Hao Wang Computer Sciences Department University of Wisconsin-Madison hbwang@cs.wisc.edu Security...

Hao WangComputer Sciences DepartmentUniversity of Wisconsin-Madison

hbwang@cs.wisc.eduhttp://www.cs.wisc.edu/condor

Security in Condor

www.cs.wisc.edu/condor

Outline

› Motivations

› Security Goals

› Design

› Current Status

› Issues and Future Work

Why Do We Need Security?

Condor

I am Alice; Please

run 100 jobs for me

Condor

Here comes Bob….

Condor

BobI am Alice; Please

remove all my jobs

Condor

› Problem: False identification,

stolen identity

› Solution: Authentication

• Establish the identities reliably

Alice Bob

Condor

Other Problems

› Stolen data› Eavesdropping

› Tampered data or messages

› Integrity check via Message Authentication Code (MAC)

Problems Solutions› Encryption

Design Requirements

› The ultimate goal – Secure Channel

› Strong authentication Cross platform support (Unix, NT, Linux,

etc…) Must support multiple authentication

protocols• Different sites have different security

requirements• Flexibility

Design Requirements

› Protecting data and secure communication Encryption Integrity check Support multiple platform Must support both TCP and UDP

› User based authorization Fine-Grained access control

› Auditing Logging

Grid Requirements

› Condor is part of the Grid community Need to meet various Grid security

requirements AAA:

• Authentication -- X.509 based PKI infrastructure• Authorization• Accounting

Fully integrated with Globus Toolkit

Trust Model

› In what do we trust? Authentication Protocols

• Kerberos, X.509, NTSSPI, etc.• Strong authentication is the key

Authentication services• Certificate Authorities, Kerberos servers, etc

System Administrators• Configurations

Machines where Condor is installed

Condor Daemons and Tools

Condor Security Architecture

TCP/UDP OpenSSL Globus GSI Kerberos

CryptographyServices

Authentication Services

Libraries

Services

Authorization

Current Status (>=V6.3.2)

› Authentication Support multiple protocols

• Kerberos, X.509, NTSSPI, File System• Use Globus Toolkit (2.0) for Grid related

security services

Authorization

› User based access control policy Access Control Format:

ACCESS_LEVEL = user@domain/hostname, Support wild cards for flexibility

› Each Condor command is associated with an authorization level:

• READ, WRITE, DAEMON, CONFIG, ADMIN, OWNER, NEGOTIATOR

› Specify users for each authorization level Either ALLOW or DENY

Authorization Examples

› Allow all users READ access ALLOW_READ=*/*

› Allow all engineering department users who come from a machine on UW campus network WRITE access ALLOW_WRITE=*@engr.wisc.edu/*.wisc.edu

› Allow condor-1 and condor-2 to have CONFIG access level ALLOW_CONFIG =

condor-1@cs.wisc.edu/*,condor-@cs.wisc.edu/*

› Only allow the user condor@cs.wisc.edu who come from CS department network to have DAEMON access level ALLOW_DAEMON=

condor@cs.wisc.edu/*.cs.wisc.edu

› Only condor-admin@cs.wisc.edu from the host bigbird can have ADMIN level of access ALLOW_ADMIN=

condor-admin@cs.wisc.edu/bigbird.cs.wisc.edu

› Deny following users READ access DENY_READ=bob@crash.net/*,

bob@hack.biz

› Deny bob@crash.net WRITE access DENY_WRITE=bob@crash.net/*

Current Status (Cont.)

› Data Encryption OpenSSL based

• Support 3DES, Blowfish

Support both TCP and UDP

› Data Integrity OpenSSL based

• Support MD5

Support both TCP and UDP

UDP Encryption/Integrity

› Encryption and Integrity support for UDP is hard UDP is connectionless

• Packets may come from different sources!

UDP is not reliable How to address these issues?

