Top Banner
Virtual Workspaces Kate Keahey [email protected] Argonne National Laboratory
11

Virtual Workspaces

Feb 05, 2016

Download

Documents

hawa

Virtual Workspaces. Kate Keahey [email protected] Argonne National Laboratory. Need a way to configure remote nodes effortlessly, dynamically, flexibly Need to be able to enforce positive and negative resource usage. Why do we need virtual workspaces?. Virtual Workspaces. Grid client - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Virtual Workspaces

Virtual Workspaces

Kate [email protected]

Argonne National Laboratory

Page 2: Virtual Workspaces

Security Workshop, GGF 12 Kate Keahey

Why do we need virtual workspaces?

Need a way to configure remote nodes effortlessly, dynamically, flexibly

Need to be able to enforce positive and negative resource usage

Page 3: Virtual Workspaces

Security Workshop, GGF 12 Kate Keahey

Virtual Workspaces

Virtual resource configuration

Protection environment

Software and file configuration state

Execution state

Virt

ual W

orks

pace

Grid

Mid

dle

wa

re

Inte

rfa

ceG

rid c

lien

t In

terf

ace

Grid clients

Grid middlewareinterface

Define interfaces and explore a variety of implementations

Virtual machines are a particularly promising technology

Page 4: Virtual Workspaces

Security Workshop, GGF 12 Kate Keahey

Architecture

Clie

nt

request

VW EPR

inspect and manage

deploy & suspend

use existing VW Create VW

VW Factory

VW Repository

VW Manager

create new VW

ResourceVW

start program

Implemented based on Globus, tested with bioinformatics applicationsTim Freeman, Daniel Galron, SC04 poster

Page 5: Virtual Workspaces

Security Workshop, GGF 12 Kate Keahey

VMs as VWs: the good Configurability

Allow full stack customization: choose OS, 32 on 64-bit, libraries…

Enhanced security Primarily better isolation, but also audit forensics, etc.

Managing state Freezing computation allows migration, suspend and

resume operations, etc. State management/replication tool

Customize once and copy Potential as distribution tool

Good enforcement potential

Page 6: Virtual Workspaces

Security Workshop, GGF 12 Kate Keahey

VMs as VWs: the (not so) bad

Overhead from application perspective Depends on application, VM implementation In practice very promising

No access to specialized hardware Simply needs more work

Resource usage overhead Depends on implementation

Sharing issues and policies How do we share between VMs

Software maturity

Page 7: Virtual Workspaces

Security Workshop, GGF 12 Kate Keahey

VMs and Security: the Good Protecting users from users

As good as it gets Protecting resource from a VM

Strong sandboxing potential for policy-driven resource consumption

enforcement Protecting VM from the resource

Trusted computing: root secure trusted VMMs and attestation: even platform owner cannot break privacy and isolation guarantees

Needs help from hardware Pretty close to as good as it gets

Page 8: Virtual Workspaces

Security Workshop, GGF 12 Kate Keahey

VMs and Security: the Challenging Protecting the VM from the world

VMs are only as secure as the software they run Who maintains all those VMs? Local administrators

would have to maintain too many images… Protecting the world from the VM

Issue 1: one could use one’s privileges as root on a VM (for example to generate harmful network traffic)

Issue 2: no control over software running on VM means potential vulnerabilities could be exploited (also see above)

Although audit works great by the time the damage is done and it is too late!

Page 9: Virtual Workspaces

Security Workshop, GGF 12 Kate Keahey

Potential Solutions VO could do VM certification

Maintenance by the VO makes more sense Does a VO have enough of a stake in this process?

Ultimately it is the platform owner who is to blame…

Detect when something goes wrong Hard: traffic of a parallel application can look surprisingly

like a denial of service attack! IDS isolated from the VM: loss of privacy to the user VO administrator (as well as resource owner) should have

the right to stop a suspicious VM Restricting network traffic

For example: traffic allowed only to VO-owned nodes Is questionable because the idea is to limit “them”, not us

Page 10: Virtual Workspaces

Security Workshop, GGF 12 Kate Keahey

Grid Security with VMs

How does a VM authenticate itself? Can’t put a private key anywhere on the

image Can be compromised Part of the platform?

Signed and re-signed by a trusted source? How can we integrate attestation into Grid

computing seamlessly? We need to allow for a mix of technologies

Page 11: Virtual Workspaces

Security Workshop, GGF 12 Kate Keahey

Conclusions We need virtual workspaces for Grid computing

Although we need to be able to rely on a mix of technologies VMs are a particularly promising technology to use in Grid computing for security reasons and otherwise

A growing role for the VO VO might take on additional responsibilities

Administers and maintains VMs, certification authority, could potentially stop suspect VMs, is to blame if something happens…

Should the VO be a legal entity? Would all this be healthy for a VO?

Do VOs have the resources to do that? What are the trade-offs and a healthy balance?

Mechanisms for secure, efficient sharing between VOs Via Grid tools?

Holy Grail Can we use these new capabilities for Grid computing? Do we

need the increased trust?