Security and the Grid

1
Security and the Grid

• Mark Baker

University of Portsmouth, UK Mark.Baker_at_Computer.o
rg Southampton, December 2001 http//www.dcs.port
.ac.uk/mab/Talks/
2
Overview

• Security
• Incidents
• Types of Attack
• Actors and Threats
• Trends and The Future.
• The Grid
• Computing and Networking Some trends
• From Metacomputing to Grid Computing
• Building blocks for Grids
• Grid computing approaches and projects
• Future trends and conclusions.

3
The Internet Today

• Millions of systems on all 7 continents.
• In excess of 400 million users have access.
• 220 countries around the world have registered
  for access.
• Internet population doubling in approximately 10
  months last 11 years!
• Volume of traffic doubling approximately every 90
  days.

4
Future Environments

• World-wide.
• High speed networking.
• Cheap (free?), ubiquitous computing.
• Widely-deployed encryption.
• Truly mobile computing.
• Many embedded systems connected.
• Billions of users.

5
State of Security Poor

• Examples abound
• DoD reports 22,000 attacks on Pentagon systems in
  2000 (over 250,000 through all DoD).
• 3 incidents at Microsoft, Oct 2000, Jan 2001.
• Feb 2000, Denial of Service against eBay, Yahoo,
  Amazon.
• China/US Cyber-skirmish.
• Code Red worms, SirCam virus in fall 2001.
• CSI/FBI figures
• Fewer than 20 sites report no unauthorized use.
• Average loss of 1 million per year.

6
Real losses

• Melissa, March 1999
• Word 97, Word 2000
• 300 million in damages
• Approximately 4 days,150,000 systems
• I LOVE YOU, May 2000
• Outlook
• As much as 10 billion in damages
• Approximately 24 hours, gt 500,000 systems
• Code Red I
• IIS flaws, with fixes published months earlier
• 360,000 systems in 14 hours, several billion in
  damages
• Brain took 5 years to do 50 million.

7
Growth of Viruses Inthe Wild
8
More data

• CERT/CC fielded 21,756 incidents in 2000.
• Growth from
• 3734 in 1998,
• 9859 in 1999.
• On-going probes
• 50-60 incidents per day on Internet.
• 10-12 incidents per day on DSL.
• 5-6 incidents per day on dial-up.

9

• About 30 are buffer overflows or unchecked
  data.
• Over 90 are coding/design flaws.
• - Securityfocus.com

10
Typical user

• Less than 1 year online.
• No background in computing.
• Has major OS, 1 GHz machine, but uses only 3
  applications.
• Does not make backups.
• On-line constantly.
• In other words, a target!

11
The World in 2004 (at this rate)

• 100,000 computer viruses
• 99 for one vendors software
• New viruses _at_ more than 1 per hour.
• Most common desktop system
• Almost 100 million Lines Of Code, 1GHz
• 1 security patch announced per day.
• Attacks over network exceed 10 per hour.
• Losses to business and government will exceed
  100 billion per year.

12
Actors
13
Defences

• Virus prevention
• Largely pattern based, need updates.
• Firewalls
• Because we cannot control users.
• Largely pattern based, need updates.
• Virtual Private Networks (VPNs).
• Security scanners
• Look for known flaws and misconfiguration.

14
But

• Virus prevention
• Patterns need to be updated continuously.
• Firewalls
• Cannot handle terabit pipes, wireless networks,
  VPNS.
• VPNs
• How will these work in mobile networks?
• Security scanners
• Too intrusive, need almost hourly updates to run

15
The Nature of New Threats

• Only a few result from new technology
• Faster machines
• Wireless technology
• Faster communications.
• Increasing computerisation and connectivity.
• Poor quality in COTS.
• User attitude and education.
• Lack of experts and expertise.

16
New technology WirelessNetworking

• Enhances eavesdropping.
• Insertion of malicious code.
• Denial of service.
• Theft of devicesand thus, theft of identity.
• Loss and damage become bigger concerns.
• Encourages work in unsafe environments.

17
New technology Fastermachines and communications

• Stronger encryption required.
• Automated defences required.
• More aggregation of data, and associated
  problems.
• Greater reach from far away.

18
Poor quality in COTS

• Increasing pressure to use standard, homogenous
  solutions.
• Consumers push for features, BUT not security.
• Little awareness or training at vendors.
• Compatibility breeds more problems.
• No incentive for quality!

19
User Attitude

• Most users want features, not security.
• Thin client computing not popular.
• User-installed software a threat.
• Dynamic update a threat Windows 2K/XP!
• Issue of home vs. workplace computing.
• Users do not want controls, and management often
  will not enforce them!

