gridtrust trust and security for next generation grids cetic, belgium philippe massonet
DESCRIPTION
GridTrust Trust and Security for Next Generation Grids CETIC, Belgium Philippe Massonet [email protected]. www.gridtrust.eu. GridTrust. GridTrust: Objectives and Expected Results. General Objective: definition and management of security and trust in dynamic virtual organisations - PowerPoint PPT PresentationTRANSCRIPT
Palette - WP0
European and Chinese Cooperation on Grid
GridTrust Trust and Security for Next Generation Grids
CETIC, BelgiumPhilippe Massonet
[email protected]
www.gridtrust.eu
Luxembourg - 6/7 February 2006 - TEL Projects meeting
GridTrust: Objectives and Expected Results
General Objective: definition and management of security and trust
in dynamic virtual organisations
Expected results framework composed of:environnement et analysis method at all levels of the NGG architecture
A reference security architecture for Grids
An open source reference implementation of the architecture,
validated by several innovative business scenarios.
GRID Service Middleware Layer
NGG Architecture
GRID Application Layer
GRID Foundation Middleware Layer
Network Operating System
Luxembourg - 6/7 February 2006 - TEL Projects meeting
Project Partners
5 countries4 companies3 research institutes1 university
Duration: 3 years (06/2006-05/2009)Global budget: 3 856 135
eurosCETIC budget: 540 697 euros
Luxembourg - 6/7 February 2006 - TEL Projects meeting
Dynamic Virtual Organisations
Virtual organizations: a temporary or permanent coalition of
geographically dispersed individuals, groups, organisational units
or entire organisations that pool resources, capabilities and
information in order to achieve common goals
1
5
4
3
2
Business Process Case StudiesSupply chain (Moviquity,
HP)Distributed authoring (IGDA)Distributed Knowledge management
(Interplay)
Services
- Changes can be manual or semi-automated or automated
(Self*)
Luxembourg - 6/7 February 2006 - TEL Projects meeting
Trust in Virtual Organisations
Since VOs are based on sharing information and knowledge, there
must be a high amount of trust among the partners. Especially since
each partner contribute with their core competencies
1
5
4
3
2
Collaboration
Threats: Bad service (contract not respected) Attacks loss of
information Attacks disruption of service Vulnerability to attacks
(low level of security at one of the partners)
How do you maintain Trust and Security properties in dynamic
VO?Need for Trust and security mechanisms
Luxembourg - 6/7 February 2006 - TEL Projects meeting
Desired Self-Organization/Self-Protection Behavior
1
5
4
3
2
User Trust requirement: always all nodes sufficiently trusted
Dynamic Business Processes -> Self-organization
Self-protectionAvoid/Minimize intervention of human
operators
Luxembourg - 6/7 February 2006 - TEL Projects meeting
Trust and Security in Virtual Hosting Environments
(Outsourcing)
Images
Maps
Service Provider (SP)
Service Requestor
VO
Service Request
Luxembourg - 6/7 February 2006 - TEL Projects meeting
Current State of the Art in Grid Authorization
GridTrust focuses on authorization
OGSA/Globus default autorisation mechanism: GridMap is coarse Grained and static
Extended authorization mechanismsAkenti (fine grained distributed access control)PERMIS (RBAC)Shibboleth (cross-domain single sign-on and attribute-based authorization )
Basic limitation: once you receive access to a resource, you are free to use it without any control.
Need for finer grained and continuous control
Luxembourg - 6/7 February 2006 - TEL Projects meeting
Usage Control: beyond Access Control
Usage Control
DRM
Trust Mangt.
