Upload
elton
View
39
Download
0
Embed Size (px)
DESCRIPTION
Bartosz Baliś 1 , Marian Bubak 1,2 , Wojciech Rząsa 3 , Tomasz Szepieniec 2 , Roland Wismüller 4. Two Aspects of Security Solution for Distributed Systems in the Grid on the Example of the OCM-G. 1) Institute of Computer Science, AGH 3) Rzeszów University of Technology. - PowerPoint PPT Presentation
Citation preview
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Two Aspects of Security Solution for Distributed Systems in the Grid
on the Example of the OCM-G
Bartosz Baliś1, Marian Bubak1,2, Wojciech Rząsa3, Tomasz Szepieniec2,
Roland Wismüller4
1)Institute of Computer Science, AGH 3)Rzeszów University of Technology
2)Academic Computer Centre -- CYFRONET 4)LRR-TUM -- Technische Universitat Munchen
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Plan
● OCM-G - on-line grid monitoring system● Security issues● Two aspects of the solution● Performance analysis● Generalization of the solution● Summary
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
OCM-G Architecture
● Service Managers● one per site● permanent● handle multiple users
● Local Monitors● one per host-and-user● transient● owned by the user
Site
LM LM
Site
Node Node Node`
SM SM
LM
Tool
request
request
request
request request
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
OCM-G startup
LM
process
site
Node 1 Node 2
process
LM
fork() fork() fork()
process
User 1
process
User 2
LM
SMSM
Shared component
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Virtual Monitoring System
● A subset of OCM-G components involved in one application
● Share information about the application● Only the VMS members are allowed to
monitor the application● Service Managers may be shared
between multiple VMSs
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Extending VMS
processprocess process
LM LM
VMS
process
register
Request membershipSM
LM
register
SM
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Security issues
● Shared monitoring system components● Authentication required
● OCM-G manipulates processes● Authorization required
● Service Manager - permanent service● Security of the site cannot be lowered
● Moreover:● Reliability of the results● Confidentiality of monitoring information
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
User certificates for:• tools• Local Monitors
Requirements• Issued by valid CA
Specific certificates for:• Service Managers
Requirements• Issued by valid CA• Issued specifically for the
SM; specific DN, e.g. /C=PL/O=GRID/O=Cyfronet/CN=OCM-G-SM/
GSI for connections between components(authentication, authorization, integrity,
confidentiality)
1st aspect of the solutionGSI and certificates
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Connections secured with GSI
● Analogous LM – SM connection establishment● Valid certificates required to establish connection
Mutual authentication(certificates exchange)
Network connection
AuthorizationAuthorization
Secured connection(authenticity, integrity,
confidentiality)
SMSM
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Remaining vulnerabilities(Service Manager problem)
Service Managers shared between users Anyone can pretend SM Valid SM certificate required to join VMS Administrators can access SM certificate ''Forged-component attack'' is possible
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Forged-component attack
processprocess process
LM LM
VMSRequest membership
SMSM
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Should we trust site administrators?
We already trust:• Administrators can access users' accounts with private
keys• Administrators can control his users' resources• ... possibly on the other sites (using his users' private
keys) By the forged-component attack
administrator can access other users' resources on the other sites
Conclusion: we cannot authorize SM to join VMS using his certificate only.
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Secured protocol of extending VMS
processprocess process
LM LM
VMS
process
register
Request membershipSM
LM
Digitaly signed''written permission''
SM''written permission'' exchange
Permission verification Permission verification
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
2nd Aspect of the solution
Secured protocol of extending VMS Request to join VMS digitally signed by the
user While extending VMS both SMs present:
• Valid SM certificate • ''Written permission'' of the VMS owner
Consequence: administrators cannot access other users' resources on the other sites
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Performance
Low monitoring overhead essential for the on-line system
1st aspect of the solution introduces additional overhead
2nd security aspect affects startup only Test: transmission of 100B packets between two
processes, CPU time measured• CLEAR - data not secured• AUTH - authentication and authorization• PROTECT - authenticity/integrity protection• CRYPT - confidentiality protection
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Overhead test results
Security level
Avg. Time [ms]
CLEAR 0.0530 AUTH 0.0448 PROTECT 0.2357 CRYPT 0.3826
Worst case latency of the order of 0.1 ms acceptable for on-line monitoring
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Distributed system
Generalization
SMSM
SM
Distributed agent
proc
LM
proc
LM
proc
tool
tool
proc
LM
proc
proc
LM
proc
LMresourceres.
resource
res. res.
User
User
Institute of Computer
Science AGH
Technishe Universitat Munchen
Rzeszów University of Technology
Summary
The proposed security solution• 1st aspect – communication security• 2nd aspect – secured protocol of extending
VMS Acceptable overhead confirmed by the test
results We believe it is possible to adapt the
solution to similar architecture systems