Upload File

advanced security for virtual organisations: the pros and

  • Home
  • Documents
  • Advanced Security for Virtual Organisations: The Pros and
22
Advanced Security for Virtual Organisations: The Pros and Cons of Centralized vs Decentralized Security Models Seguran¸caAvan¸cadaparaOrganiza¸c˜ oes Virtuais: Os Pr´os e Contras dos Modelos de Seguran¸ca Centralizado e Descentralizados R. O. Sinnott, D. W. Chadwick, T. Doherty, D. Martin, A. Stell, G. Stewart, L. Su, J. Watt Eighth IEEE International Symposium on Cluster Computing and the Grid (CCGRID), 2008 Rubens Massayuki Suguimoto - Mestrado UFPR - 2009 Rubens Massayuki Suguimoto Universidade Federal do Paran´ a Advanced Security for Virtual Organisations

Upload: others

Post on 08-Nov-2021

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Advanced Security for Virtual Organisations: The Pros and

Advanced Security for Virtual Organisations:The Pros and Cons of Centralized vs

Decentralized Security ModelsSeguranca Avancada para Organizacoes Virtuais:

Os Pros e Contras dos Modelos de SegurancaCentralizado e Descentralizados

R. O. Sinnott, D. W. Chadwick, T. Doherty, D. Martin, A.Stell, G. Stewart, L. Su, J. Watt

Eighth IEEE International Symposium on Cluster Computing and the Grid(CCGRID), 2008

Rubens Massayuki Suguimoto - Mestrado UFPR - 2009

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 2: Advanced Security for Virtual Organisations: The Pros and

Grid Computing

I E uma analogia feita com redes eletricas

I Prove uma infraestrutura para supercomputacao ouprocessamento de alto desempenho

I Compartilhamento de recursos ociosos entre varias instituicoesde forma colaborativa.

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 3: Advanced Security for Virtual Organisations: The Pros and

Organizacoes Virtuais

”A virtual organisation integrates services and resources acrossdistributed, heterogeneous, dynamic organisations to allow serviceand resource sharing when co-operating on the realisation of ajoint goal”. globus.org

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 4: Advanced Security for Virtual Organisations: The Pros and

Controle de acesso aos recursos

I Senhas longas

I Public Key Infrastructure (PKI) - baseado em certificadosX.509 e Autoridade Certificadora

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 5: Advanced Security for Virtual Organisations: The Pros and

Problema e/ou Motivacao

I Administracao de acesso muito precario (”acesso booleano”)

I Necessario maior granularidade de acesso

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 6: Advanced Security for Virtual Organisations: The Pros and

Proposta de um novo controle de acesso

I Baseado em papeis (Role-Based Access Control ou RBAC)

I Considerada um metodo avancado de seguranca

I Os usuarios tem um papel dentro da grade

I Cada papel tem seus limites de acesso

I Existe granularidade de papeis

I Os administradores que definem a quantidades de papeis eseus respectivos limites

I Nao confundir com nıveis

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 7: Advanced Security for Virtual Organisations: The Pros and

Modelos de seguranca

I Centralizado

I Descentralizado

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 8: Advanced Security for Virtual Organisations: The Pros and

Modelo Centralizado

I Uma entidade gerencia todos os papeis

I Todas as VO utilizam-se dessa infraestrutura centralizada parabuscar informacoes sobre o papel de qualquer usuario

I Apos obter o papel, a polıtica da VO vai conferir se existepermissao para acessar o recurso desejado

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 9: Advanced Security for Virtual Organisations: The Pros and

Modelo Centralizado - Pros

I Local fixo para localizar os papeis

I Administracao centralizada

I Flexibilidade

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 10: Advanced Security for Virtual Organisations: The Pros and

Modelo Centralizado - Contras

I Ponto de falha

I Baixa tolerancia a falhas

I Problemas para administrar papeis de usuarios

I Problemas de escalabilidade (adicao de novos papeis)

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 11: Advanced Security for Virtual Organisations: The Pros and

Modelo Descentralizado

I Cada VO possui sua polıtica de papeis

I Pode existir nıveis hierarquicos de papeis administrativosdentro de uma VO

I Pode existir um acordo para uma definicao de quais papeisexistir em toda a grade

