Security%20and%20Certification%20Issues%20in%20Grid%20Computing

1
Security and Certification Issuesin Grid
Computing

• Ian Foster
• Mathematics and Computer Science Division
• Argonne National Laboratory
• and
• Department of Computer Science
• The University of Chicago
• http//www.mcs.anl.gov/foster

International Workshop on Certification and
Security in E-Services (CSES 2002), Montreal,
Canada, Aug 28
2
Partial Acknowledgements

• Grid computing, Globus Project, and OGSA
• Carl Kesselman _at_ USC/ISI, Steve Tuecke _at_ANL
• Talented team of scientists and engineers at ANL,
  USC/ISI, elsewhere (see www.globus.org)
• Open Grid Services Architecture (OGSA)
• Karl Czajkowski _at_ USC/ISI, Jeff Nick, Steve
  Graham, Jeff Frey _at_ IBM, www.globus.org/ogsa
• Grid security, OGSA Security, CAS
• Frank Siebenlist, Von Welch, Laura Pearlman
• Support from DOE, NASA, NSF, IBM, Microsoft

3
Overview

• What is the Grid anyway?
• And whats it got to do with e-services?
• Grid security certification issues
• Demands of virtual organizationsand Grid
  approach to addressing these demands
• Implementation approach
• Globus Toolkit Grid Security Infrastructure
• Open Grid Services Architecture (OGSA)
• OGSA security architecture
• Summary

4
Overview

• What is the Grid anyway?
• And whats it got to do with e-services?
• Grid security certification issues
• Demands of virtual organizationsand Grid
  approach to addressing these demands
• Implementation approach
• Globus Toolkit Grid Security Infrastructure
• Open Grid Services Architecture (OGSA)
• OGSA security architecture
• Summary

5
E-Science The Original Grid Driver

• Pre-electronic science
• Theorize /or experiment, in small teams
• Post-electronic science
• Construct and mine very large databases
• Develop computer simulations analyses
• Access specialized devices remotely
• Exchange information within distributed
  multidisciplinary teams
• Need to manage dynamic, distributed
  infrastructures, services, and applications

6
And Thus The Grid

• Resource sharing coordinated problem solving
  in dynamic, multi-institutional virtual
  organizations

7
Grids at NASA Aviation Safety
Wing Models

• Lift Capabilities
• Drag Capabilities
• Responsiveness

Stabilizer Models
Airframe Models

• Deflection capabilities
• Responsiveness

Crew Capabilities - accuracy - perception -
stamina - re-action times - SOPs
Engine Models

• Braking performance
• Steering capabilities
• Traction
• Dampening capabilities

• Thrust performance
• Reverse Thrust performance
• Responsiveness
• Fuel Consumption

Landing Gear Models
8
Life Sciences Telemicroscopy
DATA ACQUISITION
PROCESSING,ANALYSIS
ADVANCEDVISUALIZATION
NETWORK
COMPUTATIONALRESOURCES
IMAGING INSTRUMENTS
LARGE DATABASES
9
Sloan Digital Sky Survey Analysis
Size distribution of galaxy clusters?
www.griphyn.org/chimera
10
Data Grids for High Energy Physics
11
Resource Sharing within VOs is Not Unique to
Science!

• Fragmentation of enterprise infrastructure
• Driven by cheap servers, fast nets, ubiquitous
  Internet, eBusiness workloads
• Need to configure distributed collections of
  services to deliver specified QoS
• Virtualization
• Emerging service infrastructure, utility
  computing models, economies of scale
• Services dynamically instantiated across device
  spectrum
• B2B, B2C, C2C interactions

12
Virtualization andDistributed Service Management
Larger, more integrated More connected Dynamically
provisioned
Less capable, integrated Less connected User
service locus
Device Continuum
13
Grid Computing
Grid Computing By M. Mitchell Waldrop May
2002 Hook enough computers together and what do
you get? A new kind ofutility that offers
supercomputer processing on tap.Is Internet
history about to repeat itself?
14
Challenging Technical Requirements

• Dynamic formation and management of virtual
  organizations
• Discovery online negotiation of access to
  services who, what, why, when, how
• Configuration of applications and systems able to
  deliver multiple qualities of service
• Management of distributed state within
  infrastructures, services, and applications
• Open, extensible, evolvable infrastructure