› Use TCP+strong authentication protocol for initial key exchange The protocol must provide encryption

support Exchange a secret key and a key Id

› Each side cache the <key, key Id> pair› Include <key Id> in subsequent

communication › Use <key> for encryption, for integrity

check for UDP packets

Schedd Startd

Central Manager

Initial State

Schedd Startd

Central Manager

UPDATE

Command Request (UDP)

Schedd Startd

Central Manager

AUTHENTICATE

Authentication (TCP)

Schedd Startd

Central Manager

1, ID-1

ID-1 Key-1

Key-1ID-1

Key Exchange(TCP+Encryption)

Schedd Startd

Central Manager

ATE,ID-1

ID-1 Key-1

Key-1ID-1

Update (UDP withEncryption/Integrity)

Schedd Startd

Central Manager

ID-1 Key-1

Key-1ID-1Key-2ID-2

Key-2ID-2

ATE,ID-1

][UPDATE,ID-2]

Steady State (UDP)

ID-3 Key-3Key-3 ID-3

Issues with UDP Encryption/Integrity

› Session Management

› Key Management

› Key expiration How frequent should we exchange a

new set of keys?

› Crash recovery

Status Summary

› Strong authentication Support multiple protocols

› User-based authorization

› Encryption for both TCP/UDP

› Integrity check for both TCP/UDP

Future Work

› Grid related work Science Grid, PPDG … related work Community Authorization Service (CAS)

› Credential related Expiration, refresh, delegation MyProxy

› More work on authorization SPKI/SDSI, ClassAd

Questions?

› Demo on Wednesday Room 3397, CS Building, 9am – noon

› More about Condor http://www.cs.wisc.edu/condor condor-admin@cs.wisc.edu

› Talk to us: Zachary Miller,Todd TannenbaumMiron LivnyHao Wang

Hao Wang Computer Sciences Department University of Wisconsin-Madison hbwang@cs.wisc.edu Security...

Documents

Condor RoadMap Condor Week 2007

Jaime Frey Computer Sciences Department University of Wisconsin-Madison jfrey@cs.wisc.edu Condor-G: A Case in Distributed

Computer Vision, CS766 Staff Instructor: Li Zhang lizhang@cs.wisc.edu TA: Yu-Chi Lai yu-chi@cs.wisc.edu

Peter F. Couvares Computer Sciences Department University of Wisconsin-Madison pfc@cs.wisc.edu Condor DAGMan: Managing Job

The Condor “RoadMap” Condor Week 2003

Ian D. Alderman Computer Sciences Department University of Wisconsin-Madison alderman@cs.wisc.edu Condor Week 2007 Signed

Farming with Condor Douglas Thain thain@cs.wisc.edu INFN Bologna, December 2001

[name] Computer Sciences Department University of Wisconsin-Madison [email]@cs.wisc.edu Building and Modifying Condor Nick LeRoy Computer Sciences Department

Image Segmentation Shengnan Wang shengnan@cs.wisc.edu

Red Hat and Condor Project · Condor Week 2007-Red Hat/Condor collaboration Condor open source Red Hat Madison office Condor 7.0 Release-1st release with source-Condor into Fedora-Beta

1 Security Risks in Clouds and Grids Condor Week May 5, 2011 Barton P. Miller James A. Kupsch Computer Sciences Department University of Wisconsin bart@cs.wisc.edu

Condor Tutorial for Users INFN-Bologna, 6/29/99 Derek Wright Computer Sciences Department University of Wisconsin-Madison wright@cs.wisc.edu

Condor , Condor EcoFlex

Hunter of Idle Workstations Miron Livny Marvin Solomon University of Wisconsin-Madison Email: condor-admin@cs.wisc.educondor-admin@cs.wisc.edu URL: //

Computer Sciences Department University of Wisconsin-Madison condor-admin@cs.wisc.edu Developer APIs to Condor + A Tutorial

Condor Project Computer Sciences Department University of Wisconsin-Madison condor-admin@cs.wisc.edu Grids and Condor Barcelona,

Intermediate Condorpages.cs.wisc.edu/~zmiller/osg-sp/ZKM_Condor-Lecture2.pdf · Intermediate Condor Tuesday morning, 10:45am Zach Miller University of

Peter F. Couvares Associate Researcher, Condor Team Computer Sciences Department University of Wisconsin-Madison pfc@cs.wisc.edu

Condor-G Stork and DAGMan...Condor Project Computer Sciences Department University of Wisconsin-Madison condor-admin@cs.wisc.edu Condor-G Stork and DAGMan http

Www.cs.wisc.edu/condor 1 Todd Tannenbaum Department of Computer Sciences University of Wisconsin-Madison condor-admin@cs.wisc.edu