Title: Security%20and%20Certification%20Issues%20in%20Grid%20Computing
1 Security and Certification Issuesin Grid
Computing
- Ian Foster
- Mathematics and Computer Science Division
- Argonne National Laboratory
- and
- Department of Computer Science
- The University of Chicago
- http//www.mcs.anl.gov/foster
International Workshop on Certification and
Security in E-Services (CSES 2002), Montreal,
Canada, Aug 28
2Partial Acknowledgements
- Grid computing, Globus Project, and OGSA
- Carl Kesselman _at_ USC/ISI, Steve Tuecke _at_ANL
- Talented team of scientists and engineers at ANL,
USC/ISI, elsewhere (see www.globus.org) - Open Grid Services Architecture (OGSA)
- Karl Czajkowski _at_ USC/ISI, Jeff Nick, Steve
Graham, Jeff Frey _at_ IBM, www.globus.org/ogsa - Grid security, OGSA Security, CAS
- Frank Siebenlist, Von Welch, Laura Pearlman
- Support from DOE, NASA, NSF, IBM, Microsoft
3Overview
- What is the Grid anyway?
- And whats it got to do with e-services?
- Grid security certification issues
- Demands of virtual organizationsand Grid
approach to addressing these demands - Implementation approach
- Globus Toolkit Grid Security Infrastructure
- Open Grid Services Architecture (OGSA)
- OGSA security architecture
- Summary
4Overview
- What is the Grid anyway?
- And whats it got to do with e-services?
- Grid security certification issues
- Demands of virtual organizationsand Grid
approach to addressing these demands - Implementation approach
- Globus Toolkit Grid Security Infrastructure
- Open Grid Services Architecture (OGSA)
- OGSA security architecture
- Summary
5E-Science The Original Grid Driver
- Pre-electronic science
- Theorize /or experiment, in small teams
- Post-electronic science
- Construct and mine very large databases
- Develop computer simulations analyses
- Access specialized devices remotely
- Exchange information within distributed
multidisciplinary teams - Need to manage dynamic, distributed
infrastructures, services, and applications
6And Thus The Grid
- Resource sharing coordinated problem solving
in dynamic, multi-institutional virtual
organizations
7Grids at NASA Aviation Safety
Wing Models
- Lift Capabilities
- Drag Capabilities
- Responsiveness
Stabilizer Models
Airframe Models
- Deflection capabilities
- Responsiveness
Crew Capabilities - accuracy - perception -
stamina - re-action times - SOPs
Engine Models
- Braking performance
- Steering capabilities
- Traction
- Dampening capabilities
- Thrust performance
- Reverse Thrust performance
- Responsiveness
- Fuel Consumption
Landing Gear Models
8Life Sciences Telemicroscopy
DATA ACQUISITION
PROCESSING,ANALYSIS
ADVANCEDVISUALIZATION
NETWORK
COMPUTATIONALRESOURCES
IMAGING INSTRUMENTS
LARGE DATABASES
9 Sloan Digital Sky Survey Analysis
Size distribution of galaxy clusters?
www.griphyn.org/chimera
10Data Grids for High Energy Physics
11Resource Sharing within VOs is Not Unique to
Science!
- Fragmentation of enterprise infrastructure
- Driven by cheap servers, fast nets, ubiquitous
Internet, eBusiness workloads - Need to configure distributed collections of
services to deliver specified QoS - Virtualization
- Emerging service infrastructure, utility
computing models, economies of scale - Services dynamically instantiated across device
spectrum - B2B, B2C, C2C interactions
12Virtualization andDistributed Service Management
Larger, more integrated More connected Dynamically
provisioned
Less capable, integrated Less connected User
service locus
Device Continuum
13Grid Computing
Grid Computing By M. Mitchell Waldrop May
2002 Hook enough computers together and what do
you get? A new kind ofutility that offers
supercomputer processing on tap.Is Internet
history about to repeat itself?
14Challenging Technical Requirements
- Dynamic formation and management of virtual
organizations - Discovery online negotiation of access to
services who, what, why, when, how - Configuration of applications and systems able to
deliver multiple qualities of service - Management of distributed state within
infrastructures, services, and applications - Open, extensible, evolvable infrastructure
15Challenging Technical Requirements
- Dynamic formation and management of virtual
organizations - Discovery online negotiation of access to
services who, what, why, when, how - Configuration of applications and systems able to
deliver multiple qualities of service - Management of distributed state within
infrastructures, services, and applications - Open, extensible, evolvable infrastructure
Security and Certification Issues
16Overview
- What is the Grid anyway?
