Security%20in%20Computational%20Grid

1
Security in Computational Grid

• Seonho Kim
• Oct 18th 2002

2
Content

• Computational Grid
• Security Requirements in Grid
• Terminology
• Security Policy in Grid
• Globus overview
• Grid Security Architecture

3
What is Grid?

• A computational grid is a hardware and software
  infrastructure that provides dependable,
  consistent, pervasive, and inexpensive access to
  high-end computational capabilities
• A Computational Grids is a wide area distributed
  and parallel computing environment consisting of
  heterogenous platforms spanning multiple
  administrative domains
• coordinated resource sharing and problem solving
  in dynamic, multi-institutional virtual
  organizations
• Checklists
• Coordinates resources that are not subject to
  centralized control
• Using standard, open, general-purpose protocols
  and interfaces
• Deliver nontrivial qualities of services

4
Security?

• Protecting the system from its users
• Preventing the unauthorized disclosure or
  modification of data

Security in Computational Grid

• Characteristics of the Grid computing environment
• Large dynamic user population and resource pool
• Dynamic resource acquisition and release
• Dynamic creation and destruction of a variety of
  network connections
• Heterogenous local authentication and
  authorization mechanisms and policies (e.g.
  Kerboros, plaintext passwords, SSL, SSH etc)
• An individual user will be associated with
  different local name spaces, credentials, or
  accounts at different sites.

5
Security Requirements

• Authentication solution for verifying identities
  among a user, the processes, and the resources
  during the computation
• Support for Local Heterogeneity
• Various authentication/authorization mechanism,
  polices
• Several Constraints to meet
• Single sign-on delegation
• Protection of Credentials
• Interoperability with local security solutions
  Inter-domain access mechanism
• Uniform certification infrastructure
• Support for secure group communication
• Support for multiple implementations

6
Security Requirements - Delegation

• The context initiator gives the context acceptor
  the ability to initiate additional security
  contexts as an agent of the context initiator
• Remote creation of a proxy credential
• Allows remote process to authenticate on behalf
  of the user
• Delegation in Globus
• New key pair generated remotely on server
• Proxy certificate and public key sent to client
• Clients signs proxy certificate with its private
  key and returns it
• Server puts proxy in /tmp

7
Terminology

• Authentication
• Authorization
• Integrity and Confidentiality
• Security Policy
• A set of rules that define the security subjects,
  security objects, and relationships(security
  operations) among them.
• CA(Certificate Authority)
• The third party that does certification(the
  binding) and issuing certificate
• Trust Domain
• A logical, administrative structure where a
  single, consistent local security policy holds

8
Security Policy in Grid

• Multiple trust domains
• Inter-domain interactions mapping of
  inter-domain operations into local security
  policy
• Operations within a single trust domain are
  subject to local security policy only
• Mapping from global subjects to local subjects
• Authenticated global subject is considered
  authenticated locally
• Mutual authentication between entities in
  different trust domains
• Local access control decisions by local system
  administrators
• The execution of programs without additional user
  interaction during the computation
• Processes running on behalf of the same subject
  within the same trust domain may share a single
  set of credentials

9
Globus Overview

• Globus (Argonne National Lab)
• software toolkit that makes it easier to build
  computational grids and grid-based applications
• Protocols and APIs
• Resource Management (GRAM)
• Information Service (MDS)
• Data Transfer (GridFTP)
• Security (GSI)

Proxies and delegation for secure single
sign-on
Proxies and Delegration
PKI (CAs and Certificates)
SSL / TTL
for Authentication and message protection (Secured
connection)
10
Certificate CA
Subject Name
Subject Name CA
Public Key
CAs Public Key
CA Name
CA Name CA
Signature of CA
Signature of CA
CAs Certificate
User Certificate Issued by CA

• A X.509 certificate binds a public key to a name
  
• Used to identify and authenticate the user or
  service
• By checking the signature, one can determine
  that
• a public key
• belongs to a given user
• The CA signs its own certificate
• distributed across the network

11
Mutual Authentication (How to identify each other
?)
? Connection established
User A
User B
CA
CB
? A sends B its certificate
? B sends A a plaintext
? 1) check validity of CA based on
digital signature of CA 2) extract the
public key of A
? A encrypt the plaintext using CA and sends it
to B
? B decrypt the encrypted message If this
matches with the original message, B can
trust A now
12
GSI in ActionCreate Processes at A and B that
Communicate Access Files at C
Single sign-on via grid-id generation of
proxy cred.
User Proxy
User
Proxy credential
Or retrieval of proxy cred. from online
repository
Remote process creation requests
Site A (Kerberos)
GSI-enabled GRAM server
GSI-enabled GRAM server
Authorize Map to local id Create process Generate
credentials
Ditto
Site B (Unix)
Computer
Computer
Process
Process
Local id
Local id
Kerberos ticket
Restricted proxy
Restricted proxy
Site C (Kerberos)
With mutual authentication
Storage system
13
User Proxy Creation
? The User gains access to the computer
CUP
? Temporary Credential created
CU
The User
? User Proxy Credential is created
CUP
CUP Sign(U) CUP , Start-Time, End-Time
User Proxy
? A User Proxy is created
CUP
14
Resource Allocation
Mutual Authentication based on CUP and CRM
User Proxy
Resource Manager
CUP
CRM
? The UP request Resource Allocation
Sign(UP) Allocation Specification
? 1) Authentication(validate UP check the
expiration) 2) Authorization by local
policy (may need mapping between
Globus users credential and local user ID or
maynot) 3) Allocate Resource
? PROCESS-HANDLE returned
Process Manager
Resource
PROCESS-HANDLE Sign(RM) host-identifier,
process-identifier
15
Process to Process Authentication
? Temporal Process Credential created
User Proxy
CP
Process
CUP
Sign(PM) CP Process-Credential
? Process Credential Request
CP
? CP Passed to PM
Resource
Process Manager
? 1) examine the request 2) generate CP
and return it to PM
? CP Passed to the Process
CPM
CP Sign(UP) CP
CP
16
Resource Allocation request from a Process
Sign(P) Operation, Operation Arguments
? The process issues a request for the resource B
User Proxy
Process
CP
CUP
? return the result
Sign(UP) Execution-Result
? 1) authenticate the request 2) executes
the request
Resource
Process Manager
Process
CP
CPM
Resource B
17
Mapping between Globus Subject Resource
Subject (1)
Globus Subject
Resource Subject
Mapping
User ID
Local Name for local access to some resource
Global Name
CUP
CP
Password
Globus Credential
Resource Credential
Using Grid Map table