Security Architecture for GRID Applications

Security Architecture for GRID Applications Arnaud Contes - OASIS Séminaire Croisé Sécurité Informatique Ubiquitaire 1. Introduction to the GRID 2. ProActive 3. Declarative Security 4. Example Séminaire Croisé : Sécurité Informatique Ubiquitaire

Net 1. Introduction : Context Single Grid Applications Distributed Grid Séminaire Croisé : Sécurité Informatique Ubiquitaire

Issues for Grid Security • Authentication of Computers, Users, and Applications • Creation, connection to, and monitoring of activities • Authentication, Integrity and Confidentiality (AIC) of communications • Hierarchical domains • Security Policies: Application, Domain • Variation in Grid network links : LAN, Wireless, VPN, Internet • Variation in deployment Séminaire Croisé : Sécurité Informatique Ubiquitaire

Objectives • Goals : • Authentication of Computers, Users, and Applications • Communication authentication, privacy and integrity • Security defined at user and administrator level • Easy and adaptable configuration • Support for current middlewares features : deployment, migration, group communication, components • Ways : • Ubiquitous Security (Meta Object Protocol) • Logical Security Architecture / Abstract Deployment • Declarative Security Language Séminaire Croisé : Sécurité Informatique Ubiquitaire

2. ProActive • A Java API + Tools for Parallel, Distributed Computing • A uniform framework: An Active Object pattern • A formal model behind: Prop. Determinism, insensitivity to deploy. • Main features: • Remotely accessible Objects • Asynchronous Communications with synchro: automatic Futures • Group Communications, Migration (mobile computations) • XML Deployment Descriptors • Interfaced with various protocols: rsh,ssh,LSF,Globus,Jini,RMIregistry • Visualization and monitoring: IC2D • Security Séminaire Croisé : Sécurité Informatique Ubiquitaire

Standard system at Runtime No sharing between activities Active Object Node Passive Object Séminaire Croisé : Sécurité Informatique Ubiquitaire

Reply Sender Body node1 node2 Security Manager Request Sender Reply Receiver Service Request Receiver Proxy Stub_A A B Secure Active Object Séminaire Croisé : Sécurité Informatique Ubiquitaire

Abstract Deployment Model • A key principle: • Abstract Away from source code: Machine names, Creation Protocols, Lookup and Registry Protocols • In program source: Virtual Node (a string name) • In XML descriptors: • Mapping of VN to JVMs • Create or Acquire JVMs Program Source Descriptor (RunTime) |----------------------------------| |-------------------------------------------| Activities (AO) --> VN VN --> JVMs --> Hosts Séminaire Croisé : Sécurité Informatique Ubiquitaire

Descriptors: Mapping Virtual Nodes VirtualNodes: Dispatcher RendererSet Mapping: Dispatcher --> DispatcherJVM RendererSet --> JVMset JVMs: DispatcherJVM = Current // (the current JVM) JVMset=//ClusterSophia.inria.fr/ <Protocol GlobusGram … 10 > Séminaire Croisé : Sécurité Informatique Ubiquitaire

3. Security • Non-functional security • Hierarchical security domains • Dynamic policy negotiation • Certification chain to identify users, JVMs, objects • Application security policies set by deployment descriptors Séminaire Croisé : Sécurité Informatique Ubiquitaire

Requestor Generates Key Pair CA Presents Signed X509 v3 Certificate to Requestor CA Verifies ID, Key Pair, and User Eligibility CA Binds Public Key to ID by Signing the Certificate Authentication : X509 Certificate Séminaire Croisé : Sécurité Informatique Ubiquitaire

Application authentication Application certificate User certificate Entities certificates Generate certificate Séminaire Croisé : Sécurité Informatique Ubiquitaire

Hierarchical Domains • Logical way to group many entities that have the same security needs. • Domains are hierarchical. • Sub-domains inherits parent’s security policies. • Default : Sub-domains cannot weaken parent’s security policies. • ‘Can override‘ : a domain authorizes an entity to override its policies • Find the first common domain if exists • Dynamically configurable via SSL connections Séminaire Croisé : Sécurité Informatique Ubiquitaire

Dn Dn-1 Accept Deny Accept Deny Accept Deny Accept Deny Accept Deny D0 VN AO Multi-level Policies Computing a security policy according all matching rules from domains, Virtual Node and Active Object. Application-level policy Administrator-/ User-level policy Security policy Séminaire Croisé : Sécurité Informatique Ubiquitaire

Interactions : JVMCreation NodeCreation CodeLoading ObjectCreation ObjectMigration Request Reply Listing Entities : Domain User Virtual Node Object Security Rule Entities -> Entities : Interactions # Security Attributes • Attributes : • Authentication • Integrity • Confidentiality • Each attribute can be : • Allowed • Optional • Disallowed Séminaire Croisé : Sécurité Informatique Ubiquitaire

Receiver Required (+) Optional (?) Disallowed (-) Sender Required (+) + invalid + Optional (?) ? - + Disallowed (-) invalid - - Combining Policies • Search for the most specific rule in each domain. • Retrieve all matching rules in the Domain hierarchy, the Virtual Node and the Active Object. • Compute policies according to security attributes. Séminaire Croisé : Sécurité Informatique Ubiquitaire

DescriptorSecurity Model • A key principle: • Specify security policies according to the deployment • In program source: • Virtual Node (VN, a string name): • In XML descriptors: • List of policy rules • Trusted Certification Authorities Séminaire Croisé : Sécurité Informatique Ubiquitaire