- And whats it got to do with e-services?
- Grid security certification issues
- Demands of virtual orgsand Grid approach to
addressing these demands - Implementation approach
- Globus Toolkit Grid Security Infrastructure
- Open Grid Services Architecture (OGSA)
- OGSA security architecture
- Summary
17Grid Security Certification
- Challenges include
- Dynamic group membership and trust relationships
within virtual organizations - Complex computational structures extending beyond
client-server delegation - Mission-critical apps and valuable resources
- Issues include
- Cross-certification
- Mechanisms and credentials
- Distributed authorization
- Secure logging and audit
18Cross Certification Issue
Certification
Certification
Authority
Authority
Domain B
Domain A
Policy
Policy
Authority
Authority
Task
Server Y
Server X
Sub-Domain A1
Sub-Domain B1
19Cross-Certification
- Cross-certification at corporate level difficult
- Legal implications, liability, bureaucracy
- Address trust at user/resource level!
- Many business relationships do not require
involvement of President/CEO - Virtual organization as bridge
- Federate through mutually trusted services
- Local policy authorities rule
- Assertions language for trust relationships
- WS-Trust, WS-Federation, WS-Policy
20Grid SolutionUse Virtual Organization as Bridge
No Cross- Domain Trust
Certification
Domain A
Federation
Service
common mechanism
Virtual
Organization
Domain
21Mechanism and Credential Issue
- Different mechanisms credentials
- X.509 vs Kerberos, SSL vs GSSAPI, X.509 vs.
X.509 (different domains) - X.509 attribute certs vs SAML assertions
- Need for common mechanism
- GSI-SecureConversation
- Need for credential federation services
- Obtain X.509 creds with Kerberos ticket
- Obtain Kerberos ticket with X.509 creds
- Cross X.509 or Kerberos domains/realms
22ExampleKerberos-X.509 Federation
- Requestor Kerberos realm
- Server X.509-based domain (only authenticates
requestors with X.509 creds) - VO provides Kerberos-CA federation service
- Has Kerberos identity within requestors realm
- Kerb-CA cert is trusted within server-side VO
- Kerb-CA issues (short-lived) X.509-certs that
assert requestors Kerberos principal name - Requestors runtime is X.509-enabled
- Servers access control policy within the VO is
based on requestors Kerberos principal name
23Kerberos-X.509 Federation Service
Kerberos Realm
X.509 Domain
Kerberos-CA Svc
Policy
Authority
Kerberos Ticket
trusts Krb-CA
issued certs
enforcement on
requestor's
X.509 cert
principal name
X.509 secured protocol
Requestor
Server
Virtual
Organization
Domain
24Grid Authorization/Policy Issue
- Resources may not know foreign requestors
- Impairs fine-grained policy admin
- Outsource policy admin to reqs sub-domain
- Enables fine-grained policy
- Community Authorization Service (CAS)
- Resource owner sets course-grained policy rules
for foreign domain on CAS-identity - CAS sets policy rules for its local users
- Requestors obtain capabilities from their local
CAS that get enforced at the resource
25Community Authorization Service
Domain A
Domain B
Sub-Domain B1
Sub-Domain A1
Policy
Authority
Community
Authorization Svc
enforcement
CAS identity
on CAS-identity and
"trusted"
requestor's capabilities
capability
assertions
request
CAS assertions
Server
Requestor
Virtual
Organization
Domain
26Security Services VO
Requestor's
Service Provider's
Domain
Domain
Trust
Trust
Service
Service
Authorization
Attribute
Authorization
Attribute
Service
Service
Service
Service
Audit/
Audit/
Privacy
Privacy
Secure-Logging
Secure-Logging
Service
Service
Service
Service
Credential
Credential
Validation
Validation
Service
Service
Bridge/
Translation
Service
Service
Requestor
Provider
WS-Stub
WS-Stub
Secure Conversation
Application
Application
Credential
Credential
Validation
Validation
Service
Service
Authorization
Authorization
Service
Service
Attribute
Attribute
Service
Service
Trust
Trust
Service
Service
VO
Domain
27Secure Logging and Audit
- Robust, secure audit infrastructure is essential
for commercial Grid deployment - Natural audit code-points in OGSA runtime
- Users credentials, authorization decisions,
invoked portTypes, parameter values, etc. - Allows for secure logging transparent and
independent from applications - Standard call-outs to external security services
- More relevant audit code-points
- XML facilitates audit-entry filtering mgmt
28Transparent Audit Code-Points
All service invocations and policy decisions
within stubs are natural audit code-points
29Overview
- What is the Grid anyway?
