Secure Distributed Objects for Grid Applications - PowerPoint PPT Presentation

1 / 32
About This Presentation
Title:

Secure Distributed Objects for Grid Applications

Description:

A Java API Tools for Parallel & Distributed Computing. A uniform framework : Active Object ... Disallowed. 14. 14. Descriptor Security Model. A key principle: ... – PowerPoint PPT presentation

Number of Views:23
Avg rating:3.0/5.0
Slides: 33
Provided by: SEM996
Category:

less

Transcript and Presenter's Notes

Title: Secure Distributed Objects for Grid Applications


1
Secure Distributed Objects for Grid Applications
  • Laurent Baduel, Arnaud Contes, Denis Caromel
  • OASIS team http//www.inria.fr/oasis
  • ProActive http//proactive.objectweb.org

2
Outline
  • Context
  • ProActive overview
  • Abstract Deployment model
  • Security Model
  • Security Entities
  • Security Policies
  • Example
  • Conclusion

3
The ProActive Middleware
  • A Java API Tools for Parallel Distributed
    Computing
  • A uniform framework Active Object (AO) pattern
  • one thread, owns passive objects, remotely
    accessible
  • Programming model
  • groups, mobility, components, security
  • A formal model
  • Determinism, Insensitivity to deployment

4
Deployment Model
  • Virtual Nodes
  • Identified as a string name, used in program
    source, configured (mapped) in an XML descriptor
    file
  • 2 distinct steps

Development Source Code
Deployment XML Descriptor
Active Objets ? VN VN ? Runtimes (JVMs) ?
Hosts
5
A ProActive Application
6
Multiple Deployment Issues
Different Deployments ? Different Security
Policies
One Host
Cluster
Grid
7
Issues Goals
  • Authentication of Computers, Users, and
    Applications
  • Creation, connection to, and monitoring of
    activities
  • Authentication, Integrity and Confidentiality
    (AIC) of communications
  • Several levels of security policies users,
    resource providers, administrators
  • Main objective Facilitate the use and the
    management of security features by removing them
    from the source code

8
Outline
  • Context
  • ProActive overview
  • Abstract Deployment model
  • Security Model
  • Security Entities
  • Security Policies
  • Example
  • Conclusion

9
Security Entity Model
  • Generic definition, composed of a security
    manager and a protected object
  • Subject of security policies
  • Transparent for the protected object (meta object
    protocol)
  • No supposition on the protected object (runtimes,
    nodes, active objects, )
  • Hierarchical structure

10
Security Entities
Protected Object
11
Application Authentication
  • SPKI
  • Certificate chain
  • No Certificate Authority

Application certificate
User certificate
certificates for active objects, nodes
Certificate chain
12
Hierarchical Security Policies
Administrator policy
  • Security policy is defined according all matching
    rules from
  • Domains / Runtime
  • Virtual Node
  • Active Object

Application-level policy
Final Security policy
Resource provider policy
13
Security Rule
Entities -gt Entities Interactions Security
Attributes
  • Attributes
  • Authentication
  • Integrity
  • Confidentiality
  • Each attribute can be
  • Allowed
  • Optional
  • Disallowed
  • Interactions
  • JVMCreation
  • NodeCreation
  • CodeLoading
  • ObjectCreation
  • ObjectMigration
  • Request
  • Reply
  • Listing
  • Entities
  • Domain
  • User
  • Virtual Node
  • Object

14
Descriptor Security Model
  • A key principle
  • Specify security policies in the XML deployment,
    NOT IN SOURCE CODE !
  • In program source
  • Virtual Node (VN, a string name)
  • In XML descriptors
  • List of policy rules between virtual nodes,
    runtimes, domains,

15
Security Example
  • 2 domains GridA GridB with security policies
  • Domain GridA -gt Domain GridB Q,P,M
    A,I,C
  • Domain GridB -gt Domain GridA Q,P,M
    A,I,C
  • Application
  • 2 Virtual Nodes (vn1,vn2)
  • 2 Active objects

