1 / 19

Securing Grid-Based Supply Chains

Securing Grid-Based Supply Chains. Marco Di Girolamo HP Italy Innovation Center, Italy On behalf of the GridTrust Consortium EGEE Conference 2008, Business Track, Istanbul, September 23 rd , 2008. GridTrust Vision. VOs operated over Service-Oriented Architectures

sawyer-jefferson
Télécharger la présentation

Securing Grid-Based Supply Chains

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing Grid-Based Supply Chains Marco Di Girolamo HP Italy Innovation Center, Italy On behalf of the GridTrust Consortium EGEE Conference 2008, Business Track, Istanbul, September 23rd, 2008 Trust and Security for Next Generation Grids, www.gridtrust.eu

  2. GridTrust Vision • VOs operated over Service-Oriented Architectures • Trust handled through security and reputation management • “Continuous Usage Control” concept permeating design and operation of VOs: • Continuous Usage Control expressed at level of security requirements • VOs managed by policies derived from security requirements • Security policies enforced by means of GridTrust services • Reputation monitoring and dynamic update Trust and Security for Next Generation Grids, www.gridtrust.eu

  3. NGG Architecture GRID Application Layer GRID Service Middleware Layer GridTrust GRID Foundation Middleware Layer Network Operating System GridTrust: Objectives andExpected Results • General Objective: definition and management of security and trust in dynamic Virtual Organizations • Improve Access Control – Authorization • Introduce usage control for Grids • Expected results – “framework” composed of: • Tools for reasoning about security at all levels of the NGG architecture • A reference security architecture for Grids • Including UCON authorization service, secure-aware broker, reputation management service, among others • An open source reference implementation of the architecture, validated by several innovative businessscenarios. Trust and Security for Next Generation Grids, www.gridtrust.eu

  4. Project Partners 5 countries 4 companies 3 researchinstitutes 1 university Duration: 3 years (06/2006-05/2009) Global budget: 3 856 135 euros CETIC budget: 540 697 euros Trust and Security for Next Generation Grids, www.gridtrust.eu

  5. A Grid-Based Transportation Supply Chain • Scenario • Context is logistics services: • Moving customers’ goods from one place to another • Competitive driving factors: • Delivery time • Service price • Gap to bridge - transporter’s side : • Only big service providers can afford optimization tools (scale reasons) • Availability of optimization services could foster market competition (SME inclusion) • Gap to bridge - customer’s side: • Wanting to find the best transporter for each transportation task Trust and Security for Next Generation Grids, www.gridtrust.eu

  6. The business case • Solution pillars: • Use of an auctioning system, • Exploit competition between transporters • Allow customers to find the best provider for each task • Use of route computing services, • Computational services providing maps and libraries to execute applications solving the logistic optimization problem • Enable small transporters to perform routing optimization • Hosted on GRID resources! Trust and Security for Next Generation Grids, www.gridtrust.eu

  7. VBE Manager service provider provider VBE VO user VO Manager VO Owner The business case – VO model The VBE model • Association of organizations adhering to common operating principles and infrastructure • Main objective: participating in potential VOs. • Organizations participating to a VO are selected from the VBE Trust and Security for Next Generation Grids, www.gridtrust.eu

  8. Auction based supply chain • Fist-Price Sealed-Bid reverse auction model • Producers (auction proponents) produce RfQs for transportation tasks • Transporters can recalculate routing exploiting routing computational services running on GRID resources • Offer selection based on customer requirements: time, price, transporter’s reputation • Producers create a Delivery VO (auction and delivery management) • Transporters create Routing VOs to compute best routes for answering the auction Trust and Security for Next Generation Grids, www.gridtrust.eu

  9. Computational problem overview • Find a set of NV vehicle routes, originating from and terminating at the depot, such that • Each vehicle services one route • Each vertex vi i=1..N is visited only once • Quantity of goods on each vehicle never exceeds its capacity C • Start time of each route is >= r0 • End time of each route is <= d0 • Time of beginning of service at vertex i is >= ri (ready time) • If arrival time ti at vertex i is < ri then the vehicle waits for a waiting time wi= (ri - ti) • Time of ending of service at vertex i is <= di (due date) • VRPTW: Vehicle Routing Problem with Time Windows • Usually algorithms minimize NV and then the total distance TD Trust and Security for Next Generation Grids, www.gridtrust.eu