20
Shortage of Experts

• Only a few university programmes of note
• Require resources, infrastructure, faculty.
• Hyper-competitive market.
• Too many managers mistake criminal experience for
  expertise.
• Shortage of real government understanding or
  commitment.
• Problem will get worse before it gets better.

21
How About the law?

• UCITA
• See http//www.4cite.org
• International issues.
• Law enforcement handicapped
• Basic issues need to be debated
• Lack of resources and personnel
• Turf battles.

22
What can we do?

• Need assurance, not features
• Do a few things welland safely!
• Stop using the hammer
• Diversity of systems is a good thing, but
• Build in security from the start.
• Understand policy differences.
• Think about the use of technology
• Do not simply ask Can we do it? but also ask
  Should we do it?

23
Users need to be betterconsumers

• 28-30 million lines of code for an operating
  system!?
• Consumers need to start demanding quality and
  security instead of new features.
• Security Quality Assurance needs to be the
  explicit part of every design and measured for
  the consumer.
• Hacking into systems is not security
  penetrate and patch is not a design.

24

• The Grid
• A blueprint for a global computing infrastructure

25
Some Trends

• Computer Hardware
• Continuous improvement of the commodity processor
  performance (P IV, Alpha, G4, .)

• Architected by Apple, Motorola and IBM
• Theoretical peak performance of 3.6 Gflops/s
• Sustained performance of over one Gflops/s

26
Some Trends

• Networks
• Continuous improvement of the network bandwidth
  and latency.
• WAN ATM networks rapidly transitioned from
  research Gigabit networks to commercial
  deployment.

• OC3 (155 Mbps)
• OC12 (622 Mbps)
• OC48 (2.5 Gbps)
• OC192 (10 Gbps)
• OC768 (49 Gbps)
• OC3072 (159 Gbps)

Production
Experimental
27
Some Trends
Advances in computing are inseparable from
advances in networking
28
Computing Platforms
?
PERFORMANCE
Administrative Barriers

• Individual
• Group
• Department
• Campus
• State
• National
• Globe
• Inter Planet
• Universe

Desktop
SMPs or SuperComputers
Local Cluster
Global Cluster/Grid
Inter Planet Cluster/Grid ??
Enterprise Cluster/Grid
29
Metacomputing

• Different resources (computing, instruments, .)
• Geographically distributed
• Used as a single powerful parallel resource.

30
Metacomputing

• The word metacomputing has been coined to
  describe this new computational approach.
• Reference
• Larry Smarr Charles E. Catlett
• Metacomputing
• Communications of the ACM, 35(6)45-52, June 1992

31
Are they Synonyms ?

• Metacomputing.
• Heterogeneous Computing Environments.
• High Performance Distributed Computing.
• Networked Virtual Supercomputing.
• Seamless Computing.
• Wide Area Computing.
• Grids.

32
From the Gospel of the Saints Carl Ian

• Large-scale applications in the 21st Century
• Will involve
• The communication with and the coordination of a
  large number of geographically dispersed
  information sources
• Will require an environment the supports
• Reliable
• Fault-tolerant
• Highly distributed
• Heterogeneous
• Scalable.
• Computing capabilities.

33
Why Grids?

• A biochemist exploits 10,000 computers to screen
  100,000 compounds in an hour.
• 1,000 physicists worldwide pool resources for
  Petaop analyses of Petabytes of data.
• Civil engineers collaborate to design, execute,
  analyze shake table experiments.
• Climate scientists visualize, annotate, analyze
  Terabyte simulation datasets.
• An emergency response team couples real time
  data, weather model, population data.

34
Why Grids? (contd.)

• A multidisciplinary analysis in aerospace couples
  code and data in four companies
• A home user invokes architectural design
  functions at an application service provider
• An application service provider purchases cycles
  from compute cycle providers
• Scientists working for a multinational soap
  company design a new product
• A community group pools members PCs to analyze
  alternative designs for a local road

35
Grid Applications-Drivers

• Distributed HPC (Supercomputing)
• Computational science.
• High-throughput computing
• Large scale simulation/chip design and parameter
  studies.
• Remote software access/renting services
• Application service provides (ASPs).
• Data-intensive computing
• Data mining, particle physics (CERN).

36
Grid Applications-Drivers

• On-demand computing
• Medical instrumentation network-enabled
  solvers.
• Collaborative
• Collaborative design, data exploration, education.

37
The Grid Vision to offer

• Dependable, consistent, pervasive access to
• resources
• Dependable Can provide performance and
  functionality guarantees.
• Consistent Uniform interfaces to a wide variety
  of resources
• Pervasive Ability to plug in from anywhere.