16
Descriptor with Security
  • VirtualNodes vn1, vn2
  • SECURITY
  • VN vn1 -gt VN vn2 Q,P ?A,?I,?C
  • VN vn1 -gt VN vn2 M Forbidden
  • VN vn2 -gt VN vn1 Q,P ?A,?I,?C
  • VN vn2 -gt VN vn1 M Forbidden
  • Domain GridA -gt Domain GridB Q,P,M
    A,I,C
  • Domain GridB -gt Domain GridA Q,P,M
    A,I,C
  • Mapping
  • vn1 --gt GridAComputers, GridBComputers
  • vn2 --gt GridAComputers
  • JVMs
  • //

17
Example std. code, no security
// proActiveDescriptor.activateMappings() vn1
proActiveDescriptor.getVirtualNode("vn1") vn2
proActiveDescriptor.getVirtualNode("vn2") // Flo
wer rose (Flower) ProActive.newActive(Flower.cla
ss,new
Object Rose , vn1.getNode() Flower daliah
(Flower) ProActive.newActive(Flower.class,new
Object Daliah ,
vn2.getNode() / next VN1 node inside the same
domain / rose.migrateTo(vn1) / communication
inside the same domain / rose.sayHelloTo(daliah)
/ next VN1 Node, other domain
/ rose.migrateTo(vn1) / communication with
another domain / rose.sayHelloTo(daliah) /
other virtual node, forbidden / rose.migrateTo(vn
2)
18
Example
Domain GridA
Domain GridB
Policy rules database
VN1
Runtime
VN2
19
Example
Domain GridA
Domain GridB
VN1
Policy rules database
Runtime
VN2
20
Example
Domain GridA
Domain GridB
VN1
Policy rules database
Runtime
VN2
21
Example
Domain GridA
Domain GridB
Migration - same VN - same domain
Can I migrate to the next VN1 node ?
VN1
Policy rules database
Runtime
VN2
22
Example
Domain GridA
Domain GridB
Migration - same VN - same domain
1 - Retrieve VN policy 2 - migration allowed
VN1
Policy rules database
Runtime
VN2
23
Example
Domain GridA
Domain GridB
Migration - same VN - same domain
VN1
Policy rules database
Runtime
VN2
24
Example
Negotiated Policy Rose -gt Daliah ?A,?I,?C
Domain GridA
Domain GridB
Migration - same VN - same domain
Receive a method call Daliah -gt Rose
?A,?I,?C
Perform a method call Rose -gt Daliah ?A,?I,?C
VN1
Policy rules database
Runtime
VN2
25
Example
Domain GridA
Domain GridB
Migration - same VN - same domain
VN1
Runtime
Policy rules database
VN2
26
Example
Domain GridA
Domain GridB
Migration - same VN - other domain
Can I migrate to the next VN1 node on GridB
domain?
VN1
Policy rules database
Runtime
VN2
27
Example
Domain GridA
Domain GridB
Migration - same VN - other domain
1- VN1 policy -gt none 2- GridA -gt GridB
A,I,C 3- migration with A,I,C
VN1
Policy rules database
Runtime
VN2
28
Example
Domain GridA
Domain GridB
Migration - same VN - other domain
VN1
Policy rules database
Runtime
VN2
29
Example
Negotiated Policy Rose -gt Daliah A,I,C
Domain GridA
Domain GridB
Method call - other VN - other domain From
Rose --gt Daliah
Receive a method call Daliah -gt Rose
A,I,C
Perform a method call Rose -gt Daliah A,I,C
VN1
Policy rules database
Runtime
VN2
30
Example
Domain GridA
Domain GridB
Migration - other VN From Rose --gt Daliah
NO !
Migration to VN2 ? VN1 -gt VN2 -M
VN1
Policy rules database
Runtime
VN2
31
Conclusion
  • Transparent to application
  • Take care of a hierarchy of security policies
  • Security can be adapted to application deployment

32
  • Thank you for your time
  • Questions ?

33
Security Context Propagation
  • Grid Applications are dynamic
  • Acquire resources
  • Create new entities on allocated resources
  • Automatic security context propagation to
    maintain application security context

34
Hierarchical Domains
  • A logical way to group entities that have the
    same security needs.
  • Domains are Security Entities
  • are hierarchical
  • enforce policies to contained security entities
Write a Comment
User Comments (0)
About PowerShow.com