Palette - WP0

European and Chinese Cooperation on Grid

GridTrust Trust and Security for Next Generation Grids

CETIC, BelgiumPhilippe Massonet

phm@cetic.be
www.gridtrust.eu

Luxembourg - 6/7 February 2006 - TEL Projects meeting

GridTrust: Objectives and Expected Results
General Objective: definition and management of security and trust in dynamic virtual organisations

Expected results framework composed of:environnement et analysis method at all levels of the NGG architecture

A reference security architecture for Grids

An open source reference implementation of the architecture, validated by several innovative business scenarios.
GRID Service Middleware Layer
NGG Architecture
GRID Application Layer
GRID Foundation Middleware Layer
Network Operating System

Luxembourg - 6/7 February 2006 - TEL Projects meeting

Project Partners
5 countries4 companies3 research institutes1 university
Duration: 3 years (06/2006-05/2009)Global budget: 3 856 135 eurosCETIC budget: 540 697 euros

Luxembourg - 6/7 February 2006 - TEL Projects meeting

Dynamic Virtual Organisations
Virtual organizations: a temporary or permanent coalition of geographically dispersed individuals, groups, organisational units or entire organisations that pool resources, capabilities and information in order to achieve common goals
1
5
4
3
2
Business Process Case StudiesSupply chain (Moviquity, HP)Distributed authoring (IGDA)Distributed Knowledge management (Interplay)
Services
- Changes can be manual or semi-automated or automated (Self*)

Luxembourg - 6/7 February 2006 - TEL Projects meeting

Trust in Virtual Organisations
Since VOs are based on sharing information and knowledge, there must be a high amount of trust among the partners. Especially since each partner contribute with their core competencies
1
5
4
3
2
Collaboration
Threats: Bad service (contract not respected) Attacks loss of information Attacks disruption of service Vulnerability to attacks (low level of security at one of the partners)
How do you maintain Trust and Security properties in dynamic VO?Need for Trust and security mechanisms

Luxembourg - 6/7 February 2006 - TEL Projects meeting

Desired Self-Organization/Self-Protection Behavior
1
5
4
3
2
User Trust requirement: always all nodes sufficiently trusted
Dynamic Business Processes -> Self-organization Self-protectionAvoid/Minimize intervention of human operators

Luxembourg - 6/7 February 2006 - TEL Projects meeting

Trust and Security in Virtual Hosting Environments (Outsourcing)
Images
Maps
Service Provider (SP)
Service Requestor
VO
Service Request

Luxembourg - 6/7 February 2006 - TEL Projects meeting

Current State of the Art in Grid Authorization
GridTrust focuses on authorization

OGSA/Globus default autorisation mechanism: GridMap is coarse Grained and static

Extended authorization mechanismsAkenti (fine grained distributed access control)PERMIS (RBAC)Shibboleth (cross-domain single sign-on and attribute-based authorization )

Basic limitation: once you receive access to a resource, you are free to use it without any control.

Need for finer grained and continuous control

Luxembourg - 6/7 February 2006 - TEL Projects meeting

Usage Control: beyond Access Control
Usage Control
DRM
Trust Mangt.
Traditional AccessControl
Server-side Reference Monitor(SRM)
Client-side Reference Monitor(CRM)
SRM & CRM
SensitiveInformationProtection
IntellectualProperty RightsProtection
PrivacyProtection
UCON [Park04]

Luxembourg - 6/7 February 2006 - TEL Projects meeting

GridTrust Objective: Bring Usage Control To The Grid
Integrate usage control into Grid

Supports many existing access control models

New models of trust and security

Usage control model: policy language
Rights
Authori zations
Obligations
Conditions
Subjects
Objects
Attributes
Attributes
Usage Decision

Luxembourg - 6/7 February 2006 - TEL Projects meeting

From Access Control to Usage Control
Before usage
Pre decision
Time

Luxembourg - 6/7 February 2006 - TEL Projects meeting

How Continous Usage Control Works
Shared resources
Hosting Environment
Service Program
OpenFile()
ReadFile()
OpenFile()
CloseFile()

