Docstoc

grid

Document Sample
grid Powered By Docstoc
					      Security
in Computational Grid

     Seonho Kim
     Oct 18th 2002
                   Content
•   Computational Grid
•   Security Requirements in Grid
•   Terminology
•   Security Policy in Grid
•   Globus overview
•   Grid Security Architecture
                  What is Grid?
• A computational grid is a hardware and software
  infrastructure that provides dependable, consistent,
  pervasive, and inexpensive access to high-end
  computational capabilities
• A Computational Grids is a wide area distributed and
  parallel computing environment consisting of heterogenous
  platforms spanning multiple administrative domains
   – coordinated resource sharing and problem solving in
     dynamic, multi-institutional virtual organizations
   – Checklists
      • Coordinates resources that are not subject to centralized
        control
      • Using standard, open, general-purpose protocols and
        interfaces
      • Deliver nontrivial qualities of services
Security?
• Protecting the system from its users
• Preventing the unauthorized disclosure or modification of
  data

Security in Computational Grid
• Characteristics of the Grid computing environment
   • Large & dynamic user population and resource pool
   • Dynamic resource acquisition and release
   • Dynamic creation and destruction of a variety of network connections
   • Heterogenous local authentication and authorization mechanisms
     and policies (e.g. Kerboros, plaintext passwords, SSL, SSH etc)
   • An individual user will be associated with different local name
     spaces, credentials, or accounts at different sites.
             Security Requirements
• Authentication solution for verifying identities
  among a user, the processes, and the resources
  during the computation
• Support for Local Heterogeneity
  – Various authentication/authorization mechanism, polices
• Several Constraints to meet
  – Single sign-on & delegation
  – Protection of Credentials
  – Interoperability with local security solutions: Inter-domain access
    mechanism
  – Uniform certification infrastructure
  – Support for secure group communication
  – Support for multiple implementations
  Security Requirements - Delegation
• The context initiator gives the context acceptor the
  ability to initiate additional security contexts as an
  agent of the context initiator
   – Remote creation of a proxy credential
   – Allows remote process to authenticate on behalf of the
     user
• Delegation in Globus
   – New key pair generated remotely on server
   – Proxy certificate and public key sent to client
   – Clients signs proxy certificate with its private key and
     returns it
   – Server puts proxy in /tmp
                          Terminology
•   Authentication
•   Authorization
•   Integrity and Confidentiality
•   Security Policy
    – A set of rules that define the security subjects, security
      objects, and relationships(security operations) among
      them.
• CA(Certificate Authority)
    – The third party that does certification(the binding) and issuing
      certificate
• Trust Domain
    – A logical, administrative structure where a single, consistent local
      security policy holds
             Security Policy in Grid
• Multiple trust domains
   – Inter-domain interactions + mapping of inter-domain
     operations into local security policy
• Operations within a single trust domain are subject to local
  security policy only
• Mapping from global subjects to local subjects
   – Authenticated global subject is considered authenticated
     locally
• Mutual authentication between entities in different trust
  domains
• Local access control decisions by local system
  administrators
• The execution of programs without additional user
  interaction during the computation
• Processes running on behalf of the same subject within the
  same trust domain may share a single set of credentials
              Globus Overview
• Globus (Argonne National Lab)
  – software toolkit that makes it easier to build
    computational grids and grid-based applications
     – Protocols and APIs
  – Resource Management (GRAM)
  – Information Service (MDS)
  – Data Transfer (GridFTP)
  – Security (GSI)                      Proxies and delegation
                                           for secure single sign-on
              Proxies and Delegration

              PKI                             for Authentication
                                SSL /         and message protection
           (CAs and
                                TTL           (Secured connection)
          Certificates)
                   Certificate & CA

                 Subject Name              Subject Name : CA

Certificate       Public Key                CA’s Public Key

                   CA Name                   CA Name : CA
                Signature of CA             Signature of CA


              User Certificate           CA’s Certificate
               Issued by CA
• A X.509 certificate binds a public key to a name
• Used to identify and authenticate the user or service
• By checking the signature, one can determine that
  a public key
  belongs to a given user
• The CA signs its own certificate
• distributed across the network
                     Mutual Authentication
                       (How to identify each other ?)


