Postgraduate Conference Poster Template

1
Grid Security and GridSite
Shiv Kaushal, Andrew McNab University of
Manchester
What is the Grid? The analogy most commonly
used when describing computational Grids is that
of an electricity grid. In an electricity grid
there are multiple power stations on a network
of power lines and consumers connect to it
through a standard interface (i.e. a plug in a
socket) to get electricity. The consumer does not
know where the power was generated and neither do
they need to - it just works. The principle of
computational Grids is exactly the same except
that the resource is not electricity but data
storage or processing power, and the power
stations are computer centres connected by the
internet. These centres could be located in the
same country or on the opposite sides of the
world and still appear as a single resource
providing large amounts of storage space and
processing power.
Grid Security Access to the Grid is dependent on
the use of digital certificates - a single
sign-on which eliminates the need for multiple
usernames and passwords to access resources from
different sites. A Grid certificate (Figure 1) is
an electronic file that uniquely identifies a
user using security technologies well established
in areas such as online shopping and banking. The
uniqueness comes from a string of characters, a
Distinguished Name (DN), containing information
about the users institution, department and
their Certificate Authority (the issuer of the
certificate). Certificates can thought of as
digital passports as well as being used as a
digital ID, they can be digitally signed (similar
to getting visa stamps) by organisations to prove
that a user is a member of that organisation. A
user can then present their certificate as proof
that they should have access to the corresponding
resources on the Grid.
User Services The ability for a user to upload
their own CGI programs (or services) to a
GridSite server has many potential applications
but is also raises some security issues. The
programs that users upload could potentially
interfere with the files on the server and with
each other. A model was produced to sandbox
(i.e. isolate) these programs from each other as
well as from the Apache software itself. This is
achieved by mapping a Grid certificate DN to one
of a pool of standard Unix accounts on the web
server. There are two modes of operation
supported in order to cater for different types
of services. In the first, the program is run by
a Unix account associated with the DN of the
client (the user accessing it). Any subsequent
connections from the same client will be mapped
to the same account (until the lease on the Unix
account expires, and the file system space is
recycled). This allows a service to maintain any
required information across multiple connections
from the same client and information pertaining
to different clients can not conflict with each
other. In the second, a Unix account is
associated with all of the CGI programs stored in
a particular directory and an associated DN. This
means that for every connection made to it, the
program is run under the same Unix account and is
therefore responsible for maintaining separations
between different clients. Since each such
directory is mapped to a dedicated Unix account,
the service still cannot interfere with any other
services files.
Figure 3 Third-party file transfer allows
direct copying between two locations for faster
transport
Access Control Lists All of the site management
features of GridSite, while powerful, are
potentially destructive. It is important to
ensure that only the correct people are able to
read or make changes to the pages and files
stored on the web server. Access control is
based on ACLs (Access Control Lists), which can
be written in either GACL (Grid Access Control
Language) or the emerging XACML (eXtensible
Access Control Markup Language) standard.
Initially only GACL was supported but XACML
support was added in such a way that moving
between the two options is simple. Interfaces
were also added to the GridSite library to allow
other programs to make use of the XACML handling
functionality in GridSite. While this is not a
full implementation of the XACML specification,
there is enough implemented to allow conversion
between GACL and XACML formats and is the only
open source implementation not written in Java.
Sun Microsystems offer a full Java implementation
which was used to test the XACML output of the
GridSite functions.
Why should you care? One of the first real uses
of Grid technologies will be for the Large Hadron
Collider (LHC) at CERN, due to go online in 2007.
The LHCs Computing Grid project estimates that
the LHC will produce 15 Petabytes of data a year,
roughly equivalent to 20 million CDs. Around 15
years of this data (plus backups) will need to be
stored by the end of the project. The data will
also need to be analysed for any new physics
discoveries to be made. These requirements are a
significant hurdle for success of the LHC
project. The Grid is an ideal solution to this
problem. The distributed nature of the Grid means
that no single site would need to house all of
the equipment needed to meet the computing
requirements, but the combined resources of sites
across Europe (and beyond) would be accessible as
a single resource. Physics is not the only
discipline that can benefit from Grid
technologies. There are many other areas that
could benefit from the large amount of processing
power that Grids can provide. These include
data/processing intensive projects such as
bio-medical protein folding simulations,
astrophysics virtual observatories and Earth
observation projects.
Figure 2 GridSite allows complete site
management, using certificates for authentication
GridSite GridSite is an extension that adds
support for accepting Grid certificates to the
Apache web server, originally developed as a
management tool for the GridPP web site. This is
a natural extension, given that Grid certificates
can be loaded into standard web browsers. It
enables users to perform a variety of tasks,
using their Grid certificate to determine what
level of access they should have. It can be used
to define who has access to particular files or
pages on a web site but can also allow users to
change the content of the pages, upload new files
and create entirely new sections on the web site
(Figure 2) while they are browsing the
site. GridSite has also moved beyond this
functionality to provide more advanced features.
These include a high speed file transfer protocol
(GridHTTP), third-party file transfer (Figure 3),
and allowing users to create and upload custom
CGI programs to provide dynamic site content.
GridSite also supports the creation of these CGI
services in a variety of programming languages,
as opposed to the usual Java-based approach
commonly found in Grid projects. This is of great
value to communities that want to create and use
Grid technologies, but have a large investment in
other programming languages as with particle
physics and C/C. Much of this functionality is
provided by command line tools as well as in a
C/C library for use in other Grid applications.
Figure 5 Firefox extensions can make GridSite
functionality easily accessible
Firefox Extensions Many of the features of
GridSite, are currently only accessible through
command line programs written specifically for
the task. In an attempt to make these more
accessible, work is underway on an extension to
the popular Firefox web browser. The extension
aims to allow the use of these features from
within the browser, taking advantage of the fact
that certificates can be loaded into the browser.
The first element to receive this treatment is
the GridHTTP protocol (Figure 5), implemented by
a simple right-click option. Future plans
include support for features such as certificate
expiry notification, support for loading
certificates with extra group membership
information and a supporting interface to
simplify the deployment of user-defines services
as described above.
Figure 4 Editing GACL and XACML access control
lists is greatly simplified by GridSites ACL
editor
GACL and XACML are both XML based languages and
are, as a result, difficult to read, create and
edit by hand (more so in the case of XACML).
Figure 4 shows a comparison of equivalent ACLs in
GACL and XACML as well as showing the web-based
ACL editor created to modify them. The editor
allows designated administrators to edit and
create ACLs on a GridSite server from a web
browser without the need for looking at any XML.
This ensures that administrators cannot create
invalid ACLs (i.e. with incorrect syntax) and
also that they cannot accidentally deny
themselves administrator access.
Figure 1 Grid certificates are digital
passports, uniquely and securely identifying
users
ACKNOWLEDGEMENTS This work is being carried out
with financial support from PPARC.
FURTHER INFORMATION GridSite http//www.gridsite
.org LHC Computing Grid http//lcg.web.cern.ch/LC
G GridPP http//www.gridpp.ac.uk XACML
Specification http//www.oasis-open.org