1 / 45

Security Architecture for GRID Applications

Security Architecture for GRID Applications. Arnaud Contes - OASIS. Séminaire Croisé Sécurité Informatique Ubiquitaire. 1. Introduction to the GRID 2. ProActive 3. Declarative Security 4. Example. Net. 1. Introduction : Context. Single Grid. Applications. Distributed Grid.

Télécharger la présentation

Security Architecture for GRID Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Security Architecture for GRID Applications Arnaud Contes - OASIS Séminaire Croisé Sécurité Informatique Ubiquitaire 1. Introduction to the GRID 2. ProActive 3. Declarative Security 4. Example Séminaire Croisé : Sécurité Informatique Ubiquitaire

  2. Net 1. Introduction : Context Single Grid Applications Distributed Grid Séminaire Croisé : Sécurité Informatique Ubiquitaire

  3. Issues for Grid Security • Authentication of Computers, Users, and Applications • Creation, connection to, and monitoring of activities • Authentication, Integrity and Confidentiality (AIC) of communications • Hierarchical domains • Security Policies: Application, Domain • Variation in Grid network links : LAN, Wireless, VPN, Internet • Variation in deployment Séminaire Croisé : Sécurité Informatique Ubiquitaire

  4. Objectives • Goals : • Authentication of Computers, Users, and Applications • Communication authentication, privacy and integrity • Security defined at user and administrator level • Easy and adaptable configuration • Support for current middlewares features : deployment, migration, group communication, components • Ways : • Ubiquitous Security (Meta Object Protocol) • Logical Security Architecture / Abstract Deployment • Declarative Security Language Séminaire Croisé : Sécurité Informatique Ubiquitaire

  5. 2. ProActive • A Java API + Tools for Parallel, Distributed Computing • A uniform framework: An Active Object pattern • A formal model behind: Prop. Determinism, insensitivity to deploy. • Main features: • Remotely accessible Objects • Asynchronous Communications with synchro: automatic Futures • Group Communications, Migration (mobile computations) • XML Deployment Descriptors • Interfaced with various protocols: rsh,ssh,LSF,Globus,Jini,RMIregistry • Visualization and monitoring: IC2D • Security Séminaire Croisé : Sécurité Informatique Ubiquitaire

  6. Standard system at Runtime No sharing between activities Active Object Node Passive Object Séminaire Croisé : Sécurité Informatique Ubiquitaire

  7. Reply Sender Body node1 node2 Security Manager Request Sender Reply Receiver Service Request Receiver Proxy Stub_A A B Secure Active Object Séminaire Croisé : Sécurité Informatique Ubiquitaire

  8. Abstract Deployment Model • A key principle: • Abstract Away from source code: Machine names, Creation Protocols, Lookup and Registry Protocols • In program source: Virtual Node (a string name) • In XML descriptors: • Mapping of VN to JVMs • Create or Acquire JVMs Program Source Descriptor (RunTime) |----------------------------------| |-------------------------------------------| Activities (AO) --> VN VN --> JVMs --> Hosts Séminaire Croisé : Sécurité Informatique Ubiquitaire

  9. Descriptors: Mapping Virtual Nodes VirtualNodes: Dispatcher RendererSet Mapping: Dispatcher --> DispatcherJVM RendererSet --> JVMset JVMs: DispatcherJVM = Current // (the current JVM) JVMset=//ClusterSophia.inria.fr/ <Protocol GlobusGram … 10 > Séminaire Croisé : Sécurité Informatique Ubiquitaire

  10. 3. Security • Non-functional security • Hierarchical security domains • Dynamic policy negotiation • Certification chain to identify users, JVMs, objects • Application security policies set by deployment descriptors Séminaire Croisé : Sécurité Informatique Ubiquitaire

  11. Requestor Generates Key Pair CA Presents Signed X509 v3 Certificate to Requestor CA Verifies ID, Key Pair, and User Eligibility CA Binds Public Key to ID by Signing the Certificate Authentication : X509 Certificate Séminaire Croisé : Sécurité Informatique Ubiquitaire

  12. Application authentication Application certificate User certificate Entities certificates Generate certificate Séminaire Croisé : Sécurité Informatique Ubiquitaire

  13. Hierarchical Domains • Logical way to group many entities that have the same security needs. • Domains are hierarchical. • Sub-domains inherits parent’s security policies. • Default : Sub-domains cannot weaken parent’s security policies. • ‘Can override‘ : a domain authorizes an entity to override its policies • Find the first common domain if exists • Dynamically configurable via SSL connections Séminaire Croisé : Sécurité Informatique Ubiquitaire

  14. Dn Dn-1 Accept Deny Accept Deny Accept Deny Accept Deny Accept Deny D0 VN AO Multi-level Policies Computing a security policy according all matching rules from domains, Virtual Node and Active Object. Application-level policy Administrator-/ User-level policy Security policy Séminaire Croisé : Sécurité Informatique Ubiquitaire

  15. Interactions : JVMCreation NodeCreation CodeLoading ObjectCreation ObjectMigration Request Reply Listing Entities : Domain User Virtual Node Object Security Rule Entities -> Entities : Interactions # Security Attributes • Attributes : • Authentication • Integrity • Confidentiality • Each attribute can be : • Allowed • Optional • Disallowed Séminaire Croisé : Sécurité Informatique Ubiquitaire