15
Challenging Technical Requirements

• Dynamic formation and management of virtual
  organizations
• Discovery online negotiation of access to
  services who, what, why, when, how
• Configuration of applications and systems able to
  deliver multiple qualities of service
• Management of distributed state within
  infrastructures, services, and applications
• Open, extensible, evolvable infrastructure

Security and Certification Issues
16
Overview

• What is the Grid anyway?
• And whats it got to do with e-services?
• Grid security certification issues
• Demands of virtual orgsand Grid approach to
  addressing these demands
• Implementation approach
• Globus Toolkit Grid Security Infrastructure
• Open Grid Services Architecture (OGSA)
• OGSA security architecture
• Summary

17
Grid Security Certification

• Challenges include
• Dynamic group membership and trust relationships
  within virtual organizations
• Complex computational structures extending beyond
  client-server delegation
• Mission-critical apps and valuable resources
• Issues include
• Cross-certification
• Mechanisms and credentials
• Distributed authorization
• Secure logging and audit

18
Cross Certification Issue
Certification
Certification
Authority
Authority
Domain B
Domain A
Policy
Policy
Authority
Authority
Task
Server Y
Server X
Sub-Domain A1
Sub-Domain B1
19
Cross-Certification

• Cross-certification at corporate level difficult
• Legal implications, liability, bureaucracy
• Address trust at user/resource level!
• Many business relationships do not require
  involvement of President/CEO
• Virtual organization as bridge
• Federate through mutually trusted services
• Local policy authorities rule
• Assertions language for trust relationships
• WS-Trust, WS-Federation, WS-Policy

20
Grid SolutionUse Virtual Organization as Bridge
No Cross- Domain Trust
Certification
Domain A
Federation
Service
common mechanism
Virtual
Organization
Domain
21
Mechanism and Credential Issue

• Different mechanisms credentials
• X.509 vs Kerberos, SSL vs GSSAPI, X.509 vs.
  X.509 (different domains)
• X.509 attribute certs vs SAML assertions
• Need for common mechanism
• GSI-SecureConversation
• Need for credential federation services
• Obtain X.509 creds with Kerberos ticket
• Obtain Kerberos ticket with X.509 creds
• Cross X.509 or Kerberos domains/realms

22
ExampleKerberos-X.509 Federation

• Requestor Kerberos realm
• Server X.509-based domain (only authenticates
  requestors with X.509 creds)
• VO provides Kerberos-CA federation service
• Has Kerberos identity within requestors realm
• Kerb-CA cert is trusted within server-side VO
• Kerb-CA issues (short-lived) X.509-certs that
  assert requestors Kerberos principal name
• Requestors runtime is X.509-enabled
• Servers access control policy within the VO is
  based on requestors Kerberos principal name

23
Kerberos-X.509 Federation Service
Kerberos Realm
X.509 Domain
Kerberos-CA Svc
Policy
Authority
Kerberos Ticket
trusts Krb-CA
issued certs
enforcement on
requestor's
X.509 cert
principal name
X.509 secured protocol
Requestor
Server
Virtual
Organization
Domain
24
Grid Authorization/Policy Issue

• Resources may not know foreign requestors
• Impairs fine-grained policy admin
• Outsource policy admin to reqs sub-domain
• Enables fine-grained policy
• Community Authorization Service (CAS)
• Resource owner sets course-grained policy rules
  for foreign domain on CAS-identity
• CAS sets policy rules for its local users
• Requestors obtain capabilities from their local
  CAS that get enforced at the resource

25
Community Authorization Service
Domain A
Domain B
Sub-Domain B1
Sub-Domain A1
Policy
Authority
Community
Authorization Svc
enforcement
CAS identity
on CAS-identity and
"trusted"
requestor's capabilities
capability
assertions
request
CAS assertions
Server
Requestor
Virtual
Organization
Domain
26
Security Services VO
Requestor's
Service Provider's
Domain
Domain
Trust
Trust
Service
Service
Authorization
Attribute
Authorization
Attribute
Service
Service
Service
Service
Audit/
Audit/
Privacy
Privacy
Secure-Logging
Secure-Logging
Service
Service
Service
Service
Credential
Credential
Validation
Validation
Service
Service
Bridge/
Translation
Service
Service
Requestor
Provider
WS-Stub
WS-Stub
Secure Conversation
Application
Application
Credential
Credential
Validation
Validation
Service
Service
Authorization
Authorization
Service
Service
Attribute
Attribute
Service
Service
Trust
Trust
Service
Service
VO
Domain
27
Secure Logging and Audit

