110 likes | 247 Views
Cyber Security Issues in HEP and NP Grids. Bob Cowles — SLAC bob.cowles@slac.stanford.edu NC 2004 10 August 2004. Secure Grid Services. Major changes required that have an impact on: Researchers Application Developers Research Organizations Sites Proposal. Researchers.
E N D
Cyber Security Issues in HEP and NP Grids Bob Cowles — SLAC bob.cowles@slac.stanford.edu NC 2004 10 August 2004
Secure Grid Services • Major changes required that have an impact on: • Researchers • Application Developers • Research Organizations • Sites • Proposal NC 2004
Researchers • Identification • Authentication • Authorization NC 2004
Identification • Registration process collects personal information • Privacy concerns • Responsible site personnel must have ability to quickly contact • DOE paranoia about Foreign Nationals NC 2004
Authentication • “Standard” use of certificates is insufficient • Must incorporate other forms of AuthN • Credential Repositories • KCA • MyProxy • Variety of one time password tokens • Smart cards • How to quantify trust in a federated AuthN environment? NC 2004
Authorization • AuthZ got the hard issues from AuthN • Must keep initial implementation SIMPLE • Typically jobs disappear or fail with misleading error messages • Require patience and calm problem reporting to resolve the issues • Heterogeneous resources present a challenge for specifying job requirements • Consider boiling water in Peru NC 2004
Application Developers • Applications with inflexible req’ts will find fewer host sites (think like a virus writer) • Early design to resolve security concerns can greatly improve application portability • Logging in a standard form essential for debugging and incident response • Robust - recovery from temporary outages (allowing security upgrades) NC 2004
Application Developers (2) • Secure programming design and practices (consider boiling water in Peru) • Check all input for validity and verify environment is as expected and minimize requirements for privileges • React quickly to investigate, patch and deploy when security problems are found during both development and production phases “when” they are found, not “if” • Design for re-AuthN and re-AuthZ to protect users NC 2004
Research Organizations • Must maintain AuthN information in a secure, reliable form, responsive to concerns for privacy vs. need for rapid contact in cases of misuse • Must develop and maintain AuthZ policies in a secure, reliable and auditable form • Logs must be generated and securely stored to allow auditing of past AuthN and AuthZ decisions NC 2004
Sites • Must monitor resources to detect and report anomalous or suspected misuse • Maintain infrastructure by mitigating or rapidly applying security patches • Immediately isolate compromised machines, resources or services • Cooperate with other sites and participate actively in incident investigation NC 2004
Proposal • Concentrate on Grid as providing a virtual facility • Research Organizations • use services already in place and provided by the facility for AuthN, AuthZ and logging • select from a menu of policies • Sites • draw on facility resources and expertise for incident detection and response • facility provides incident coordination NC 2004