Managed by Security Requirements Analysis for Large-scale Distributed Systems Syed Naqvi 1 , Olivier Poitou 1 , Philippe Massonet 1 , Alvaro Arenas 2 1 Centre of Excellence in Information and Communication Technologies (CETIC) {syed.naqvi, olivier.poitou, philippe.massonet}@cetic.be 2 CCLRC Rutherford Appleton Laboratory [email protected]
25
Embed
Security Requirements Analysis for Large-scale Distributed Systems
Security Requirements Analysis for Large-scale Distributed Systems. Syed Naqvi 1 , Olivier Poitou 1 , Philippe Massonet 1 , Alvaro Arenas 2 1 Centre of Excellence in Information and Communication Technologies (CETIC) {syed.naqvi, olivier.poitou, philippe.massonet}@cetic.be - PowerPoint PPT Presentation
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Managed by
Security Requirements Analysis for Large-scale Distributed Systems
Syed Naqvi1, Olivier Poitou1, Philippe Massonet1, Alvaro Arenas2
1Centre of Excellence in Information and Communication Technologies (CETIC){syed.naqvi, olivier.poitou, philippe.massonet}@cetic.be
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 2
Outline
• Introduction• Grid Security Requirements• Solutions for these Requirements• Conclusions
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 3
Outline
• Introduction• Grid Security Requirements• Solutions for these Requirements• Conclusions
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 4
Location based ondata attributes
Location of one ormore physical replicas
State of grid resources, performance measurements and predictions
Metadata Service
Application
Replica LocationService
Information Services
Planner:Data location, Replica selection,Selection of compute and storage nodes
Security and Policy
Executor:Initiates data transfers and computations
Data Movement
Data Access
Compute Resources Storage Resources
Functional View of Grid Data Management taken from www.twgrid.org
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 5
Decentralized multi-writer file system– Based on a Peer-to-Peer technology– Self managing data storage location
FileStamp – Distributed File System
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 6
FileStamp Architecture
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 7
File Redundancy
Dynamic replica regeneration
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 8
BitTorrent Technology
Moreover transfers can be interrupted and restarted from the last transferred bytes
FileStamp – File Transfer
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 9
Outline
• Introduction• Grid Security Requirements• Solutions for these Requirements• Conclusions
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 10
Generic Requirements
• Authentication– Each party establishes a level of trust in the identity of
the other party– Authentication protocol sets up a secure communication
channel between the authenticated parties
• Authorization– Allows access to resources based on policies attached
to each service.– VOs introduce challenging management & policy issues
• Complex relationships between local site policies and the goals of VO
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 11
Generic Requirements
• Availability– Legitimate users have access when they need it – Replication: well-known technique for improving availability
in distributed systems• Total network load is also decreased if replicas & requests are
reasonably distributed
• Confidentiality– Assures that information does not reach unauthorized
individuals, entities, or processes.– Achievable by a mechanism for ensuring access control– Confidentiality requirements include point-to-point transport
as well as store-and-forward mechanisms.
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 12
Generic Requirements
• Integrity– Assurance that information can only be accessed or modi-
fied by those authorized to do so.– Nontrivial problem
• especially when storage hardware and networks are not perfect
• Traceability– Mechanism of observing the various actions taken by the
different actors– Used to develop audit trails– Events are recorded in log files– Can be used to determine the responsibility of incidents
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 13
Specific Requirements
• Resilience – Provides an abstraction layer to hide the architectural
changes from the overall security architecture– Security architecture should remain intact and should
deliver the promised level of security even if its composition changes over time.
• Grid links and nodes are very dynamic in nature and may change over the time.
• Data Lifecycle Management (DLM)– Lifecycle is the time from the moment data is created until
it is deleted or stored indefinitely.– Security assurances require spanning the entire lifecycle
of data.
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 14
Specific Requirements
• Fault-tolerance – Highly desirable feature especially for large data files transfer.– Overlay networks provide caching of transfers.– But caching reduces performance of the overall data transfer.
• Amount of data that can be cached is dependent on the storage policies at the intermediate network points.
– The caching and other techniques do not consider security parameters
– Appropriate negotiations protocol is indispensable to negotiate the terms and conditions of security before moving or (temporarily) storing data.
– Negotiations process should not take its toll on the system’s performance.
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 15
Outline
• Introduction• Grid Security Requirements• Solutions for these Requirements• Conclusions
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 16
Authentication
• Current authentication mechanism– File owner issues a certificate for the write
access to the file.– Authentication of the certificate is performed
by the DHT (Distributed Hash Table) nodes and FS (File System) clients.
• Both signatures are verified when storing/ retrieving a UCB (User Certificate Block)
– This certificate has some major problems:• It always gives write permission even if the
user only requires read permission.
• It’s format is not standardized!
• It renders compatibility problem with existing standard credentials (X.509, Kerberos, etc.)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 17
Target is to maintain an optimal number of replicas of a data set
Key issues:• Determine optimal number of replicas•How efficiently the system recognizes faulty nodes• How transparent data is migrated
FileStamp should be able to negotiate the terms of security parameters with the nodes
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 22
Data Lifecycle Management (through HSM)
VO security policy should explicitly mention the desired lifecycle of the data being managed by the FileStamp
• FileStamp should indicate the stage where the data generated by the VO operations should be destroyed from the storage devices
FileStamp should also employ some secure storage management technique such as HSM (Hierarchical Storage Management)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 23
Outline
• Introduction• Grid Security Requirements• Solutions for these Requirements• Conclusions
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 24
Conclusions• Global connectivity of computing and storage resources
opens up the possibility of misusing information to a degree never seen before
• The objective to facilitate use of these resources by protecting them against any misuse must, however, be realistic given the current technical infrastructure
• Security technologies be integrated from the inception stage rather than considering them as add-on optional features
• The risk and threat pictures are always changing, and their analysis needs to be continuously updated
REMEMBERSecurity is not a product – Security is a process!
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 25
Future Work
• Formalising the FileStamp Security Requirements using the KAOS methodology– Obstacle model– Extending KAOS with templates for security
requirements
• Deriving Security Policies from the Security Requirements
• Policy Refinement– Exploiting againg features from KAOS (e.g. goal