Nicola Mezzetti TAPAS Workshop 2002 Bologna TAPAS Workshop

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna TAPAS Workshop Achieving Security and Privacy on the Grid Nicola Mezzetti Achieving Security and Privacy on the Grid 1

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Presentation Contents • Grid: an architecture for group collaboration; • Meaning of “Security” and “Privacy” in this work; • Grid security features; • Grid security: open issues; • A new approach in structuring the Grid: • addresses security problems; • easily introduces privacy features; • Conclusion remarks: • New CAS features; • TAPAS vs. Grid. Achieving Security and Privacy on the Grid 2

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Grid: generalities (1/2) Grid: Protocol architecture to address the resource sharing among dynamical collections of individuals, institutions and resources • flexible; • secure; • coordinated; • without any assumption about trust relationships. Virtual Organization (VO): a set of individuals and institutions defined by such sharing rules. Achieving Security and Privacy on the Grid 3

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Grid: generalities (2/2) Interoperability is a key issue on the Grid: • Grid connectivity protocols are built on TCP/IP. Grid communities (VOs) are: • Scalable: low administration cost; • Flexible: policies can dinamically change; • Structurable: can realize complex policies. Achieving Security and Privacy on the Grid 4

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Security and Privacy To improve security, we will address the fairness property: • Fairness: A system is fair if it is impossible for a malicious party to gain advantages over honest ones. Privacy is a personal concept: • Privacy: An entity must be able to make or serve requests setting aside its real identity details that do not matter with service specifications. Achieving Security and Privacy on the Grid 5

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Grid: security issues Grid security features are based on Globus GSI • Single sign-on; • Delegation: (restricted) proxy credentials; • Integration with local security solutions; • User-based trust relationships • the user is the minimal unit to define policy rules. and CAS system • Trusted third party to manage global policy; • Keeps track of community users, groups and resources; • Allows VOs to be scalable, flexible and structurable. Achieving Security and Privacy on the Grid 6

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Resource request Anyone representing the community can get an identity and instantiate a CAS server. A user asks the CAS for a capability to perform a set of actions: • he/she will get the capability if the request is compliant with global policy. That capability can be used to ask for a service: • the user authenticates him/herself to a provider; • the request will be honoured if compliant both with the capability rights and with the resource provider’s local policy. Achieving Security and Privacy on the Grid 7

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Grid and security: open issues Responsibility consistence is the feature proper of a system that adopts security measures to prevent attacks and abuses. A resource provider requests: could receive unchecked service 1. Fairness property could loose validity; 2. The system is not responsibility consistent. The system is not really scalable (e. g. join of two VOs into a larger one). Solution: Capabilities policy-compliance must be verified both when they are generated and when they get to the provider’s physical organization. Achieving Security and Privacy on the Grid 8

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Figure 1 Achieving Security and Privacy on the Grid 9

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna The new CAS structure Responsibility consistence can be addressed by: 1. Each physical organization must keep a local server, the community server (CS), to know allowed inbound requests and the ones that can be generated; 2. Each CS must also keep track of resources shared by the organization it represents; 3. VO Connectivity Server (VOCS) is used to bring connectivity among CSs; it can neither generate capabilities nor implement any policy rule. These rules change the older CAS structure from a flat one into a hierarchical one (generic n-ary tree). Achieving Security and Privacy on the Grid 10

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Figure 2 Achieving Security and Privacy on the Grid 11

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna How to introduce privacy Privacy features on client-side anonymizing proxy certificates: can be achieved by • a user belongs to a security group of a particular physical organization, other details can be hidden. On server-side privacy can be achieved by hiding resources details into the Community Authorization System. Using virtual circuit paradigm helps hiding details about communication through the whole CAS. Achieving Security and Privacy on the Grid 12

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna How the request protocol changes To request for a capability, a user: 1. Authenticates himself to local CS using proxy certificate; 2. Asks for a capability; 3. If the request is policy compliant, that user will get anonymous capability. To ask for a service, that user: 1. Authenticates himself to local CS; 2. Asks for a service presenting anonymous capability; 3. If compliance checks succeed, the request is routed through the CAS system. Achieving Security and Privacy on the Grid 13

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna CAS Routing Protocol A client sends the request to its local CS. If the request can be satisfied by a local provider: • the request is passed from the CS to the server, else the local CS passes it up to higher VOCS, that can: • try to match the request with a provider in its subtree, • pass the request up to higher level VOCS. If a request reaches the root VOCS without finding a suitable provider, that request is not satisfable. Achieving Security and Privacy on the Grid 14

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Conclusion remarks: new CAS features • Improved scalability: • multi-level virtual organizations; • low costs for resource addings; • Flexibility; • Structurability; • Improved security: • no more inter-organization attacks; • Privacy: both on client and provider side. Achieving Security and Privacy on the Grid 15

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Conclusions: improved scalability Achieving Security and Privacy on the Grid 16

Nicola Mezzetti - TAPAS Workshop 2002 - Bologna Conclusion remarks: TAPAS vs. Grid • Different engineering techniques: • • • TAPAS is well modelled by the use of UML and its extentions; Different environment: • TAPAS is component-oriented; • each resource is controlled by a component; Different Trust model: • TAPAS ASP can be seen as a Trusted Third Party (TTP); • TAPAS contract are made by SLA. Achieving Security and Privacy on the Grid 17