E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York

1
E-Science Security RoadmapGrid Security Task
ForceFrom original presentation by Howard
Chivers, University of York

• Brief content
• Seek feedback on security problems
• Invite projects to offer good security
• practice where it already exists

2
Purpose of the Roadmap

• Documents status of Grid security
• Highlights problems and gaps
• Identifies priority needs to be addressed by the
  programme, e.g.
• Promulgation of best practice
• Calls for specific technology development
• Engaging in international standards activities
• Adopting commercial solutions

Unless security measures are integrated into the
e-Science programme, it risks failure because
the results are not exploitable by their target
community
3
Background

• Direction of infrastructure
• Considers current status and expected evolution
  of Globus Toolkit
• Notes trend towards web services
• But acknowledges diverse infrastructure in
  current programme
• Problems
• Identified by members of Security Task Force in
  their dealings with typical projects
• Further project input would be very welcome

4
Roadmap structure (1)

• Technology gaps classified by timescale
• Short ideally needed now (or within 1 year)
• Medium needed to move current projects onto
  production footing (without can signal failure of
  e-Science programme) (lt2005)
• Long needed to fully exploit programme in the
  longer term
• Gaps also classified by function
• Authentication, authorisation, audit, privacy,
  integrity, fabric, trust

5
Roadmap structure (2)

• Discussion of operational concerns
• Usability, performance, scalability,
  manageability, interoperability, assurance
• Summary of key recommendations
• 15 priority needs

6
Related documents

• E-Science Task Force Recommendations
• High-level framework of recommendations, of
  which the roadmap provides the technical content
• E-Science Security Policy
• Identifies structure and responsibilities for
  security in the e-Science programme

7
The Detail

• Problems and associated recommendations

8
Generic issues

• Problems
• Projects are not well provided with security
  solutions, and security skills are not always
  available
• Needs
• Promulgate good practice, wherever it has been
  established in the programme

9
Authentication

• Problems
• Some projects are investigating large scale
  deployment, but
• The current e-Science PKI may not scale
• PKI credentials hard to use by non-specialist
  users
• Needs
• Scalable production infrastructure (medium)
• Better credential management (medium)
• Secure roaming (long)

10
Authorisation delegation (1)

• Problems
• Some authorisation systems exist
• Akenti, PERMIS, CAS, VOMS, VOM, Cardea
• Management and scalability of authorisation
  policies and users are major weaknesses
• Globus provides a delegation solution via short
  term proxy certificates, but
• The current delegation model is not suitable for
  all situations some projects are developing
  their own

11
Authorisation delegation (2)

• Needs
• Selection and central support of a policy and
  authorisation infrastructure (short)
• A policy reference model and protocols to support
  interoperability (medium)
• Policy creation and management tools (medium)
• An improved model for delegation (long)

12
Audit

• Problems
• Logging and auditing are generally well
  established and understood but
• The Grid introduces new problems audit trails
  become widely distributed
• Needs
• Tools to support the generation of diagnostic
  trails in distributed/Grid systems (long)

13
Privacy

• Definition
• Consent of data owner (so distinct from
  confidentiality)
• Problems
• Relatively little prior art exists, and some
  areas, e.g. health related systems, have specific
  concerns
• Needs
• Generation and promulgation of good practice in
  both policy and implementation, particularly for
  health related systems (medium)

14
Confidentiality

• Problems
• Most requirements dealt with under authorisation
  and encryption but
• Some projects are so distributed they will need
  to propagate constraints with data (e.g. rights
  metadata for digital content)
• Needs
• Mechanisms to transport access constraints with
  data (long)

15
Integrity

• Problems
• Solutions exist to manage integrity of data in
  transit but
• Wider problems of ensuring integrity of groups of
  related distributed data (provenance) and the
  need to manage this
• Needs
• To collect and promulgate successful approaches
  to provenance management from current research
  (medium)

16
Fabric (the compute/network infrastructure)

• Problems
• At present there is a tension between
  conventional fabric security (e.g. firewalls) and
  typical Grid systems
• Needs
• Packaged Grid security solutions that are
  friendly to fabric (long)
• Advanced firewalls with flexible policies, able
  to parse service information (long)

17
Trust

• Problems
• Trust is more than CAs or authorisation systems,
  it covers any actions by all parties e.g. that a
  user is obliged to delete data after reading it
• Projects in general wont adopt an open Grid
  they need to be able to restrict some aspects of
  their applications
• Needs
• A trust management framework for virtual grids
  with locally specific security features (medium)

18
Summary

• Operational characteristics are also important
• usability, performance, scalability,
  manageability, inter-operability, assurance
• Authorisation, authentication, delegation and
  trust problems are inter-related
• Roadmap identifies a total of 15 priority needs
• 2 short term
• 7 medium term
• 6 long term
• These are only the technical recommendations
  non-technical (or socio-technical)
  recommendations will follow as a later paper

19
You can help

• Do you have any major security concerns which we
  havent noted?
• Are you developing security practices, policies
  or technology? If so please let us know the
  programme needs to spread good practice