Upload
esther-harrison
View
215
Download
2
Embed Size (px)
Citation preview
Hao WangComputer Sciences DepartmentUniversity of Wisconsin-Madison
[email protected]://www.cs.wisc.edu/condor
Security in Condor
www.cs.wisc.edu/condor
Outline
› Motivations
› Security Goals
› Design
› Current Status
› Issues and Future Work
www.cs.wisc.edu/condor
Why Do We Need Security?
Alice
Condor
www.cs.wisc.edu/condor
Why Do We Need Security?
Alice
Condor
I am Alice; Please
run 100 jobs for me
www.cs.wisc.edu/condor
Why Do We Need Security?
Alice
Condor
www.cs.wisc.edu/condor
Why Do We Need Security?
Here comes Bob….
Alice
Condor
BobI am Alice; Please
remove all my jobs
www.cs.wisc.edu/condor
Why Do We Need Security?
Alice
Condor
Bob
www.cs.wisc.edu/condor
Why Do We Need Security?
› Problem: False identification,
stolen identity
› Solution: Authentication
• Establish the identities reliably
Alice Bob
Condor
www.cs.wisc.edu/condor
Other Problems
› Stolen data› Eavesdropping
Problems Solutions› Encryption
www.cs.wisc.edu/condor
Other Problems
› Stolen data› Eavesdropping
› Tampered data or messages
› Integrity check via Message Authentication Code (MAC)
Problems Solutions› Encryption
www.cs.wisc.edu/condor
Design Requirements
› The ultimate goal – Secure Channel
› Strong authentication Cross platform support (Unix, NT, Linux,
etc…) Must support multiple authentication
protocols• Different sites have different security
requirements• Flexibility
www.cs.wisc.edu/condor
Design Requirements
› Protecting data and secure communication Encryption Integrity check Support multiple platform Must support both TCP and UDP
› User based authorization Fine-Grained access control
› Auditing Logging
www.cs.wisc.edu/condor
Grid Requirements
› Condor is part of the Grid community Need to meet various Grid security
requirements AAA:
• Authentication -- X.509 based PKI infrastructure• Authorization• Accounting
Fully integrated with Globus Toolkit
www.cs.wisc.edu/condor
Trust Model
› In what do we trust? Authentication Protocols
• Kerberos, X.509, NTSSPI, etc.• Strong authentication is the key
Authentication services• Certificate Authorities, Kerberos servers, etc
System Administrators• Configurations
Machines where Condor is installed
www.cs.wisc.edu/condor
Condor Daemons and Tools
Condor Security Architecture
TCP/UDP OpenSSL Globus GSI Kerberos
CryptographyServices
Authentication Services
Other
CEDAR
Libraries
Services
Authorization
www.cs.wisc.edu/condor
Current Status (>=V6.3.2)
› Authentication Support multiple protocols
• Kerberos, X.509, NTSSPI, File System• Use Globus Toolkit (2.0) for Grid related
security services
www.cs.wisc.edu/condor
Authorization
› User based access control policy Access Control Format:
ACCESS_LEVEL = user@domain/hostname, Support wild cards for flexibility
› Each Condor command is associated with an authorization level:
• READ, WRITE, DAEMON, CONFIG, ADMIN, OWNER, NEGOTIATOR
› Specify users for each authorization level Either ALLOW or DENY
www.cs.wisc.edu/condor
Authorization Examples
› Allow all users READ access ALLOW_READ=*/*
› Allow all engineering department users who come from a machine on UW campus network WRITE access ALLOW_WRITE=*@engr.wisc.edu/*.wisc.edu
› Allow condor-1 and condor-2 to have CONFIG access level ALLOW_CONFIG =
www.cs.wisc.edu/condor
Authorization Examples
› Only allow the user [email protected] who come from CS department network to have DAEMON access level ALLOW_DAEMON=
[email protected]/*.cs.wisc.edu
› Only [email protected] from the host bigbird can have ADMIN level of access ALLOW_ADMIN=
[email protected]/bigbird.cs.wisc.edu
www.cs.wisc.edu/condor
Authorization Examples
› Deny following users READ access [email protected]/*,
› Deny [email protected] WRITE access [email protected]/*
www.cs.wisc.edu/condor
Current Status (Cont.)
› Data Encryption OpenSSL based
• Support 3DES, Blowfish
Support both TCP and UDP
› Data Integrity OpenSSL based
• Support MD5
Support both TCP and UDP
www.cs.wisc.edu/condor
UDP Encryption/Integrity
› Encryption and Integrity support for UDP is hard UDP is connectionless
• Packets may come from different sources!
UDP is not reliable How to address these issues?
www.cs.wisc.edu/condor
UDP Encryption/Integrity
› Use TCP+strong authentication protocol for initial key exchange The protocol must provide encryption
support Exchange a secret key and a key Id
› Each side cache the <key, key Id> pair› Include <key Id> in subsequent
communication › Use <key> for encryption, for integrity
check for UDP packets
www.cs.wisc.edu/condor
UDP Encryption/Integrity
Schedd Startd
Central Manager
Initial State
www.cs.wisc.edu/condor
UDP Encryption/Integrity
Schedd Startd
Central Manager
UPDATE
Command Request (UDP)
www.cs.wisc.edu/condor
UDP Encryption/Integrity
Schedd Startd
Central Manager
AUTHENTICATE
Authentication (TCP)
www.cs.wisc.edu/condor
UDP Encryption/Integrity
Schedd Startd
Central Manager
[Key-
1, ID-1
]
ID-1 Key-1
Key-1ID-1
Key Exchange(TCP+Encryption)
www.cs.wisc.edu/condor
UDP Encryption/Integrity
Schedd Startd
Central Manager
[UPD
ATE,ID-1
]
ID-1 Key-1
Key-1ID-1
Update (UDP withEncryption/Integrity)
www.cs.wisc.edu/condor
UDP Encryption/Integrity
Schedd Startd
Central Manager
ID-1 Key-1
Key-1ID-1Key-2ID-2
Key-2ID-2
[UPD
ATE,ID-1
][UPDATE,ID-2]
Steady State (UDP)
ID-3 Key-3Key-3 ID-3
www.cs.wisc.edu/condor
Issues with UDP Encryption/Integrity
› Session Management
› Key Management
› Key expiration How frequent should we exchange a
new set of keys?
› Crash recovery
www.cs.wisc.edu/condor
Status Summary
› Strong authentication Support multiple protocols
› User-based authorization
› Encryption for both TCP/UDP
› Integrity check for both TCP/UDP
www.cs.wisc.edu/condor
Future Work
› Grid related work Science Grid, PPDG … related work Community Authorization Service (CAS)
› Credential related Expiration, refresh, delegation MyProxy
› More work on authorization SPKI/SDSI, ClassAd
www.cs.wisc.edu/condor
Questions?
› Demo on Wednesday Room 3397, CS Building, 9am – noon
› More about Condor http://www.cs.wisc.edu/condor [email protected]
› Talk to us: Zachary Miller,Todd TannenbaumMiron LivnyHao Wang