Source www.globus.org
38
Creating Grids

• In the same way that the electric power grid
  provides universal access to electrical power, a
  computational Grid could provide
• More widespread access to global resources
• Allowing users to request additional networked
  resources on demand
• Take advantage of resources that are idle
• Interact with simulations and very large
  databases in real-time
• Construct a supercomputer from many smaller
  computers connected to the Internet

39
A View of the Grid Infrastructure
40
A Grid View
41
The Grid Impact!

• The global computational Grid is expected to
  drive the economy of the 21st century similar to
  the electric power grid that drove the economy of
  the 20th century

42
Daresbury Grid Testbed
IBM PPC (AIX, MyProxy, server)
IBM PPC cluster (4xPPC, AIX, Web server)
Beowulf1 (32xPIII, Linux, PBS)
LoadLeveler
Loki (64xAlpha, Linux, PBS)
SP (48xPower, AIX, Loadleveler)
Globus
Condor
Condor
SUN cluster (2xUltra, Solaris, GIIS server)
43
Online Access to Scientific Instruments
Advanced Photon Source
wide-area dissemination
desktop VR clients with shared controls
real-time collection
archival storage
tomographic reconstruction
DOE X-ray grand challenge ANL, USC/ISI, NIST,
U.Chicago
44
Data Grids forHigh Energy Physics
Image courtesy Harvey Newman, Caltech
45
Mathematicians Solve NUG30

• Looking for the solution to the NUG30 quadratic
  assignment problem
• An informal collaboration of mathematicians and
  computer scientists
• Condor-G delivered 3.46E8 CPU seconds in 7 days
  (peak 1009 processors) in U.S. and Italy (8 sites)

14,5,28,24,1,3,16,15, 10,9,21,2,4,29,25,22, 13,26,
17,30,6,20,19, 8,18,7,27,12,11,23
MetaNEOS Argonne, Iowa, Northwestern, Wisconsin
46
Network for EarthquakeEngineering Simulation

• NEESgrid national infrastructure to couple
  earthquake engineers with experimental
  facilities, databases, computers, each other
• On-demand access to experiments, data streams,
  computing, archives, collaboration

NEESgrid Argonne, Michigan, NCSA, UIUC, USC
47
Home ComputersEvaluate AIDS Drugs

• Community
• 1000s of home computer users
• Philanthropic computing vendor (Entropia)
• Research group (Scripps)
• Common goal advance AIDS research

48
iVDGLInternational Virtual Data Grid Laboratory
U.S. PIs Avery, Foster, Gardner, Newman, Szalay
www.ivdgl.org
49
Electrical Grid

• Electric power applications have caused radical
  changes into the individual and collective life
  of men.

50
Electric Plug Shapes ...
Standardisation Effortsin the Electrical Grid
51
Building Grids requires...

• New programming tools.
• Software that can translate the requirements of
  an application into requirements for computers,
  networks, and storage.
• Security mechanisms that permit resources to be
  accessed only by authorised users.
• Computers and operating systems that are more
  tightly integrated with high-speed networks.
• And strong standardisation EFFORTS...

52
(No Transcript)
53
PVM
DCOM
MPI
CORBA
NEXUS
HPF
JINI
JAVA
RESOURCE MANAGEMENT
EFFICIENCY
SECURITY
PORTABILITY
INTER-OPERABILITY
54
Conclude with a comparison with the Electrical
Grid..

• Where we are ????

55
Alessandro Volta in Paris in 1801 inside French
National Institute shows the battery while in the
presence of Napoleon I

• Fresco by N. Cianfanelli (1841)
• (Zoological Section "La Specula" of National
  History Museum of Florence University)

56
(No Transcript)
57
2000 - 1801 199 Years
58
The Computational Grid is analogous to
Electricity (Power) Grid and the vision is to
offer a dependable, consistent, pervasive, and
inexpensive access to resources irrespective
their location of physical existence and the
location of access.
59
Trends
It is very difficult to predict the future and
this is particular true in a field such as
Information Technology
I think there is a world market for about five
computers. Thomas J. Watson Sr., IBM Founder,
1943
60
Future Grid Scenarios

• Access to any resources, for anyone, anywhere,
  anytime, from any platform portal (super)
  computing .
• Application access to resources from the wall
  socket!
• Many applications provide solutions in real-time.
• Choice of working office vs home vs . . .
• Collaboratories for distributed teams.
• Monitoring and steering applications through
  wireless devices (PDAs etc.).

61
Future Grid Scenarios

• Distance learning, training, education.
• Traffic automation Grid!
• Health care everybody gets the same high-quality
  treatment through WAN access to central
  instruments and experts.

62
For More Information

• Globus Project
• www.globus.org
• Grid Forum
• www.gridforum.org
• Book (Morgan Kaufman)
• www.mkp.com/grids
• Grid Support Centre
• www.grid-support.ac.uk

63

• Thanks to Eugene H. Spafford, Professor
  Director, Center for Education and Research in
  Information Assurance and Security (CERIAS),
  Purdue University, USA.