Optimal response to attacks on the open science grid Mine Altunay, Sven Leyffer, Jeffrey T. Linderoth, Zhen Xie

Optimal response to attacks on the open science gridMine Altunay, Sven Leyffer, Jeffrey T. Linderoth, Zhen Xie Advisor: Yeong-Sung LinPresented by I-Ju Shih

2011/4/1111AgendaIntroduction and backgroundCollaborations in open grids and collaboration network graph modelEstimating the threat levelsModeling optimal response to network attacksResponding by closing sitesResponding by closing and monitoring linksNumerical experienceExtensions and conclusions

2011/4/1122AgendaIntroduction and backgroundCollaborations in open grids and collaboration network graph modelEstimating the threat levelsModeling optimal response to network attacksResponding by closing sitesResponding by closing and monitoring linksNumerical experienceExtensions and conclusions

2011/4/1133Introduction and backgroundThe emergence of open grid infrastructures, such as the Open Science Grid , TeraGrid and Earth System Grid, has enabled scientists to exploit unprecedented computing resources for data-intensive research opportunistically share the computing resources.A common concern is that the increased openness may allow malicious attackers to spread more readily around the grid.Thus, cybersecurity has become a growing concern especially in open grids.2011/4/1144Introduction and backgroundOpen grids seek to bring scientists together with the necessary computational powers by making institutional barriers transparent.The security perimeters traditionally defined at institutional boundaries are ineffective against attacks on these grids.Thus, we must understand how collaborations form in grids and how this collaboration affects the security of grid participants. We also must understand attack-spread patterns.Gathering security information from different institutions is time consuming and prone to error.2011/4/1155Introduction and backgroundThis paper collects the necessary information ahead of time and build a collaboration network graph from the grid. Based on this collaboration network graph, this paper developed optimal response models.Several researchers recently have conducted related work in modeling and simulation attacks over the Internet.However, these studies did not investigate attack-spread patterns, and they omit the interactions among compromised hosts.This papers model takes the collaboration network graph as input and uses optimization techniques to calculate the threat level for each grid participant.2011/4/1166Introduction and backgroundThis paper considers how to optimally respond to attacks in open grid environments.This papers goal is to minimize the threat levels for all participants while maximizing the grid productivity.

2011/4/1177AgendaIntroduction and backgroundCollaborations in open grids and collaboration network graph modelEstimating the threat levelsModeling optimal response to network attacksResponding by closing sitesResponding by closing and monitoring linksNumerical experienceExtensions and conclusions

2011/4/1188Collaborations in open grids2011/4/119A grid resource is a computing element or a storage element.A grid site is defined as a collection of grid resources under a single administrative domain.In grid computing, a science experiment is modeled as a Virtual Organization (VO).The VO Management Service (VOMS) and the Community Authorization Service (CAS) are two tools developed to capture authorization-related collaboration rules for VOs.Sites that wish to contribute to a VO contacts a VOMS or CAS server.9Collaborations in open grids2011/4/1110A VO can access various resources, some of which are owned by the VO and dedicated to VO usage, some are owned by other parties, such as a grid site, but dedicated to the VO usage, some are owned by grid sites and shared across multiple VOs.A realistic model should include both resources and scientists, and should indicate how they are interconnected. The goal of this papers model is to demonstrate how an attack can spread across scientists and resources due to this interconnectedness.

10Collaborations in open grids2011/4/1111

11Collaborations in open grids2011/4/1112four types of linkage between resources and humans:(1) two resources are linked because the same user can access to both resources.

12Collaborations in open grids2011/4/1113four types of linkage between resources and humans:(2) two users are linked because they use the same resource.

13Collaborations in open grids2011/4/1114four types of linkage between resources and humans:(3) two users are linked because they belong to the same VO.

14Collaborations in open grids2011/4/1115four types of linkage between resources and humans:(4) two resources are linked because they contribute to the same VO but there is no common user between them.

15Collaboration network graph model2011/4/1116Based on these 4 linkage types, this paper develops a collaboration network graph model.This papers model in its initial phase considers only the linkage type 1, resources with common users.The collaborations in grid is modeled as an undirected graph by , where is the set of edges {i, j} for i, j S, and S represents the set of grid resources or grid site.

Site iSite jAn edge {i, j} exists if and only if there existsat least one common user between sites i and j.16Collaboration network graph model2011/4/1117Existing grid models so far focus on so-called observable interactions.The collaboration network graph model is that it captures non-obvious linkages between resources and scientists based on security assessment of observable interactions.Based on this model, we can understand how a security threat can spread across the grid and how we can contain it most optimally.17Collaboration network graph model2011/4/1118DataThis paper implemented the collaboration network graph model based on the data which received from the Open Science Grid.The OSG has 150 registered grid resources, approximately 8000 users with 46 registered VOs.For resources r1, r2 R(R is the set of grid resources), we consider r1 linked to r2 if r1 and r2 are both used by some user u U, where U is the set of scientists in OSG.18Collaboration network graph model2011/4/1119

Site19AgendaIntroduction and backgroundCollaborations in open grids and collaboration network graph modelEstimating the threat levelsModeling optimal response to network attacksResponding by closing sitesResponding by closing and monitoring linksNumerical experienceExtensions and conclusions

2011/4/112020Estimating the threat levels2011/4/1121Notation

Estimating the threat levels2011/4/1122Notation

Estimating the threat levels2011/4/1123Notation

Estimating the threat levels2011/4/1124The threat level clearly depends on the collaboration network graph and the open grids, and we assume that sites where an attack has been detected have threat levels equal to one.We let S be the set of all sites, and we assume that we are given a partition of S into compromised sites, Sc , and uncompromised sites, Su, and be the set of edges.The weight of an edge {i, j} can be defined as the number of common users between site i and j.

24Estimating the threat levels2011/4/1125This paper assumes that the threat ti to site i from a connected site j, is proportional to the product of the threat level and load of site j.Hence, the threat level at site i can now be obtained by solving the following system:

25Estimating the threat levels2011/4/1126This paper gives a sufficient condition that ensures that the threat levels (ti) are between zero and one.

26AgendaIntroduction and backgroundCollaborations in open grids and collaboration network graph modelEstimating the threat levelsModeling optimal response to network attacksResponding by closing sitesResponding by closing and monitoring linksNumerical experienceExtensions and conclusions

2011/4/112727Modeling optimal response to network attacks2011/4/1128Local security contacts can respond to an attack by shutting down or monitoring parts of a network.This response has two competing goals: 1. Reduce the threat to uncompromised sites as much as possible.2. Minimize the impact of the response on the remaining grid or maximizing the utility of the grid.

28Modeling optimal response to network attacks2011/4/1129Responding by closing sitesThis paper models the closure of a site (all edges associated with it are closed) with a binary decision variable:

And define the utility of the network as the total number of users (might not be unique users) that can continue to use the network:

29Modeling optimal response to network attacks2011/4/1130Responding by closing sitesThis paper assumes that closing a site stops the spread of an attack from that site.

only the threat level for those open sites is interesting to us, we can modify Eq. (4.2) as

Hence, the threat level for any closed sites is set explicitly to 0.

30Responding by closing sitesTo avoid the solution of a multiobjective integer optimization problem, this paper adds a constraint on the maximum allowable threat level, tj