  10. Securing the Grid-Based Supply Chain • Objective • Identify security challenges presented by Grid-based supply chain • Define security components helping to solve such challenges • Methodology • Perform a security analysis to define security requirements for the application, using a goal-oriented requirements-engineering methodology • Identify and develop architecture components that could contribute to meet the main identified security challenges. • Evaluate how the architecture helps in solving security challenges Trust and Security for Next Generation Grids, www.gridtrust.eu

  11. Security Issues in the Transportation Supply Chain • Auction: • Secure identification of auction participants • Secrecy of offers at least until auction closure • Data integrity and non-repudiation of both offers and RfQs • Routing services: • Execution of unknown applications on behalf of potentially unknown or untrusted users • Need to prevent these applications from • performing bad actions • stealing valuable data • gaining unauthorized accesses • Reputation combined with security to increase trust • Transporters’ reputation measured based on their compliancy with global and local security policies defined for Grid resources Trust and Security for Next Generation Grids, www.gridtrust.eu

  12. Security-Aware Resource Broker Service VO Management Service Reputation Management Service UCON Service Policy and Profile Manager Service GridTrust Services Securing the Supply Chain Trust and Security for Next Generation Grids, www.gridtrust.eu

  13. VO Management Service • The VO manager is responsible for setting up, operating and terminating the VO • The VO membership manager service is responsible for managing the different members of the VO and their users • The workflow management service is responsible for transforming job requests into workflows that are then managed • The global VO policies apply to all VO members and describe their correct behaviour during the lifetime of the VO GRID Service Middleware Layer Trust and Security for Next Generation Grids, www.gridtrust.eu

  14. Reputation Management Service • Collect, distribute and aggregate feedbacks about entities' behaviour in a particular context in order to produce a rating about the entities • Entities could be either users, resources / services, service providers or VOs • The reputation service is based on ideas of utility computing • It can be used in both centralised and distributed settings • Using reputation with security • Maintaining users’ reputation according to their usage of resources GRID Service Middleware Layer Trust and Security for Next Generation Grids, www.gridtrust.eu

  15. Usage Control Service • Enforcement of Usage Control policies at both VO level and computational (node) level • Building Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) for POLPA and XACML languages • Monitor the actions executed on behalf of the grid users and enforce a UCON security policy • VO level • Global VO policies • Service level • The policy describes behaviour of the user in the local service invocation • Computational level • The policy consists of a highly detailed description of the correct behaviour of the application being executed • Only the applications whose behaviour is consistent with the security policy are executed on the computational resource GRID Service Middleware Layer GRID Foundation Middleware Layer Trust and Security for Next Generation Grids, www.gridtrust.eu

  16. GRID Service Middleware Layer GRID Foundation Middleware Layer Secure–Aware Resource Broker Service • Integrate access control with resource/service scheduling • Both resource owners and users define their resource access and usage policies • The resource broker schedules a user request only within the set of resources whose policies match the user credentials (and vice-versa) • Support of UCON at VO level • Scalability and efficiency Trust and Security for Next Generation Grids, www.gridtrust.eu

  17. GRID Service Middleware Layer GRID Foundation Middleware Layer Policy and Profile Manager Service • The policy manager is responsible for managing policies at the global (VO level) and local levels (node level) • The profile manager is responsible for managing profiles. Profiles allow users to specify personal default values Trust and Security for Next Generation Grids, www.gridtrust.eu

  18. Conclusions • Grid-based supply chains can be secured by associating them with trust and security management services • The solution proposed, called GridTrust Security Framework (GSF), incorporates these services in a manner that is • Interoperable: we are re-using an existing Grid infrastructure (Globus middleware) • Our system components are interoperable with other Globus-based components • Security-aware: the proposed design tackles security issues potentially arising in any Grid-based system • The security requirements were elicited using a requirements-engineering methodology that has been tailored for Grid systems Trust and Security for Next Generation Grids, www.gridtrust.eu

  19. More Information • Visit us at http://www.gridtrust.eu Thanks! Trust and Security for Next Generation Grids, www.gridtrust.eu

More Related