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 12: Advanced Security for Virtual Organisations: The Pros and

Modelo Descentralizado - Pros

I Granularidade de acesso

I Escalabilidade

I Seguranca ao associar papeis aos usuarios

I Maior tolerancia a falhas

I Nao e necessario criar novos papeis caso uma nova VO entrena grade

I Maior flexibilidade

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 13: Advanced Security for Virtual Organisations: The Pros and

Modelo Descentralizado - Contras

I O usuario pode ter varios papeis diferentes dentro da grade

I Divulgacao e atribuicoes dos papeis que uma VO define

I O modelo em questao representa um novo paradigma parapesquisas e estudos na comunidade de grids

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 14: Advanced Security for Virtual Organisations: The Pros and

Modelo Hıbrido

I Utilizar as vantagens do sistema de gerenciamento de papeiscentralizado com o controle de acesso granularizdo do modelodistribuıdo

I Uso de gerenciadores de papeis distribuıdos

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 15: Advanced Security for Virtual Organisations: The Pros and

Implementacoes de ferramentas

I Virtual Organization Membership Service (VOMS)

I PrivilEge and Role Management Infrastructure StandardsValidation (PERMIS)

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 16: Advanced Security for Virtual Organisations: The Pros and

Implementacoes de ferramentas - VOMS

I Baseado no modelo centralizado

I Usa o Local Centre Authorization Service (LCAS) e o LocalCredential Mapping Service(LCMAPS)

I Mapeia os papeis para grupos (gid), usuario (uid) e umconjunto de contas na maquina local

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 17: Advanced Security for Virtual Organisations: The Pros and

Implementacoes de ferramentas - PERMIS

I Baseado no modelo distribuıdo

I Suporta maior granularidade de papeis que o VOMS

I Aplica algumas polıticas combinando papeis, alvos e acoes

I ”can this user with this role access this service and invoke thismethod?”

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 18: Advanced Security for Virtual Organisations: The Pros and

Implementacao - Globus

I Globus Toolkit 4

I Usa o VOMS em conjunto com o Globus SecurityInfrastructure (GSI, baseado em PKI)

I Faz uso de interceptadores:I Policy Decisions Points (PDP)I Policy Information Points (PIP)I PERMIS Credential Validation Services (CVS)

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 19: Advanced Security for Virtual Organisations: The Pros and

Implementacao - Globus - Imagem

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 20: Advanced Security for Virtual Organisations: The Pros and

Casos de estudo

I Clinical Trials and Epidemological Domain

I nanoCMOS Eletronics Domain

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 21: Advanced Security for Virtual Organisations: The Pros and

Conclusao

I Esquema de seguranca avancado para ser usados em Gridsbaseado em papeis

I Tanto o modelo centralizado quanto o descentralizado temsuas vantagens e desvantagens

I Existe uma implementacao hıbridacentralizado-descentralizado e foi implementado no GlobusToolkit 4

I Foi apresentados alguns casos de estudo onde esse modelopode ser aplicado

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations

Page 22: Advanced Security for Virtual Organisations: The Pros and

Crıticas

I Grid computing em atraso no Brasil

I Muitos dos artigos publicados tem ”implementacoes locais”

I Algumas informacoes nao sao acessıveis de forma trivial

Rubens Massayuki Suguimoto Universidade Federal do Parana

Advanced Security for Virtual Organisations


A Balanced Look at the Pros and Cons of Virtual Instructor Led Training

Virtual Organisations in Grids TERENA TF-EMC2, Barcelona 8 September 2005

Pros & Cons of the Industrial Revolution…. Pros? Cons?

