G-PASS: Security Infrastructure for Grid Travelers

Tianchi Ma, Lin Chen, Cho-Li Wang, Francis C.M. LauThe University of Hong Kong

Outline

Problems & Methodology Introduction to G-PASS Application – G-JavaMPI Experiment Results

Grid Travelers

A Grid Traveler is a process that can move itself across the boundary of organizations during the runtime.

Two types of Grid travelers Mobile agent Migrate-able process

Organization = Policy space Security policy (identity, access control) Other policies

Security Issues for Grid Travelers

Protect Grid travelers from malicious hosts Eavesdropping Integrity compromising

Protect hosts from malicious travelers Illegal resource accessing Deliver fake information DoS attack (replay)

Protect from network eavesdropping Use security transfer

Under a Grid Scenario (1)

Complex authorization relationship Multiple policy spaces concerned

Identity mapping Reputation system

Most of existing mechanisms are less general purpose

Organization Organization

Identity mapping

Reputation

Dispatcher

Warrantor

! Exception

Under a Grid Scenario (2)

Policy space

Warranted

An example scenario of a Grid traveler who wants to access resources in other organization. Please note this example will be the simplest one in Grid

Problems

How to carry and proof the authorizations and warrants?

How to record and track the history events?

How to do the identity mapping? How to propagate the security

exception and reputation?

Grid Fashion

Infrastructure General purpose (not application

specific) Providing fundamental information and

control mechanisms Weak defense

Monitoring instead of preventing Stable information Reputation system

Relative Information

Distributed Trust Model Authorization Delegation Warrant

Events Migration Resource consuming / job submission Exceptions

GSI – Not Enough for Grid Traveler

Providing fundamental establishment derived from conventional distributed trust PKI X.509 Global DN -> Local user

Job service Delegation Proxy

The X.509 delegation is unsuitable for Grid traveler Scalability – will form a certificate chain Delegation abusing in full delegation protocol

Cannot deal with a complex identity mapping

Traveler in Reality

Hong KongS.A.R.C

ustom

Passport Name: XXXDate of

Bi rth: XX-XX-XXXX

Nati onal i ty:P. R. Chi na

Oct.21Leave

Oct.21Arrive

Visa

HSBC

The example shows how a traveler can be permitted to visit an unacquainted country and do some critical operations

G-passport

G-passport is a list of certificates and proved security information

Records and proofs Transit Privilege betaken Security exception

Contracts Double linked traceable list

G-passport Example

Mi grati onA->B

Si gnatureof HostA

Contents ofAuthori zati on

Si gnatureof

Di spatcher

G-passport

Page2Page1G-di spatch G-event

Si gnatureof

Warrantor

Page3G-warrant

Si gnatureof HostB

I ni t i ati ngMi grati ng

f rom HostA toHostB

...

I ntroducti on Contents ofAuthori zati on

A Grid traveler’s recorded history:

Birth -> Initiation -> Migration -> Warranted -> …

Instance-Oriented Delegation

Security transaction Separation of responsibility

Security instance Binding transaction with its valid

specification Issuer sign on it

Different with capability Representing delegation but not direct

authorizations on resource

Across the Organization Boundary

I dent i t yRol e

Rol e

Rol eI nstance Rol e Rol e

I nstance Rol e Rol e

I nstance Rol e

I nstance Rol e Rol e

Rol e

I nstanceDi spatcher I nstance

ApprovalWarrantor Approval Approval

Credent i alCar r i er

Rol e Tabl e

Pr i vi l ege Tabl e

+

I dent i t y

I dent i t y

I dent i t y I dent i t y I dent i t y

Global identity cannot be recognized by local resources

Mapping: G-passport -> Local privilege table Role-based: RBAC3

Position of G-PASS

Fabric

Gri dMi ddl eware

Appl i cati on Regular Routines

Agent Agent

G-PASS

Connectivity Layer

Resource Layer

AgentAgent Platform

GSI

• Under the application layer

• Can access resource layer

• Based on GSI

Application: G-JavaMPI

Grid based Java MPI Support for process migration Four reasons of migration

Availability Searching better resource Load balancing Optimizing program by removing the

bottleneck caused by communication

JmpiBLAST

A BLAST program on G-JavaMPI Four universities sha

ring CPU cycles and local bio-databases

Funded by two organizations

MPI VO coordinates their resources together

A B

C D

MPI VO

U1

U2

Data Data

Data Data

HKU Gideon 300 Cluster

Pentium 4 2.0 GHz w/ 512 Kbytes L2 cache

512 Mbytes (PC2100) DDR SDRAM

Fast-Ethernet adaptors x 2 40 GB IDE hard disk Linux OS (RedHat 7.3/8.0) High-performance network (for inter-

process communication) Foundry Networks' Fast-Ethernet switch with 312 ports Hierarchical management network (for I/O access and

cluster management) 24-port Gigabit-Ethernet switch x 1 24-port Fast-Ethernet switch (with Gigabit-Ethernet

uplink) x 13

UTP network cables x 620

Hong Kong GridHKGrid provides a platform for its members to experiment with various research prototypes and pilot applications

Institutions

City University of HK

HK Baptist University

HK University of Science and Technology

The HK Polytechnic University

The HK Institute of HPC

HKU – Computer Centre

HKU – Department of CSIS

Environment Setting

JmpiBLAST setting Application: Blastp Database: nr (687MBytes) Segment: 1MBytes (687 segs)

Experiment setting Three Blastp programs, total 18 processes (8,6,4 re

spectively) Global scheduling: GA vs. Min-Min Original nodes: 5 Event 1: 2 nodes join in Event 2: 2 nodes quit

Data Reports

•In task 1 & 2, the GA is better than Min-Min

•In task 3, Min-Min generates a better result

•Scheduling by GA in task 1 has fully utilized the addi-tional 2 nodes, and has provided maximal through-put during the fixed time interval between event 1 and event 2.

Security Overhead

Affordable

G-PASS overhead

Results from HKGridUnder all circumstances, the security overhead will be less than 50%

Thank You!

Q&A?

Web site: http://www.cs.hku.hk/~tcma/GPASShttp://www.cs.hku.hk/~lchen2/research/G-JavaMPI/doc/

readme.html