Java) • Globus Toolkit, Condor, SRB, MPI, ssh/SecureCRT, FTP, etc. • Adopted by 100s of sites, 1000s of users • NCSA, NPACI, NASA IPG, DOE Science Grid, European Datagrid, GriPhyN (Phyics Grids), NEESgrid (Earthquake Engineering Grid) • Global Grid Forum & IETF effort to move GSI forward through cleanup, better integration with standards, technical specifications, etc. • http://www.gridforum.org/security/gsi

  26. Capabilities • By extending a Proxy Certificate to hold a restriction policy, one can build a form of capability • Currently, the holder of a user’s proxy credential allows that holder to impersonate the user, to access any resources available to the user • But can extend the proxy credential to contain a restriction policy • E.g. “Holder of this proxy can only start a process on resource X, and read user’s file Y.”

  27. Community Authorization Service • CAS has its own identity certificate • It is this CAS identity that is known to resources • User authenticates with CAS using user’s identity certificates (or proxy of identity certificate) • User requests access to a community resource(s) • CAS delegates back to user a restricted proxy credential from the CAS identity credential • User authenticates with resource using this CAS identity

  28. Resource Checking of Capability • Authentication from client is with the CAS identity • Resource sees the “community” identity • Though an X.509 extension in the capability may include user’s identity, etc. for audit purposes • Resource maps CAS identity to local account and privileges • E.g. A Unix account, with a given file system quota • Different communities map to different accounts • For each request, resource evaluates the request against the policy contained in the CAS restricted proxy certificate that was used to authenticate.

  29. Accounting • CAS inserts GUID into capability, which is used for: • Accounting: Resources can log consumption using this GUID. CAS can recombine with log of issued capabilities to reconstruct full accounting info. • Requires protocol for propagation of accounting info • Usage enforcement: Restriction policy in capability may include usage constraints. Resource can track and enforce such constraints using the GUID, including across multiple requests using the same capability.

More Related