Mine Altunay July 30, 2007 Security and Privacy in OSG.

Mine Altunay

July 30, 2007

Security and Privacy in OSG

07/30/2007 OSG Site Admins Technical Meeting, July 2007: Mine Altunay 2

Who am I ?

• Recently joined OSG Security Team

• Ramping up to be full time OSG Security

• Working through the OSG Security Plan

• Helping develop any new items for the Security Plan in Year 2


Security Controls

• Security Control: safeguards prescribed for an information system to protect integrity, confidentiality and availability of a system and its information– Management Controls (policies)– Operational Controls (things that people do)– Technical Controls (things that machines do)

• OSG Security Plan defines, implements and executes these controls


Security Plans

• Two types of security plans– Core OSG:

• assets under complete control of OSG (eg, middleware software cache).

• OSG is responsible for security of these systems

– Facilities, VOs and software providers that are “part” of OSG.

• OSG can create examples and templates of security plans that can be incorporated into site and VO plans.

• Sites and VOs are responsible for security of these


What does this mean for a site admin?

• You are responsible for the security of your own site

• You should• understand the usage scenarios• analyze the risks• implement and execute security controls


Site Resources

Accessible to VO

Data Storage 1 Data Storage 2

Site Database

Site Web Services

WN WN

WN WN

WN

WN

Cluster 1

NOT Accessible to

VO

A fictitious site access policy:• for each resource, only allow authorized users AND• deny any requests from black-listed users


• Site grants access to the VO.

• VO delegates the access privilege to its trusted members

• VO manages its members’ access rights– different access rights to different VO

members– E.g. grouping of users based on tasks; or

roles played in an experiment


A simple usage scenario

grid job

VO Site

Researcher A from University X, which isa member of the VO

VO trusts Researcher Site trusts VO

Site allows access by Researcher

VO-accessible Site Resources

VO Infra. & Services

Data Storage 1

WN WN

WN WN

WN

WN

Cluster 1


Researcher A from Uni. X

Researcher B from Uni. Y

Group 1’s

Data

Group 2’s

Data

VO

Group1 : Uni. XRole: Researcher,Privileges: execute, read-write

• VO determines member privilegesover Site resources

•

Group2 : Uni. YRole: Researcher,Privileges: execute, read-write

• Site enforces VO assigned permissions

Site resources


VO Policy

Site Policy

Enforced Policy

Site’s Resources that are accessible to VO

Data Storage 1WN WN

WN WN

WN

WN

Cluster 1


Researcher A fromGroup 1

grid job 1

VO


Site

Researcher B fromGroup 2

Group 1’s

Data

Group 2’s

Data

Unauthorized access

Enforced Policy outcome• Researcher A cannot modify Researcher B’s data (due to VO policy)


Researcher A fromGroup 1

grid job 1

VO


Site

Researcher B fromGroup 2

DN name is blacklisted

Group 1’s

Data

Group 2’s

Data

Enforced Policy outcome• Researcher B denied access• due to Site policy

Unauthorized access


Grid Site

VOMSVOMRS

VO Services

synchronize

reg

iste

r

get-voms-proxy

synchronize

SAZ

Sitewide Services

GUMS

CE

Gatekeeper

Pri

ma/

SA

ML

ca

llou

ts (

C)

Job Manager

Submit request with voms-proxy

Privilege ProjectModule

Legend

VO Management Services

user name

DN, FQAN

DN, FQAN user name

SE

SRM

gPlazma

Storage AuthService

DN

, FQ

AN

Prima/SAML Client (Java)

Sto

rag

e p

riv

set

DN

, FQ

AN

Sto

rag

e p

riv

set

certificate

VOMSExtendedproxy

VOMSExtendedproxy

Is authorized?

yes/no


GUMS

Gatekeeper

Pri

ma/

SA

ML

ca

llou

ts (

C)

Job Manager

Pilot DN

Pilot UID

Pilot

User JobWN

Pilot UID

Pilot UID

Pilot

User queue

User job

User DN

User DN

Pilot DN

Request

• User job and Pilot job runs in the same user account modifications between jobs• Site does not auth/authz the useronly auth/authz pilot job


GUMS

Gatekeeper

Pri

ma/

SA

ML

ca

llou

ts (

C)

Job Manager

Pilot DN

Pilot UID

Use

r D

N

Use

r U

ID

Pilot

User Job WN

Pilot UID

User DN

User UID

Pilot

User queue

User job

User DN

User DN

Pilot DN

Request


What if something goes wrong?Incident Response

• Researcher A launches attack against the Site

• Site discovers the attack• Site analyzes the attack, temporarily

blacklists Researcher A (if it can trace it)• Site should

• Call GOC at 1 317-278-9699, or • submit a trouble ticket,• Email [email protected] • Or email security-discuss-

[email protected]


– Inform VO security contact– Site trusts the VO, not individual members– VO finds which member has the privilege

• Logs and mapping repository (VOMRS)

– Determines culpability and take measures over Researcher A’s privileges

• OSG has only controls over core OSG assets and staff– VO is responsible for its users behavior– OSG may bar a VO

• if VO violates OSG policies


• Building and maintaining a trust relationship with VO• Determining which resources are accessible to VO

members and in which capacity• Reaching an agreement with VO over the usage of the

resources – privileges associated with roles (r/w privilege over a

data location by a VO member) • Enforcing VO assigned privileges and site’s access

policies• Keeping in synch with VO policy (e.g. VOMRS),

maintaining service availability for access

Sites are responsible for


– Keeping access logs of VO users and maintaining audits

– Informing VO Security contact about security incidents

– Complying with grid operational controls• Keeping up to date with CA-certificates• IGTF updates• Certificate Revocation Lists• Using latest configuration for grid distributed software

Date post:	05-Jan-2016
Category:	Documents
Upload:	posy-elliott
View:	213 times
Download:	0 times

Mine Altunay July 30, 2007 Security and Privacy in OSG.

Documents