Optimal response to attacks on the open science grid Mine Altunay, Sven Leyffer, Jeffrey T. Linderoth, Zhen Xie Advisor: Yeong-Sung Lin Presented by I-Ju.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Slide 1
Optimal response to attacks on the open science grid Mine
Altunay, Sven Leyffer, Jeffrey T. Linderoth, Zhen Xie Advisor:
Yeong-Sung Lin Presented by I-Ju Shih 2011/4/11 1
Slide 2
Agenda Introduction and background Collaborations in open grids
and collaboration network graph model Estimating the threat levels
Modeling optimal response to network attacks Responding by closing
sites Responding by closing and monitoring links Numerical
experience Extensions and conclusions 2011/4/11 2
Slide 3
Agenda Introduction and background Collaborations in open grids
and collaboration network graph model Estimating the threat levels
Modeling optimal response to network attacks Responding by closing
sites Responding by closing and monitoring links Numerical
experience Extensions and conclusions 2011/4/11 3
Slide 4
Introduction and background The emergence of open grid
infrastructures, such as the Open Science Grid, TeraGrid and Earth
System Grid, has enabled scientists to exploit unprecedented
computing resources for data-intensive research opportunistically
share the computing resources. A common concern is that the
increased openness may allow malicious attackers to spread more
readily around the grid. Thus, cybersecurity has become a growing
concern especially in open grids. 2011/4/11 4
Slide 5
Introduction and background Open grids seek to bring scientists
together with the necessary computational powers by making
institutional barriers transparent. The security perimeters
traditionally defined at institutional boundaries are ineffective
against attacks on these grids. Thus, we must understand how
collaborations form in grids and how this collaboration affects the
security of grid participants. We also must understand
attack-spread patterns. Gathering security information from
different institutions is time consuming and prone to error.
2011/4/11 5
Slide 6
Introduction and background This paper collects the necessary
information ahead of time and build a collaboration network graph
from the grid. Based on this collaboration network graph, this
paper developed optimal response models. Several researchers
recently have conducted related work in modeling and simulation
attacks over the Internet. However, these studies did not
investigate attack-spread patterns, and they omit the interactions
among compromised hosts. This papers model takes the collaboration
network graph as input and uses optimization techniques to
calculate the threat level for each grid participant. 2011/4/11
6
Slide 7
Introduction and background This paper considers how to
optimally respond to attacks in open grid environments. This papers
goal is to minimize the threat levels for all participants while
maximizing the grid productivity. 2011/4/11 7
Slide 8
Agenda Introduction and background Collaborations in open grids
and collaboration network graph model Estimating the threat levels
Modeling optimal response to network attacks Responding by closing
sites Responding by closing and monitoring links Numerical
experience Extensions and conclusions 2011/4/11 8
Slide 9
Collaborations in open grids 2011/4/11 9 A grid resource is a
computing element or a storage element. A grid site is defined as a
collection of grid resources under a single administrative domain.
In grid computing, a science experiment is modeled as a Virtual
Organization (VO). The VO Management Service (VOMS) and the
Community Authorization Service (CAS) are two tools developed to
capture authorization-related collaboration rules for VOs. Sites
that wish to contribute to a VO contacts a VOMS or CAS server.
Slide 10
Collaborations in open grids 2011/4/11 10 A VO can access
various resources, some of which are owned by the VO and dedicated
to VO usage, some are owned by other parties, such as a grid site,
but dedicated to the VO usage, some are owned by grid sites and
shared across multiple VOs. A realistic model should include both
resources and scientists, and should indicate how they are
interconnected. The goal of this papers model is to demonstrate how
an attack can spread across scientists and resources due to this
interconnectedness.
Slide 11
Collaborations in open grids 2011/4/11 11
Slide 12
Collaborations in open grids 2011/4/11 12 four types of linkage
between resources and humans: (1) two resources are linked because
the same user can access to both resources.
Slide 13
Collaborations in open grids 2011/4/11 13 four types of linkage
between resources and humans: (2) two users are linked because they
use the same resource.