Biomed tutorial 1 Enabling Grids for E-sciencE INFSO-RI-508833 Virtual Organisations in EGEE

V IRTUAL W ORLD PROS & CONS. O UTLINE Virtual Reality Virtual World Second Life Pros & Cons How Second life Affects Real Life Are we ready

The Pros And Cons Of Using A Virtual Office

VIRTUAL REALITY GAMING Main Question: What are the pros and cons of virtual reality gaming? By Alexandra Hubbard

Virtualization in the Data Center Virtual Servers – How it works – Pros – Cons IPAC’s implementation – Hardware resource usage and trends – Virtualization

Dell DR Series Appliance Virtual Tape Library Best Practices...6 Best practices for setting up Dell VTL Container or NetVault Backup native virtual tape library (nVTL) Pros and Cons

Voyage’Air+Guitar+ Virtual+Presskit+ …€™Air+Guitar:+NAMM+Show+2012+Virtual+Press+Kit+ Page4! easytoplay.Theyappealtoanyone frombeginners!to!seasoned!pros!–!anyone!with! alifestylethatcallsfor!alightweight,affordableandruggedtake

Access Control for Dynamic Virtual Organisations Duncan Russell, Peter Dew & Karim Djemame University of Leeds

PROS 11/01 G5: Records Storage · 1.1. Purpose . This guideline has been produced to assist organisations in meeting the principles of . PROS 11/01 Storage Standard . and associated

Efficiency of Virtual Organisations - The Case of AGI (2001) · 2016-02-27 · Efficiency of Virtual Organisations –The Case of AGI-- Electronic Journal of Organizational Virtualness

Virtual Organisations in Computer Grids and Identity ... · PDF fileUsing WS-Federation and WS-Security for Identity Management in Virtual Organisations Demchenko, ... The OGSA document

Pros & Cons of IM/SMS for Virtual Reference Kris Johnson, Coordinator AskColorado Virtual Reference Collaborative Colorado State Library Albuquerque, New

Regulation of Virtual Currency & Blockchains - … · Regulation of Virtual Currency 5. Regulation of Blockchain Table of Contents . Investment and Interest . 3 ... PROS AND CONS

Embracing Teleworking: Pros and Cons of the Virtual Office (Sam Foster)

WEDNESDAY, JUNE 12TH 2019 - Public Sector Marketing Pros · public sector marketing pros 41 public sector organisations 2,876 tweets about the event All of the speakers brought something

House Painting The Pros And Not Quite Pros

From web strategy to virtual organisations

Establishing Common Ground for Collaboration in Virtual Organisations

PROS CS (Client-Server) Installation and Basic ... · 4.3 PROS CS Products . There are three products included in the PROS CS setup: PROS Client, PROS Server and Web Server. -PROS

PROS 11/01 G5: Records Storage · 2020-02-13 · PROS 11/01: Guideline 5 Records Storage . 1. Introduction . 1.1. Purpose . This guideline has been produced to assist organisations

SOFTWARE DEVELOPMENT AND MIDDLEWARE FOR VIRTUAL ORGANISATIONS

CENTRE FOR DISTANCE AND VIRTUAL LEARNINGcdvl.uohyd.ac.in/wp-content/uploads/2019/12/CDVL-Pros... · 2019-12-29 · Petrol Bunk Centre for Distance and Virtual Learning (Golden Threshold

D24 - Cross-cultural recommendations for operational ...eumon.ckff.si/deliverables_public/D24e.pdf · Akcja Carpatica and Tethys. Virtual Network Organisations: A virtual network

Virtual world pros&cons -morovat

Virtual Organisations

Grid for CBM Kilian Schwarz, GSI. What is Grid ? ● Sharing of distributed resources within one Virtual Organisations !!!!

Efficiency of Virtual Organisations - The Case of AGI (2001)pubs.wi-kassel.de/wp-content/uploads/2013/03/JML_1.pdf · Efficiency of Virtual Organisations –The Case of AGI-- Electronic

[06] PAGING - University of Cambridge · 0 OUTLINE Paged Virtual Memory Concepts Pros and Cons Page Tables Translation Lookaside Buffer (TLB) Protection & Sharing Virtual Memory Demand

FINAL -What Are Virtual Organisations-p

Our Aims for this Session Learn how to identify potential Public Research Organisations (PROs) to collaborate with Offer guidelines on selecting PROs

TERENA NREN-Grids workshop 1/41/4 Virtual Organisations Building a support infraestructure

Challenges for Effective Open Virtual Organisations