Mine Altunay July 30, 2007 Security and Privacy in OSG.

Mine Altunay

July 30, 2007

Security and Privacy in OSG

07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 2

Who am I ?

• Recently joined OSG Security Team

• Ramping up to be full time OSG Security

• Working through the OSG Security Plan

• Helping develop any new items for the Security Plan in Year 2


Security Controls

• Security Control: safeguards prescribed for an information system to protect integrity, confidentiality and availability of a system and its information– Management Controls (policies)– Operational Controls (things that people do)– Technical Controls (things that machines do)

• OSG Security Plan defines, implements and executes these controls


Security Plans

• Two types of security plans– Core OSG:

• assets under complete control of OSG (eg, middleware software cache).

• OSG is responsible for security of these systems

– Facilities, VOs and software providers that are “part” of OSG.

• OSG can create examples and templates of security plans that can be incorporated into site and VO plans.

• Sites and VOs are responsible for security of these


What does this mean for a site admin?

• You are responsible for the security of your own site

• You should• understand the usage scenarios• analyze the risks• implement and execute security controls


Site Resources

Accessible to VO

Data Storage 1 Data Storage 2

Site Database

Site Web Services

WN WN

WN WN

WN

WN

Cluster 1

NOT Accessible to

VO

A fictitious site access policy:• for each resource, only allow authorized users AND• deny any requests from black-listed users


• Site grants access to the VO.

• VO delegates the access privilege to its trusted members

• VO manages its members’ access rights– different access rights to different VO

members– E.g. grouping of users based on tasks; or

roles played in an experiment


A simple usage scenario

grid job

VO Site

Researcher A from University X, which isa member of the VO

VO trusts Researcher Site trusts VO

Site allows access by Researcher

VO-accessible Site Resources

VO Infra. & Services

Data Storage 1

WN WN

WN WN

WN

WN

Cluster 1


Researcher A from Uni. X

Researcher B from Uni. Y

Group 1’s

Data

Group 2’s

Data

VO

Group1 : Uni. XRole: Researcher,Privileges: execute, read-write

• VO determines member privilegesover Site resources

•

Group2 : Uni. YRole: Researcher,Privileges: execute, read-write

• Site enforces VO assigned permissions

Site resources


VO Policy

Site Policy

Enforced Policy

Site’s Resources that are accessible to VO

Data Storage 1WN WN

WN WN

WN

WN

Cluster 1


Researcher A fromGroup 1

grid job 1

VO


Site

Researcher B fromGroup 2

Group 1’s

Data

Group 2’s

Data

Unauthorized access

Enforced Policy outcome• Researcher A cannot modify Researcher B’s data (due to VO policy)


Researcher A fromGroup 1

grid job 1

VO


Site

Researcher B fromGroup 2

DN name is blacklisted

Group 1’s

Data

Group 2’s

Data

Enforced Policy outcome• Researcher B denied access• due to Site policy

Unauthorized access


Grid Site

VOMSVOMRS

VO Services

synchronize

reg

iste

r

get-voms-proxy

synchronize

SAZ

Sitewide Services

GUMS

CE

Gatekeeper

Pri

ma/

SA

ML

ca

llou

ts (

C)

Job Manager

Submit request with voms-proxy

Privilege ProjectModule

Legend

VO Management Services

user name

DN, FQAN

DN, FQAN user name

SE

SRM

gPlazma

Storage AuthService

DN

, FQ

AN

Prima/SAML Client (Java)

Sto

rag

e p

riv

set

DN

, FQ

AN

Sto

rag

e p

riv

set

certificate

VOMSExtendedproxy

VOMSExtendedproxy

Is authorized?

yes/no


GUMS

Gatekeeper

Pri

ma/

SA

ML

ca

llou

ts (

C)

Job Manager

Pilot DN

Pilot UID

Pilot

User JobWN

Pilot UID

Pilot UID

Pilot

User queue

User job

User DN

User DN

Pilot DN

Request

• User job and Pilot job runs in the same user account modifications between jobs• Site does not auth/authz the useronly auth/authz pilot job


GUMS

Gatekeeper

Pri

ma/

SA

ML

ca

llou

ts (

C)

Job Manager

Pilot DN

Pilot UID

Use

r D

N

Use

r U

ID

Pilot

User Job WN

Pilot UID

User DN

User UID

Pilot

User queue

User job

User DN

User DN

Pilot DN

Request


What if something goes wrong?Incident Response

• Researcher A launches attack against the Site

• Site discovers the attack• Site analyzes the attack, temporarily

blacklists Researcher A (if it can trace it)• Site should

• Call GOC at 1 317-278-9699, or • submit a trouble ticket,• Email [email protected] • Or email security-discuss-

[email protected]


– Inform VO security contact– Site trusts the VO, not individual members– VO finds which member has the privilege

• Logs and mapping repository (VOMRS)

– Determines culpability and take measures over Researcher A’s privileges

• OSG has only controls over core OSG assets and staff– VO is responsible for its users behavior– OSG may bar a VO

• if VO violates OSG policies


• Building and maintaining a trust relationship with VO• Determining which resources are accessible to VO

members and in which capacity• Reaching an agreement with VO over the usage of the

resources – privileges associated with roles (r/w privilege over a

data location by a VO member) • Enforcing VO assigned privileges and site’s access

policies• Keeping in synch with VO policy (e.g. VOMRS),

maintaining service availability for access

Sites are responsible for


– Keeping access logs of VO users and maintaining audits

– Informing VO Security contact about security incidents

– Complying with grid operational controls• Keeping up to date with CA-certificates• IGTF updates• Certificate Revocation Lists• Using latest configuration for grid distributed software

Mine Altunay July 30, 2007 Security and Privacy in OSG.

Documents

Transcript of Mine Altunay July 30, 2007 Security and Privacy in OSG.