Mine Altunay July 30, 2007 Security and Privacy in OSG.
-
Upload
posy-elliott -
Category
Documents
-
view
215 -
download
0
Transcript of Mine Altunay July 30, 2007 Security and Privacy in OSG.
Mine Altunay
July 30, 2007
Security and Privacy in OSG
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 2
Who am I ?
• Recently joined OSG Security Team
• Ramping up to be full time OSG Security
• Working through the OSG Security Plan
• Helping develop any new items for the Security Plan in Year 2
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 3
Security Controls
• Security Control: safeguards prescribed for an information system to protect integrity, confidentiality and availability of a system and its information– Management Controls (policies)– Operational Controls (things that people do)– Technical Controls (things that machines do)
• OSG Security Plan defines, implements and executes these controls
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 4
Security Plans
• Two types of security plans– Core OSG:
• assets under complete control of OSG (eg, middleware software cache).
• OSG is responsible for security of these systems
– Facilities, VOs and software providers that are “part” of OSG.
• OSG can create examples and templates of security plans that can be incorporated into site and VO plans.
• Sites and VOs are responsible for security of these
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 5
What does this mean for a site admin?
• You are responsible for the security of your own site
• You should• understand the usage scenarios• analyze the risks• implement and execute security controls
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 6
Site Resources
Accessible to VO
Data Storage 1 Data Storage 2
Site Database
Site Web Services
WN WN
WN WN
WN
WN
Cluster 1
NOT Accessible to
VO
A fictitious site access policy:• for each resource, only allow authorized users AND• deny any requests from black-listed users
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 7
• Site grants access to the VO.
• VO delegates the access privilege to its trusted members
• VO manages its members’ access rights– different access rights to different VO
members– E.g. grouping of users based on tasks; or
roles played in an experiment
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 8
A simple usage scenario
grid job
VO Site
Researcher A from University X, which isa member of the VO
VO trusts Researcher Site trusts VO
Site allows access by Researcher
VO-accessible Site Resources
VO Infra. & Services
Data Storage 1
WN WN
WN WN
WN
WN
Cluster 1
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 9
Researcher A from Uni. X
Researcher B from Uni. Y
Group 1’s
Data
Group 2’s
Data
VO
Group1 : Uni. XRole: Researcher,Privileges: execute, read-write
• VO determines member privilegesover Site resources
•
Group2 : Uni. YRole: Researcher,Privileges: execute, read-write
• Site enforces VO assigned permissions
Site resources
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 10
VO Policy
Site Policy
Enforced Policy
Site’s Resources that are accessible to VO
Data Storage 1WN WN
WN WN
WN
WN
Cluster 1
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 11
Researcher A fromGroup 1
grid job 1
VO
VO Infra. & Services
Site
Researcher B fromGroup 2
Group 1’s
Data
Group 2’s
Data
Unauthorized access
Enforced Policy outcome• Researcher A cannot modify Researcher B’s data (due to VO policy)
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 12
Researcher A fromGroup 1
grid job 1
VO
VO Infra. & Services
Site
Researcher B fromGroup 2
DN name is blacklisted
Group 1’s
Data
Group 2’s
Data
Enforced Policy outcome• Researcher B denied access• due to Site policy
Unauthorized access
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 13
Grid Site
VOMSVOMRS
VO Services
synchronize
reg
iste
r
get-voms-proxy
synchronize
SAZ
Sitewide Services
GUMS
CE
Gatekeeper
Pri
ma/
SA
ML
ca
llou
ts (
C)
Job Manager
Submit request with voms-proxy
Privilege ProjectModule
Legend
VO Management Services
user name
DN, FQAN
DN, FQAN user name
SE
SRM
gPlazma
Storage AuthService
DN
, FQ
AN
Prima/SAML Client (Java)
Sto
rag
e p
riv
set
DN
, FQ
AN
Sto
rag
e p
riv
set
certificate
VOMSExtendedproxy
VOMSExtendedproxy
Is authorized?
yes/no
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 14
GUMS
Gatekeeper
Pri
ma/
SA
ML
ca
llou
ts (
C)
Job Manager
Pilot DN
Pilot UID
Pilot
User JobWN
Pilot UID
Pilot UID
Pilot
User queue
User job
User DN
User DN
Pilot DN
Request
• User job and Pilot job runs in the same user account modifications between jobs• Site does not auth/authz the useronly auth/authz pilot job
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 15
GUMS
Gatekeeper
Pri
ma/
SA
ML
ca
llou
ts (
C)
Job Manager
Pilot DN
Pilot UID
Use
r D
N
Use
r U
ID
Pilot
User Job WN
Pilot UID
User DN
User UID
Pilot
User queue
User job
User DN
User DN
Pilot DN
Request
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 16
What if something goes wrong?Incident Response
• Researcher A launches attack against the Site
• Site discovers the attack• Site analyzes the attack, temporarily
blacklists Researcher A (if it can trace it)• Site should
• Call GOC at 1 317-278-9699, or • submit a trouble ticket,• Email [email protected] • Or email security-discuss-
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 17
– Inform VO security contact– Site trusts the VO, not individual members– VO finds which member has the privilege
• Logs and mapping repository (VOMRS)
– Determines culpability and take measures over Researcher A’s privileges
• OSG has only controls over core OSG assets and staff– VO is responsible for its users behavior– OSG may bar a VO
• if VO violates OSG policies
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 18
• Building and maintaining a trust relationship with VO• Determining which resources are accessible to VO
members and in which capacity• Reaching an agreement with VO over the usage of the
resources – privileges associated with roles (r/w privilege over a
data location by a VO member) • Enforcing VO assigned privileges and site’s access
policies• Keeping in synch with VO policy (e.g. VOMRS),
maintaining service availability for access
Sites are responsible for
07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 19
– Keeping access logs of VO users and maintaining audits
– Informing VO Security contact about security incidents
– Complying with grid operational controls• Keeping up to date with CA-certificates• IGTF updates• Certificate Revocation Lists• Using latest configuration for grid distributed software