Title: Security%20in%20Computational%20Grid
1Security in Computational Grid
2Content
- Computational Grid
- Security Requirements in Grid
- Terminology
- Security Policy in Grid
- Globus overview
- Grid Security Architecture
3What is Grid?
- A computational grid is a hardware and software
infrastructure that provides dependable,
consistent, pervasive, and inexpensive access to
high-end computational capabilities - A Computational Grids is a wide area distributed
and parallel computing environment consisting of
heterogenous platforms spanning multiple
administrative domains - coordinated resource sharing and problem solving
in dynamic, multi-institutional virtual
organizations - Checklists
- Coordinates resources that are not subject to
centralized control - Using standard, open, general-purpose protocols
and interfaces - Deliver nontrivial qualities of services
4Security?
- Protecting the system from its users
- Preventing the unauthorized disclosure or
modification of data
Security in Computational Grid
- Characteristics of the Grid computing environment
- Large dynamic user population and resource pool
- Dynamic resource acquisition and release
- Dynamic creation and destruction of a variety of
network connections - Heterogenous local authentication and
authorization mechanisms and policies (e.g.
Kerboros, plaintext passwords, SSL, SSH etc) - An individual user will be associated with
different local name spaces, credentials, or
accounts at different sites.
5Security Requirements
- Authentication solution for verifying identities
among a user, the processes, and the resources
during the computation - Support for Local Heterogeneity
- Various authentication/authorization mechanism,
polices - Several Constraints to meet
- Single sign-on delegation
- Protection of Credentials
- Interoperability with local security solutions
Inter-domain access mechanism - Uniform certification infrastructure
- Support for secure group communication
- Support for multiple implementations
6Security Requirements - Delegation
- The context initiator gives the context acceptor
the ability to initiate additional security
contexts as an agent of the context initiator - Remote creation of a proxy credential
- Allows remote process to authenticate on behalf
of the user - Delegation in Globus
- New key pair generated remotely on server
- Proxy certificate and public key sent to client
- Clients signs proxy certificate with its private
key and returns it - Server puts proxy in /tmp
7Terminology
- Authentication
- Authorization
- Integrity and Confidentiality
- Security Policy
- A set of rules that define the security subjects,
security objects, and relationships(security
operations) among them. - CA(Certificate Authority)
- The third party that does certification(the
binding) and issuing certificate - Trust Domain
- A logical, administrative structure where a
single, consistent local security policy holds
8Security Policy in Grid
- Multiple trust domains
- Inter-domain interactions mapping of
inter-domain operations into local security
policy - Operations within a single trust domain are
subject to local security policy only - Mapping from global subjects to local subjects
- Authenticated global subject is considered
authenticated locally - Mutual authentication between entities in
different trust domains - Local access control decisions by local system
administrators - The execution of programs without additional user
interaction during the computation - Processes running on behalf of the same subject
within the same trust domain may share a single
set of credentials
9Globus Overview
- Globus (Argonne National Lab)
- software toolkit that makes it easier to build
computational grids and grid-based applications - Protocols and APIs
- Resource Management (GRAM)
- Information Service (MDS)
- Data Transfer (GridFTP)
- Security (GSI)
Proxies and delegation for secure single
sign-on
Proxies and Delegration
PKI (CAs and Certificates)
SSL / TTL
for Authentication and message protection (Secured
connection)
10Certificate CA
Subject Name
Subject Name CA
Public Key
CAs Public Key
CA Name
CA Name CA
Signature of CA
Signature of CA
CAs Certificate
User Certificate Issued by CA
- A X.509 certificate binds a public key to a name
- Used to identify and authenticate the user or
service - By checking the signature, one can determine
that - a public key
- belongs to a given user
- The CA signs its own certificate
- distributed across the network
11Mutual Authentication (How to identify each other
?)
? Connection established
User A
User B
CA
CB
? A sends B its certificate
? B sends A a plaintext
? 1) check validity of CA based on
digital signature of CA 2) extract the
public key of A
? A encrypt the plaintext using CA and sends it
to B
? B decrypt the encrypted message If this
matches with the original message, B can
trust A now
12GSI in ActionCreate Processes at A and B that
Communicate Access Files at C
Single sign-on via grid-id generation of
proxy cred.
User Proxy
User
Proxy credential
Or retrieval of proxy cred. from online
repository
Remote process creation requests
Site A (Kerberos)
GSI-enabled GRAM server
GSI-enabled GRAM server
Authorize Map to local id Create process Generate
credentials
Ditto
Site B (Unix)
Computer
Computer
Process
Process
Local id
Local id
Kerberos ticket
Restricted proxy
Restricted proxy
Site C (Kerberos)
With mutual authentication
Storage system
13User Proxy Creation
? The User gains access to the computer
CUP
? Temporary Credential created
CU
The User
? User Proxy Credential is created
CUP
CUP Sign(U) CUP , Start-Time, End-Time
User Proxy
? A User Proxy is created
CUP
14Resource Allocation
Mutual Authentication based on CUP and CRM
User Proxy
Resource Manager
CUP
CRM
? The UP request Resource Allocation
Sign(UP) Allocation Specification
? 1) Authentication(validate UP check the
expiration) 2) Authorization by local
policy (may need mapping between
Globus users credential and local user ID or
maynot) 3) Allocate Resource
? PROCESS-HANDLE returned
Process Manager
Resource
PROCESS-HANDLE Sign(RM) host-identifier,
process-identifier
15Process to Process Authentication
? Temporal Process Credential created
User Proxy
CP
Process
CUP
Sign(PM) CP Process-Credential
? Process Credential Request
CP
? CP Passed to PM
Resource
Process Manager
? 1) examine the request 2) generate CP
and return it to PM
? CP Passed to the Process
CPM
CP Sign(UP) CP
CP
16Resource Allocation request from a Process
Sign(P) Operation, Operation Arguments
? The process issues a request for the resource B
User Proxy
Process
CP
CUP
? return the result
Sign(UP) Execution-Result
? 1) authenticate the request 2) executes
the request
Resource
Process Manager
Process
CP
CPM
Resource B
17Mapping between Globus Subject Resource
Subject (1)
Globus Subject
Resource Subject
Mapping
User ID
Local Name for local access to some resource
Global Name
CUP
CP
Password
Globus Credential
Resource Credential
Using Grid Map table