  16. Receiver Required (+) Optional (?) Disallowed (-) Sender Required (+) + invalid + Optional (?) ? - + Disallowed (-) invalid - - Combining Policies • Search for the most specific rule in each domain. • Retrieve all matching rules in the Domain hierarchy, the Virtual Node and the Active Object. • Compute policies according to security attributes. Séminaire Croisé : Sécurité Informatique Ubiquitaire

  17. DescriptorSecurity Model • A key principle: • Specify security policies according to the deployment • In program source: • Virtual Node (VN, a string name): • In XML descriptors: • List of policy rules • Trusted Certification Authorities Séminaire Croisé : Sécurité Informatique Ubiquitaire

  18. Descriptors: Security VirtualNodes vn1, vn2 SECURITY: VN [vn1] -> VN [vn2] : Q,P # [+A,?I,+C] VN [vn1] -> VN [vn2] : M # Forbidden VN [vn2] -> VN [vn1] : Q,P # [?A,?I,?C] VN [vn2] -> VN [vn1] : M # Forbidden Mapping: vn1 --> GridAComputers, GridBComputers vn2 --> GridAComputers JVMs: /…/ Séminaire Croisé : Sécurité Informatique Ubiquitaire

  19. ProActive Security Manager • In charge of security for an active object • Retrieve, combine and negotiate policies • Negotiate session key, • Encrypt/decrypt messages Séminaire Croisé : Sécurité Informatique Ubiquitaire

  20. Policy computation • Keys exchange encrypt decrypt Reply Sender Reply Sender Body Body Proxy Request Sender Request to an Active Object Security Manager Security Manager Request Receiver Request Receiver Request Sender Reply Receiver Reply Receiver Service Service Object Object Request path Active Object Security mechanims Séminaire Croisé : Sécurité Informatique Ubiquitaire

  21. 4. Example • 2 domaines GridA & gridB with security policies • Domain [GridA] -> Domain [GridB] : Q,P,M # [+A,+I,+C] • Domain [GridB] -> Domain [GridA] : Q,P,M # [+A,+I,+C] • Application : • 2 Virtual Nodes (vn1,vn2) • 2 Active objects Séminaire Croisé : Sécurité Informatique Ubiquitaire

  22. Example Domain GridA Domain GridB JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  23. Descriptors: Security VirtualNodes vn1, vn2 SECURITY: VN [vn1] -> VN [vn2] : Q,P # [+A,?I,+C] VN [vn1] -> VN [vn2] : M # Forbidden VN [vn2] -> VN [vn1] : Q,P # [?A,?I,?C] VN [vn2] -> VN [vn1] : M # Forbidden Mapping: vn1 --> GridAComputers, GridBComputers vn2 --> GridAComputers JVMs: /…/ Séminaire Croisé : Sécurité Informatique Ubiquitaire

  24. Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah); Séminaire Croisé : Sécurité Informatique Ubiquitaire

  25. Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah); Séminaire Croisé : Sécurité Informatique Ubiquitaire

  26. Example Domain GridA Domain GridB JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  27. Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah); Séminaire Croisé : Sécurité Informatique Ubiquitaire

  28. Rose Daliah Example Domain GridA Domain GridB JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  29. Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah); Séminaire Croisé : Sécurité Informatique Ubiquitaire

  30. Rose Daliah Example Domain GridA Domain GridB Migration : - same VN - same domain Can I migrate to the next VN1 node ? JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  31. Rose Daliah Example Domain GridA Domain GridB Migration : - same VN - same domain 1 - retrieve VN policy 2 - migration allowed JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  32. Rose Daliah Example Domain GridA Domain GridB Migration : - same VN - same domain JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  33. Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah); Séminaire Croisé : Sécurité Informatique Ubiquitaire

  34. Rose Daliah Example Method call : - other VN - same domain Domain GridA Domain GridB Can I make a method call to Daliah on vn2 ? JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  35. Rose Daliah Example Method call : - other VN - same domain Domain GridA Domain GridB 1 - VN1 -> VN2 : [?A,?I,?C] 2 - result policy : [?A,?I,?C] 3 - method call allowed JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  36. Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah); Séminaire Croisé : Sécurité Informatique Ubiquitaire

  37. Rose Daliah VN1 policy : forbidden Example Migration : - other VN - same domain Domain GridA Domain GridB Can I migrate to the next VN2 node ? JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  38. Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah); Séminaire Croisé : Sécurité Informatique Ubiquitaire

  39. Rose Daliah Example Migration : - same VN - other domain Domain GridA Domain GridB Can I migrate to the next VN1 node on GridB domain? JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  40. Rose Daliah Example Migration : - same VN - other domain Domain GridA Domain GridB 1- VN1 policy -> none 2- GridA -> GridB : [+A,+I,+C] 3- migration with [+A,+I,+C] JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  41. Rose Daliah Example Migration : - same VN - other domain Domain GridA Domain GridB JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  42. Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah); Séminaire Croisé : Sécurité Informatique Ubiquitaire

  43. Rose Daliah Example Method call : - other VN - other domain Domain GridA Domain GridB JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

  44. Conclusion • ProActive Security Features • Authentication of users and applications • Authentication, integrity and confidentiality of communications • Security model for mobile applications • Dynamically negotiated policies, non-functional security • Logical security representation : security is easily adaptable to the deployment • Perspectives: • Group communication, OGSA Security: Open Grid Services Architecture, Hardware mobility : PDAs Séminaire Croisé : Sécurité Informatique Ubiquitaire

  45. Questions ? Séminaire Croisé : Sécurité Informatique Ubiquitaire

More Related