- And whats it got to do with e-services?
- Grid security certification issues
- Demands of virtual organizationsand Grid
approach to addressing these demands - Implementation approach
- Globus Toolkit, Grid Security Infrastruct.
- Open Grid Services Architecture (OGSA)
- OGSA security architecture
- Summary
30The Grid World Current Status
- Many major Grid projects in scientific
technical computing/research education - Open source Globus Toolkit a de facto standard
for major protocols services - Simple protocols APIs for authentication,
discovery, access, etc. infrastructure - Information-centric design
- Large user and developer base
- Multiple commercial support providers
- Global Grid Forum community standards
- Emerging Open Grid Services Architecture
31Grid Security Infrastructure
- Uniform authentication authorization mechanisms
in multi-institutional setting - Single sign-on, delegation, identity mapping
- Public key tech, SSL/TLS, X.509, GSS-API
- Internet/GGF drafts document extensions
- Supporting infrastructure
- Certificate Authorities
- Online credential repository
- Kerberos-X.509 federation server
- Etc., etc., etc.
32GSI in Action Create Processes at A and B that
Communicate Access Files at C
User
Site B (Unix)
Site A (Kerberos)
Computer
Computer
Site C (Kerberos)
Storage system
33Grid EvolutionOpen Grid Services Architecture
- Goals
- Refactor Globus protocol suite to enable common
base and expose key capabilities - Service orientation to virtualize resources and
unify resources/services/information - Embrace key Web services technologies for
standard IDL, leverage commercial efforts - Result standard interfaces behaviors for
distributed system mgmt the Grid service - Standardization within Global Grid Forum
- Open source commercial implementations
34The Grid Service Interfaces/Behaviors Service
Data
Service data element
Service data element
Service data element
Binding properties - Reliable invocation -
Authentication
Implementation
Hosting environment/runtime (C, J2EE, .NET, )
35WS Security ArchitectureCurrent/Proposed
Specifications
WS-Secure Conversation
WS-Federation
WS-Authorizatn
Composable architecture only use what you need
WS-Policy
WS-Trust
WS-Privacy
today
WS-Security
time
SOAP Foundation
36Grid Security and OGSA
- OGSA security roadmap defines a set of required
services and indicates for each if - Is provided by WS Security specs
- May be provided by WS Security specs
- Requires standardized profile/mechanisms and/or
extensions for WS Security specs - Addresses, for example
- GSISecureConversation
- Standardized policy services
- Standardized audit services
- Etc., etc., etc.
37OGSA Security Components
Intrusion
Credential and
Secure
Access Control
Audit
Identity Translation
Detection
Conversations
Non-repudiation
Enforcement
(
)
Single Logon
Anti-virus
Management
Mapping
Service/End-point
Authorization
Privacy
Policy
Policy
Rules
Policy
Policy
Management
(authorization,
privacy,
federation, etc)
Policy Expression and Exchange
Trust Model
Secure Logging
User
Management
Bindings Security
Key
(transport, protocol, message security)
Management
38Overview
- What is the Grid anyway?
- And whats it got to do with e-services?
- Grid security certification issues
- Demands of virtual organizationsand Grid
approach to addressing these demands - Implementation approach
- Globus Toolkit Grid Security Infratructure
- Open Grid Services Architecture (OGSA)
- OGSA security architecture
- Summary
39Summary
- The Grid resource sharing coordinated problem
solving in virtual organizations - Challenging security cert. requirements
- OGSA security architecture addresses Grid
certification, federation, bridging issues - Leverages WS Security standards OGSA
- Standardized security services, profiles, and
mechanisms - Open source Globus Toolkit and commercial
implementations
40For More Information
- The Globus Project
- www.globus.org
- Technical articles
- www.mcs.anl.gov/foster
- Open Grid Services Arch.
- www.globus.org/ogsa
- Global Grid Forum
- www.gridforum.org
- Chicago, Oct 15-17