Docstoc

nasa_challenge

Document Sample
nasa_challenge Powered By Docstoc
					Lappeenranta university of technology
Parallel computing
Seminar challenge
Minna Frosti & Pasi Juvonen             31.3.2012




            GRID SECURITY ISSUES

                       Seminar challenge




                                                    1
Lappeenranta university of technology
Parallel computing
Seminar challenge
Minna Frosti & Pasi Juvonen                    31.3.2012




CONTENTS

1.     INTRODUCTION
2.     GRID SECURITY CHALLENGES
3.     SOLUTIONS TO PROVIDE SECURITY IN GRID
4.     NASA IPG TOOLS FOR SECURITY


BIBLIOGRAPHY




                                                           2
Lappeenranta university of technology
Parallel computing
Seminar challenge
Minna Frosti & Pasi Juvonen                                            31.3.2012



1 INTRODUCTION

The term “Grid” means systems and applications that integrate and manage resources and
services distributed across multiple control domains /1/. In most cases scenario within Grid
computing involves the formation of dynamic “virtual organisations” comprising for example
groups of researchers and associated resources and services united by a common purpose but
not located within a single administrative domain /1/.


2 GRID SECURITY CHALLENGES

A key aspects to provide information security is to preserve the confidentiality, integrity and
availability of service to an organisation's information. If one or more of these attributes is
lost, it can threaten the continued existence of even the largest corporate entities. Purpose of
these issues becomes more obvious in Grids, which are not in single administrative domain.



3 SOLUTIONS TO PROVIDE SECURITY IN GRID

Common Grid security model includes three key functions:


   1. Multiple security mechanisms
   2. Dynamic creation of services
   3. Dynamic establishment of trust domains /1/


In other words Grid’s security has to be implemented to support scalable, distributed and
dynamic virtual organisations. Usually organisations have invested lot of money in existing
security mechanisms and infrastructure. Grid security has to interoperate, not replace them.


Dynamic creations means, that users have to be able to create services without administrative
interruption. In our opinion this is also a risk. What if someone will brute-force our passwords
with powerful Grid?




                                                                                                   3
Lappeenranta university of technology
Parallel computing
Seminar challenge
Minna Frosti & Pasi Juvonen                                             31.3.2012



In future virtual organisations will need user-driven security model. Grid users may need to
contact other virtual organisations in secure way. Security model must adapt dynamic joining
to virtual organisation and dynamic leaving from virtual organisation.


For example European Data Grid uses certificates to provide security. In practise a
participator of virtual organisation (and grid) will have to contact it’s local certificate
authority and obtain appropriate certificate /3/. Certificates differ from DataGrid user
certificates to DataGrid site administrator certificates. Certificates are part of PKI (Public Key
Infrastrucute, which is represented in picture 1.




Picture 1: PKI entities /4/




                                                                                                 4
Lappeenranta university of technology
Parallel computing
Seminar challenge
Minna Frosti & Pasi Juvonen                                            31.3.2012

4 NASA IPG TOOLS FOR SECURITY

The security solutions of the IPG (Information Power Grid) relays greatly on the Globus
Toolkit. The Globus Toolkit uses Globus Security Infrastructure (GSI) for enabling secure
authentication and communication over an open network /5/.


Users and services are identified via certificates, which contain information about the persons
or objects, their public keys, the identity of Certificate Authority (CA) and the digital
signature of the CA. Authentications and encryptions are handled using SSL, which is
commonly used for secure Internet transactions. The GCI provides a single sign-on by
generating a proxy certificate. The certificate consists of new certificate, a new private key
and a time notation after which the proxy should no longer be accepted by others. Proxies
have limited lifetimes. The proxy can be used to authenticate to remote processes on a user's
behalf. /5/


The IPG Team has been developing a web portal called LaunchPad. Their goal is to ensure
secure transmission of information through a portal. It requires users to store their proxy
certificates on a secure server, certificates been given by acceptable certificate authority (IPG
X.509 Certification Authority) and users to have a valid user identification - unique global
ids. Authorization is controlled by grid-mapfile, a mapping between user id and local Unix id.
/6/




                                                                                                    5
Lappeenranta university of technology
Parallel computing
Seminar challenge
Minna Frosti & Pasi Juvonen                                         31.3.2012




BIBLIOGRAHPY


/1/ http://www.globus.org/Security/GSI3/GT3-Security-HPDC.pdf [pdf-document] retrieved
12.11.2003

/2/ http://www.yourwindow.to/information-security/gl_confidentialityinteg
rityandavailabili.htm [e-document] retrieved 14.11.2003

/3/ http://marianne.in2p3.fr/datagrid/ca/ca-table-ca.html [e-document] retrieved 13.11.2003

/4/ http://www.ietf.org/internet-drafts/draft-ietf-pkix-roadmap-09.txt [e-document] retrieved
14.11.2003

/5/ http://www.globus.org/security/overview.html [e-document] retrieved 12.11.2003

/6/ http://www.nas.nasa.gov/Main/Features/2001/Winter/launchpad3.html [e-document]
retrieved 12.11.2003




                                                                                                6

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:3
posted:3/31/2012
language:
pages:6