• Robust, secure audit infrastructure is essential
  for commercial Grid deployment
• Natural audit code-points in OGSA runtime
• Users credentials, authorization decisions,
  invoked portTypes, parameter values, etc.
• Allows for secure logging transparent and
  independent from applications
• Standard call-outs to external security services
• More relevant audit code-points
• XML facilitates audit-entry filtering mgmt

28
Transparent Audit Code-Points
All service invocations and policy decisions
within stubs are natural audit code-points
29
Overview

• What is the Grid anyway?
• And whats it got to do with e-services?
• Grid security certification issues
• Demands of virtual organizationsand Grid
  approach to addressing these demands
• Implementation approach
• Globus Toolkit, Grid Security Infrastruct.
• Open Grid Services Architecture (OGSA)
• OGSA security architecture
• Summary

30
The Grid World Current Status

• Many major Grid projects in scientific
  technical computing/research education
• Open source Globus Toolkit a de facto standard
  for major protocols services
• Simple protocols APIs for authentication,
  discovery, access, etc. infrastructure
• Information-centric design
• Large user and developer base
• Multiple commercial support providers
• Global Grid Forum community standards
• Emerging Open Grid Services Architecture

31
Grid Security Infrastructure

• Uniform authentication authorization mechanisms
  in multi-institutional setting
• Single sign-on, delegation, identity mapping
• Public key tech, SSL/TLS, X.509, GSS-API
• Internet/GGF drafts document extensions
• Supporting infrastructure
• Certificate Authorities
• Online credential repository
• Kerberos-X.509 federation server
• Etc., etc., etc.

32
GSI in Action Create Processes at A and B that
Communicate Access Files at C
User
Site B (Unix)
Site A (Kerberos)
Computer
Computer
Site C (Kerberos)
Storage system
33
Grid EvolutionOpen Grid Services Architecture

• Goals
• Refactor Globus protocol suite to enable common
  base and expose key capabilities
• Service orientation to virtualize resources and
  unify resources/services/information
• Embrace key Web services technologies for
  standard IDL, leverage commercial efforts
• Result standard interfaces behaviors for
  distributed system mgmt the Grid service
• Standardization within Global Grid Forum
• Open source commercial implementations

34
The Grid Service Interfaces/Behaviors Service
Data
Service data element
Service data element
Service data element
Binding properties - Reliable invocation -
Authentication
Implementation
Hosting environment/runtime (C, J2EE, .NET, )
35
WS Security ArchitectureCurrent/Proposed
Specifications
WS-Secure Conversation
WS-Federation
WS-Authorizatn
Composable architecture only use what you need
WS-Policy
WS-Trust
WS-Privacy
today
WS-Security
time
SOAP Foundation
36
Grid Security and OGSA

• OGSA security roadmap defines a set of required
  services and indicates for each if
• Is provided by WS Security specs
• May be provided by WS Security specs
• Requires standardized profile/mechanisms and/or
  extensions for WS Security specs
• Addresses, for example
• GSISecureConversation
• Standardized policy services
• Standardized audit services
• Etc., etc., etc.

37
OGSA Security Components
Intrusion
Credential and
Secure
Access Control
Audit
Identity Translation
Detection
Conversations
Non-repudiation
Enforcement
(
)
Single Logon
Anti-virus
Management
Mapping
Service/End-point
Authorization
Privacy
Policy
Policy
Rules
Policy
Policy
Management
(authorization,
privacy,
federation, etc)
Policy Expression and Exchange
Trust Model
Secure Logging
User
Management
Bindings Security
Key
(transport, protocol, message security)
Management
38
Overview

• What is the Grid anyway?
• And whats it got to do with e-services?
• Grid security certification issues
• Demands of virtual organizationsand Grid
  approach to addressing these demands
• Implementation approach
• Globus Toolkit Grid Security Infratructure
• Open Grid Services Architecture (OGSA)
• OGSA security architecture
• Summary

39
Summary

• The Grid resource sharing coordinated problem
  solving in virtual organizations
• Challenging security cert. requirements
• OGSA security architecture addresses Grid
  certification, federation, bridging issues
• Leverages WS Security standards OGSA
• Standardized security services, profiles, and
  mechanisms
• Open source Globus Toolkit and commercial
  implementations

40
For More Information

• The Globus Project
• www.globus.org
• Technical articles
• www.mcs.anl.gov/foster
• Open Grid Services Arch.
• www.globus.org/ogsa
• Global Grid Forum
• www.gridforum.org
• Chicago, Oct 15-17