Slide 14
Collaborations in open grids 2011/4/11 14 four types of linkage
between resources and humans: (3) two users are linked because they
belong to the same VO.
Slide 15
Collaborations in open grids 2011/4/11 15 four types of linkage
between resources and humans: (4) two resources are linked because
they contribute to the same VO but there is no common user between
them.
Slide 16
Collaboration network graph model 2011/4/11 16 Based on these 4
linkage types, this paper develops a collaboration network graph
model. This papers model in its initial phase considers only the
linkage type 1, resources with common users. The collaborations in
grid is modeled as an undirected graph by, where is the set of
edges {i, j} for i, j S, and S represents the set of grid resources
or grid site. Site iSite j An edge {i, j} exists if and only if
there exists at least one common user between sites i and j.
Slide 17
Collaboration network graph model 2011/4/11 17 Existing grid
models so far focus on so-called observable interactions. The
collaboration network graph model is that it captures non-obvious
linkages between resources and scientists based on security
assessment of observable interactions. Based on this model, we can
understand how a security threat can spread across the grid and how
we can contain it most optimally.
Slide 18
Collaboration network graph model 2011/4/11 18 Data This paper
implemented the collaboration network graph model based on the data
which received from the Open Science Grid. The OSG has 150
registered grid resources, approximately 8000 users with 46
registered VOs. For resources r1, r2 R(R is the set of grid
resources), we consider r1 linked to r2 if r1 and r2 are both used
by some user u U, where U is the set of scientists in OSG.
Slide 19
Collaboration network graph model 2011/4/11 19 Site
Slide 20
Agenda Introduction and background Collaborations in open grids
and collaboration network graph model Estimating the threat levels
Modeling optimal response to network attacks Responding by closing
sites Responding by closing and monitoring links Numerical
experience Extensions and conclusions 2011/4/11 20
Slide 21
Estimating the threat levels 2011/4/11 21 Notation
Slide 22
Estimating the threat levels 2011/4/11 22 Notation
Slide 23
Estimating the threat levels 2011/4/11 23 Notation
Slide 24
Estimating the threat levels 2011/4/11 24 The threat level
clearly depends on the collaboration network graph and the open
grids, and we assume that sites where an attack has been detected
have threat levels equal to one. We let S be the set of all sites,
and we assume that we are given a partition of S into compromised
sites, Sc, and uncompromised sites, Su, and be the set of edges.
The weight of an edge {i, j} can be defined as the number of common
users between site i and j.
Slide 25
Estimating the threat levels 2011/4/11 25 This paper assumes
that the threat ti to site i from a connected site j, is
proportional to the product of the threat level and load of site j.
Hence, the threat level at site i can now be obtained by solving
the following system:
Slide 26
Estimating the threat levels 2011/4/11 26 This paper gives a
sufficient condition that ensures that the threat levels (ti) are
between zero and one.
Slide 27
Agenda Introduction and background Collaborations in open grids
and collaboration network graph model Estimating the threat levels
Modeling optimal response to network attacks Responding by closing
sites Responding by closing and monitoring links Numerical
experience Extensions and conclusions 2011/4/11 27
Slide 28
Modeling optimal response to network attacks 2011/4/11 28 Local
security contacts can respond to an attack by shutting down or
monitoring parts of a network. This response has two competing
goals: 1. Reduce the threat to uncompromised sites as much as
possible. 2. Minimize the impact of the response on the remaining
grid or maximizing the utility of the grid.
Slide 29
Modeling optimal response to network attacks 2011/4/11 29
Responding by closing sites This paper models the closure of a site
(all edges associated with it are closed) with a binary decision
variable: And define the utility of the network as the total number
of users (might not be unique users) that can continue to use the
network:
Slide 30
Modeling optimal response to network attacks 2011/4/11 30
Responding by closing sites This paper assumes that closing a site
stops the spread of an attack from that site. only the threat level
for those open sites is interesting to us, we can modify Eq. (4.2)
as Hence, the threat level for any closed sites is set explicitly
to 0.
Slide 31
Responding by closing sites To avoid the solution of a
multiobjective integer optimization problem, this paper adds a
constraint on the maximum allowable threat level, tj