Descriptors: Security VirtualNodes vn1, vn2 SECURITY: VN [vn1] -> VN [vn2] : Q,P # [+A,?I,+C] VN [vn1] -> VN [vn2] : M # Forbidden VN [vn2] -> VN [vn1] : Q,P # [?A,?I,?C] VN [vn2] -> VN [vn1] : M # Forbidden Mapping: vn1 --> GridAComputers, GridBComputers vn2 --> GridAComputers JVMs: /…/ Séminaire Croisé : Sécurité Informatique Ubiquitaire

ProActive Security Manager • In charge of security for an active object • Retrieve, combine and negotiate policies • Negotiate session key, • Encrypt/decrypt messages Séminaire Croisé : Sécurité Informatique Ubiquitaire

Policy computation • Keys exchange encrypt decrypt Reply Sender Reply Sender Body Body Proxy Request Sender Request to an Active Object Security Manager Security Manager Request Receiver Request Receiver Request Sender Reply Receiver Reply Receiver Service Service Object Object Request path Active Object Security mechanims Séminaire Croisé : Sécurité Informatique Ubiquitaire

4. Example • 2 domaines GridA & gridB with security policies • Domain [GridA] -> Domain [GridB] : Q,P,M # [+A,+I,+C] • Domain [GridB] -> Domain [GridA] : Q,P,M # [+A,+I,+C] • Application : • 2 Virtual Nodes (vn1,vn2) • 2 Active objects Séminaire Croisé : Sécurité Informatique Ubiquitaire

Example Domain GridA Domain GridB JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Descriptors: Security VirtualNodes vn1, vn2 SECURITY: VN [vn1] -> VN [vn2] : Q,P # [+A,?I,+C] VN [vn1] -> VN [vn2] : M # Forbidden VN [vn2] -> VN [vn1] : Q,P # [?A,?I,?C] VN [vn2] -> VN [vn1] : M # Forbidden Mapping: vn1 --> GridAComputers, GridBComputers vn2 --> GridAComputers JVMs: /…/ Séminaire Croisé : Sécurité Informatique Ubiquitaire

Example /…/ proActiveDescriptor.activateMappings(); vn1 = proActiveDescriptor.getVirtualNode("vm1"); vn2 = proActiveDescriptor.getVirtualNode("vm2"); /…/ Flower rose = (Flower) ProActive.newActive(Flower.class,new Object[]{« Rose »}, vn1.getNode()}; Flower daliah = (Flower) ProActive.newActive(Flower.class,new Object[]{« Daliah »}, vn2.getNode()}; /* next VN1 node inside the same domain */ rose.migrateTo(vn1); /* communication inside the same domain */ rose.sayHelloTo(daliah); /* other virtual node, forbidden */ rose.migrateTo(vn2); /* next VN1 Node, other domain */ rose.migrateTo(vn1); /* communication with another domain */ rose.sayHelloTo(daliah); Séminaire Croisé : Sécurité Informatique Ubiquitaire

Example Domain GridA Domain GridB JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Rose Daliah Example Domain GridA Domain GridB JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Rose Daliah Example Domain GridA Domain GridB Migration : - same VN - same domain Can I migrate to the next VN1 node ? JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Rose Daliah Example Domain GridA Domain GridB Migration : - same VN - same domain 1 - retrieve VN policy 2 - migration allowed JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Rose Daliah Example Domain GridA Domain GridB Migration : - same VN - same domain JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Rose Daliah Example Method call : - other VN - same domain Domain GridA Domain GridB Can I make a method call to Daliah on vn2 ? JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Rose Daliah Example Method call : - other VN - same domain Domain GridA Domain GridB 1 - VN1 -> VN2 : [?A,?I,?C] 2 - result policy : [?A,?I,?C] 3 - method call allowed JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Rose Daliah VN1 policy : forbidden Example Migration : - other VN - same domain Domain GridA Domain GridB Can I migrate to the next VN2 node ? JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Rose Daliah Example Migration : - same VN - other domain Domain GridA Domain GridB Can I migrate to the next VN1 node on GridB domain? JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Rose Daliah Example Migration : - same VN - other domain Domain GridA Domain GridB 1- VN1 policy -> none 2- GridA -> GridB : [+A,+I,+C] 3- migration with [+A,+I,+C] JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Rose Daliah Example Migration : - same VN - other domain Domain GridA Domain GridB JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Rose Daliah Example Method call : - other VN - other domain Domain GridA Domain GridB JVM Policy rules database VN1 VN2 Séminaire Croisé : Sécurité Informatique Ubiquitaire

Conclusion • ProActive Security Features • Authentication of users and applications • Authentication, integrity and confidentiality of communications • Security model for mobile applications • Dynamically negotiated policies, non-functional security • Logical security representation : security is easily adaptable to the deployment • Perspectives: • Group communication, OGSA Security: Open Grid Services Architecture, Hardware mobility : PDAs Séminaire Croisé : Sécurité Informatique Ubiquitaire

Questions ? Séminaire Croisé : Sécurité Informatique Ubiquitaire

Security Architecture for GRID Applications

Security Architecture for GRID Applications

Presentation Transcript

Grid Architecture for eLearning

Grid Architecture

Architecture Support for Security

Grid Technologies for Engineering Applications

XML for Data Grid Applications

Grid Enabling Applications for the Grid: ENDYNE

GRID Applications

Grid Resources for Industrial Applications

Grid Security

Scenarios for Grid Applications

A Grid Architecture for Medical Applications

Tools for Developing Grid Applications

Grid Checkpoining Architecture

A DATA GRID ARCHITECTURE FOR REAL-TIME ELECTRON MICROSCOPY APPLICATIONS

Cryptographic Aspects of the Grid Security Architecture

Grid Control Architecture

Grid Security

Grid Security

Grid Architecture

Grid is the architecture for the future networked e-Enterprise Applications

Grid systems architecture

Security Architecture Best Practices for SaaS Applications