Traditional AccessControl
Server-side Reference Monitor(SRM)
Client-side Reference Monitor(CRM)
SRM & CRM
SensitiveInformationProtection
IntellectualProperty RightsProtection
PrivacyProtection
UCON [Park04]
Luxembourg - 6/7 February 2006 - TEL Projects meeting
GridTrust Objective: Bring Usage Control To The Grid
Integrate usage control into Grid
Supports many existing access control models
New models of trust and security
Usage control model: policy language
Rights
Authori zations
Obligations
Conditions
Subjects
Objects
Attributes
Attributes
Usage Decision
Luxembourg - 6/7 February 2006 - TEL Projects meeting
From Access Control to Usage Control
Before usage
Pre decision
Time
Luxembourg - 6/7 February 2006 - TEL Projects meeting
How Continous Usage Control Works
Shared resources
Hosting Environment
Service Program
OpenFile()
ReadFile()
OpenFile()
CloseFile()
Luxembourg - 6/7 February 2006 - TEL Projects meeting
Applications of Usage Control
With UCON we can express policies such as Mandatory Access Control
(MAC), limited number of simultaneous usages of the same resource,
and history based access control in general, chinese wall
(CWSP),
With UCON integrated with RTML,credential based-trust management, we can also enforceRole Based Access Control,Attribute Based Access Control policies, or other credential-based policies
Other
Luxembourg - 6/7 February 2006 - TEL Projects meeting
Managing Conflicts of Interest in Virtual
Organisations
Luxembourg - 6/7 February 2006 - TEL Projects meeting
The Chinese Wall
Based on the notion of conflict of interest class
Need a history
Client 1
Resource 1
Resource 2
Client 2
Resource 3
Resource 4
Conflict of interest class
Luxembourg - 6/7 February 2006 - TEL Projects meeting
Example: Chinese Wall Security Policy
gvar[1]:=0. gvar[2]:=0.
([eq(gvar[2],0),eq(x1,/home/paolo/SetA/*),eq(x2,READ)].open(x1,x2,x3).lvar[1]:= x3.gvar[1]:= 1.i([eq(x1,lvar[1])].read(x1,x2,x3)).[eq(x1,lvar[1])].close(x1,x2))
Par
([eq(gvar[1],0),eq(x1,/home/paolo/SetB/*),eq(x1,READ)].open(x1,x2,x3).lvar[1]:=
x3.gvar[2]:=1.i([eq(x1,lvar[1])].read(x1,x2,x3)).[eq(x1,lvar[1])].close(x1,x2))
Usage Control Policy Language
System Calls
Trust: Updating Reputation based on Resource Usage
Gather low level resource usage informationSLA violationsSuccessful
performance
Update VO level reputationReputation at different
levelsServiceVO memberVO as a wholeReputation based on past
behavior history performance
Luxembourg - 6/7 February 2006 - TEL Projects meeting
GridTrust Framework: Tools and Policy-based Services
GRID Service Middleware Layer
NGG Architecture
GRID Application Layer
GRID Foundation Middleware Layer
Network Operating System
Dynamic VO
Reputation Mgt service
Resources
VO Members
Services
OGSAcompliant
Secure VO Req Editor
From Trust and Security Requirements to Usage Control
Policies
Business Requirement: client data must remain confidential
GRID Application Layer
GRID Service Middleware Layer
GRID Foundation Middleware Layer
Network Operating System Layer
NGG Architecture
Luxembourg - 6/7 February 2006 - TEL Projects meeting
Patterns for Trust and Security
Authorization
Confidentiality
Privacy
Confidentiality of the content of a communication
Confidentiality of communication occurrence
Confidentiality of identity of sender and receiver
Integrity
Availability
Trust
Delegation
ChineseWall
Luxembourg - 6/7 February 2006 - TEL Projects meeting
GridTrust Services Integrated in OGSA
GridTrust Services
Application
Luxembourg - 6/7 February 2006 - TEL Projects meeting
Conclusions
GridTrust Framework ServicesVO Level: Secure resource broker,
Service level usage control, Reputation management service,
Security aware VO managementNode level: Computational usage
controlPolicy refinement tools: Usage Control Policy editor, Usage
control refinement toolWill be Released in open source
InnovationUCON for Grids (improves state of the art: mutable attributes, obligations, continuous enforcement)Computational levelService levelCombining Brokering and securityCombining security with reputationGlobus reputation used for service discovery and selectionHere we wanto to use reputation for authorization decisionDerivation of Business trust and security requirements to policiesVO management integrated with GridTrust services
Looking for collaborations
Luxembourg - 6/7 February 2006 - TEL Projects meeting
new access control model that addresses the problems of modern
distributed environment, where the subjects that access the
resources could be also unknown
Role-based Trust-management
No known implementations of history based access control