                       ① Connection established
      User A                                                User B
 CA                       ② A sends B its certificate                  CB

                                                                   Certificate
Certificate
    A
                       ④ B sends A a plaintext                         B


                                            ③ 1) check validity of CA
     ⑤ A encrypt the plaintext using CA             based on digital signature of CA
                                                 2) extract the public key of A
              and sends it to B


                              ⑥ B decrypt the encrypted message
                                  If this matches with the original message,
                                  B can trust A now
                               GSI in Action
    “Create Processes at A and B that Communicate & Access Files at C”

             Single sign-on via “grid-id”
             & generation of proxy cred.       User Proxy
 User        Or: retrieval of proxy cred.
                                                   Proxy
                                                 credential
             from online repository
                                            Remote process
                                            creation requests*
           GSI-enabled Authorize                                 Ditto   GSI-enabled
Site A                                                                                     Site B
           GRAM server Map to local id                                   GRAM server
(Kerberos)                                                                                 (Unix)
                       Create process
 Computer              Generate credentials                                   Computer
 Process                                                                       Process
              Local id                      Communication*                      Local id
  Kerberos    Restricted      Remote file                                       Restricted
   ticket       proxy
                            access request*                                       proxy

                                                          GSI-enabled
                                            Site C         FTP server
                                            (Kerberos)
* With mutual authentication                                       Authorize
                                            Storage                Map to local id
                                            system                 Access file
                  User Proxy Creation

     ① The User gains access to the computer

                   C’UP       ② Temporary Credential created
CU      The User



                          ③ User Proxy Credential is created
                   CUP        CUP = Sign(U) { C’UP , Start-Time, End-Time}



     User Proxy       ④ A User Proxy is created
                CUP
                    Resource Allocation

                        Mutual Authentication
                       based on CUP and CRM

   User Proxy                                      Resource Manager
  CUP           ① The UP request Resource Allocation                   CRM
                     Sign(UP) { Allocation Specification }
                                              ② 1) Authentication(validate UP
                                                        & check the expiration)
                                                   2) Authorization by local policy
                                                      (may need mapping between
                                                         Globus users credential
③ PROCESS-HANDLE returned                                and local user ID
                                                        or maynot)
                                                   3) Allocate Resource
                  Process
                  Manager               Resource
 PROCESS-HANDLE = Sign(RM) { host-identifier, process-identifier}
            Process to Process Authentication

                                                                  ① Temporal Process
                                                                   Credential created
     User Proxy                                                   C’P
                                                                          Process
                          Sign(PM) { C’P : Process-Credential }
    CUP                 ③ Process Credential
                               Request
                                                                                    CP


                                             ② C’P Passed to PM           Resource


④ 1) examine the request              Process                     ⑤ CP Passed
   2) generate CP and return          Manager                      to the Process
      it to PM                            CPM
  CP = Sign(UP) {C’P}     CP
Resource Allocation request from a Process
                                Sign(P) { Operation, Operation Arguments }
                            ① The process issues
                          a request for the resource B
   User Proxy                                             Process
                                                                 CP
  CUP
                                 ③ return the result
                                Sign(UP) { Execution-Result }
② 1) authenticate the request
    2) executes the request
                                                          Resource




      Process                     Process
      Manager                               CP
     CPM
                                 Resource B
   Mapping between Globus Subject
       & Resource Subject (1)

                    Mapping
   Globus                              Resource
                                                         User ID
   Subject                              Subject
                                         Local Name
  Global Name
                              for local access to some resource

      CUP                                   CP         Password

Globus Credential                   Resource Credential



                Using Grid Map table

				
DOCUMENT INFO
Description: grid computing security