Optimal response to attacks on the open science grid Mine Altunay, Sven Leyffer, Jeffrey T. Linderoth, Zhen Xie Advisor: Yeong-Sung Lin Presented by I-Ju.

Optimal response to attacks on the open science grid Mine Altunay, Sven Leyffer, Jeffrey T. Linderoth, Zhen Xie Advisor: Yeong-Sung Lin Presented by I-Ju Shih 2011/4/11 1

Agenda Introduction and background Collaborations in open grids and collaboration network graph model Estimating the threat levels Modeling optimal response to network attacks Responding by closing sites Responding by closing and monitoring links Numerical experience Extensions and conclusions 2011/4/11 2

Introduction and background The emergence of open grid infrastructures, such as the Open Science Grid, TeraGrid and Earth System Grid, has enabled scientists to exploit unprecedented computing resources for data-intensive research opportunistically share the computing resources. A common concern is that the increased openness may allow malicious attackers to spread more readily around the grid. Thus, cybersecurity has become a growing concern especially in open grids. 2011/4/11 4

Introduction and background Open grids seek to bring scientists together with the necessary computational powers by making institutional barriers transparent. The security perimeters traditionally defined at institutional boundaries are ineffective against attacks on these grids. Thus, we must understand how collaborations form in grids and how this collaboration affects the security of grid participants. We also must understand attack-spread patterns. Gathering security information from different institutions is time consuming and prone to error. 2011/4/11 5

Introduction and background This paper collects the necessary information ahead of time and build a collaboration network graph from the grid. Based on this collaboration network graph, this paper developed optimal response models. Several researchers recently have conducted related work in modeling and simulation attacks over the Internet. However, these studies did not investigate attack-spread patterns, and they omit the interactions among compromised hosts. This papers model takes the collaboration network graph as input and uses optimization techniques to calculate the threat level for each grid participant. 2011/4/11 6

Introduction and background This paper considers how to optimally respond to attacks in open grid environments. This papers goal is to minimize the threat levels for all participants while maximizing the grid productivity. 2011/4/11 7

Collaborations in open grids 2011/4/11 9 A grid resource is a computing element or a storage element. A grid site is defined as a collection of grid resources under a single administrative domain. In grid computing, a science experiment is modeled as a Virtual Organization (VO). The VO Management Service (VOMS) and the Community Authorization Service (CAS) are two tools developed to capture authorization-related collaboration rules for VOs. Sites that wish to contribute to a VO contacts a VOMS or CAS server.

Collaborations in open grids 2011/4/11 10 A VO can access various resources, some of which are owned by the VO and dedicated to VO usage, some are owned by other parties, such as a grid site, but dedicated to the VO usage, some are owned by grid sites and shared across multiple VOs. A realistic model should include both resources and scientists, and should indicate how they are interconnected. The goal of this papers model is to demonstrate how an attack can spread across scientists and resources due to this interconnectedness.

Collaborations in open grids 2011/4/11 11

Collaborations in open grids 2011/4/11 12 four types of linkage between resources and humans: (1) two resources are linked because the same user can access to both resources.

Collaborations in open grids 2011/4/11 13 four types of linkage between resources and humans: (2) two users are linked because they use the same resource.

Collaborations in open grids 2011/4/11 14 four types of linkage between resources and humans: (3) two users are linked because they belong to the same VO.

Collaborations in open grids 2011/4/11 15 four types of linkage between resources and humans: (4) two resources are linked because they contribute to the same VO but there is no common user between them.

Collaboration network graph model 2011/4/11 16 Based on these 4 linkage types, this paper develops a collaboration network graph model. This papers model in its initial phase considers only the linkage type 1, resources with common users. The collaborations in grid is modeled as an undirected graph by, where is the set of edges {i, j} for i, j S, and S represents the set of grid resources or grid site. Site iSite j An edge {i, j} exists if and only if there exists at least one common user between sites i and j.

Collaboration network graph model 2011/4/11 17 Existing grid models so far focus on so-called observable interactions. The collaboration network graph model is that it captures non-obvious linkages between resources and scientists based on security assessment of observable interactions. Based on this model, we can understand how a security threat can spread across the grid and how we can contain it most optimally.

Collaboration network graph model 2011/4/11 18 Data This paper implemented the collaboration network graph model based on the data which received from the Open Science Grid. The OSG has 150 registered grid resources, approximately 8000 users with 46 registered VOs. For resources r1, r2 R(R is the set of grid resources), we consider r1 linked to r2 if r1 and r2 are both used by some user u U, where U is the set of scientists in OSG.

Collaboration network graph model 2011/4/11 19 Site

Estimating the threat levels 2011/4/11 21 Notation

Estimating the threat levels 2011/4/11 24 The threat level clearly depends on the collaboration network graph and the open grids, and we assume that sites where an attack has been detected have threat levels equal to one. We let S be the set of all sites, and we assume that we are given a partition of S into compromised sites, Sc, and uncompromised sites, Su, and be the set of edges. The weight of an edge {i, j} can be defined as the number of common users between site i and j.

Estimating the threat levels 2011/4/11 25 This paper assumes that the threat ti to site i from a connected site j, is proportional to the product of the threat level and load of site j. Hence, the threat level at site i can now be obtained by solving the following system:

Estimating the threat levels 2011/4/11 26 This paper gives a sufficient condition that ensures that the threat levels (ti) are between zero and one.

Modeling optimal response to network attacks 2011/4/11 28 Local security contacts can respond to an attack by shutting down or monitoring parts of a network. This response has two competing goals: 1. Reduce the threat to uncompromised sites as much as possible. 2. Minimize the impact of the response on the remaining grid or maximizing the utility of the grid.

Modeling optimal response to network attacks 2011/4/11 29 Responding by closing sites This paper models the closure of a site (all edges associated with it are closed) with a binary decision variable: And define the utility of the network as the total number of users (might not be unique users) that can continue to use the network:

Modeling optimal response to network attacks 2011/4/11 30 Responding by closing sites This paper assumes that closing a site stops the spread of an attack from that site. only the threat level for those open sites is interesting to us, we can modify Eq. (4.2) as Hence, the threat level for any closed sites is set explicitly to 0.

Responding by closing sites To avoid the solution of a multiobjective integer optimization problem, this paper adds a constraint on the maximum allowable threat level, tj

Optimal response to attacks on the open science grid Mine Altunay, Sven Leyffer, Jeffrey T. Linderoth, Zhen Xie Advisor: Yeong-Sung Lin Presented by I-Ju.

Documents

background open grids

network attacks

open science grid

open grid environments

grid resource

grid site

grid productivity

background collaborations