Luxembourg - 6/7 February 2006 - TEL Projects meeting

Applications of Usage Control
With UCON we can express policies such as Mandatory Access Control (MAC), limited number of simultaneous usages of the same resource, and history based access control in general, chinese wall (CWSP),

With UCON integrated with RTML,credential based-trust management, we can also enforceRole Based Access Control,Attribute Based Access Control policies, or other credential-based policies

Other

Luxembourg - 6/7 February 2006 - TEL Projects meeting

Managing Conflicts of Interest in Virtual Organisations

Luxembourg - 6/7 February 2006 - TEL Projects meeting

The Chinese Wall
Based on the notion of conflict of interest class

Need a history
Client 1
Resource 1
Resource 2
Client 2
Resource 3
Resource 4
Conflict of interest class

Luxembourg - 6/7 February 2006 - TEL Projects meeting

Example: Chinese Wall Security Policy

gvar[1]:=0. gvar[2]:=0.

([eq(gvar[2],0),eq(x1,/home/paolo/SetA/*),eq(x2,READ)].open(x1,x2,x3).lvar[1]:= x3.gvar[1]:= 1.i([eq(x1,lvar[1])].read(x1,x2,x3)).[eq(x1,lvar[1])].close(x1,x2))

Par

([eq(gvar[1],0),eq(x1,/home/paolo/SetB/*),eq(x1,READ)].open(x1,x2,x3).lvar[1]:= x3.gvar[2]:=1.i([eq(x1,lvar[1])].read(x1,x2,x3)).[eq(x1,lvar[1])].close(x1,x2))
Usage Control Policy Language
System Calls

Trust: Updating Reputation based on Resource Usage
Gather low level resource usage informationSLA violationsSuccessful performance

Update VO level reputationReputation at different levelsServiceVO memberVO as a wholeReputation based on past behavior history performance

Luxembourg - 6/7 February 2006 - TEL Projects meeting

GridTrust Framework: Tools and Policy-based Services
GRID Service Middleware Layer
NGG Architecture
GRID Application Layer
GRID Foundation Middleware Layer
Network Operating System
Dynamic VO

Reputation Mgt service

Resources
VO Members
Services
OGSAcompliant
Secure VO Req Editor

From Trust and Security Requirements to Usage Control Policies
Business Requirement: client data must remain confidential
GRID Application Layer
GRID Service Middleware Layer
GRID Foundation Middleware Layer
Network Operating System Layer
NGG Architecture

Luxembourg - 6/7 February 2006 - TEL Projects meeting

Patterns for Trust and Security
Authorization
Confidentiality
Privacy
Confidentiality of the content of a communication
Confidentiality of communication occurrence
Confidentiality of identity of sender and receiver
Integrity
Availability
Trust
Delegation
ChineseWall

Luxembourg - 6/7 February 2006 - TEL Projects meeting

GridTrust Services Integrated in OGSA
GridTrust Services
Application

Luxembourg - 6/7 February 2006 - TEL Projects meeting

Conclusions
GridTrust Framework ServicesVO Level: Secure resource broker, Service level usage control, Reputation management service, Security aware VO managementNode level: Computational usage controlPolicy refinement tools: Usage Control Policy editor, Usage control refinement toolWill be Released in open source

InnovationUCON for Grids (improves state of the art: mutable attributes, obligations, continuous enforcement)Computational levelService levelCombining Brokering and securityCombining security with reputationGlobus reputation used for service discovery and selectionHere we wanto to use reputation for authorization decisionDerivation of Business trust and security requirements to policiesVO management integrated with GridTrust services

Looking for collaborations

Luxembourg - 6/7 February 2006 - TEL Projects meeting

new access control model that addresses the problems of modern distributed environment, where the subjects that access the resources could be also unknown
Role-based Trust-management
No known implementations of history based access control