infso-ri-508833 enabling grids for e-science egee security status – biomed meeting – valencia,...
Post on 19-Dec-2015
223 views
TRANSCRIPT
INFSO-RI-508833
Enabling Grids for E-sciencE
www.eu-egee.org
EGEE Security Status – Biomed meeting – Valencia, January 27th, 2006
EGEE Security status
Remi Mollon, Christophe Blanchet
Bioinformatics Centre of Lyon – PBIL
Institute of Biology and Chemistry of Proteins
IBCP – CNRS UMR 5086
Lyon – Gerland, France
R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 2
Enabling Grids for E-sciencE
INFSO-RI-508833
Outlines
• Bioinformatic requirements
• EGEE Security Overview
• Data Encryption Systems– JRA3 prototype on gLite
– IBCP prototype on LCG-2
– …
• Benchmarks
• Data security status
• Next meetings
R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 3
Enabling Grids for E-sciencE
INFSO-RI-508833
Bioinformatic requirements
• Certificate management [DONE]– For all entities (like users, services, Web portals, ...)
– Renew and revoke mechanisms
• Fine grain access to data [IN PROGRESS]– Access Control Lists (ACL) support
– The owner can do modifications
• Data encryption [IN PROGRESS]– Long-term storage of encrypted data
– Transparent (unencrypted) access for authorized users
• Data anonymization [STOPPED]– Medical data (analyses, diagnoses, pictures, ...)
– Legislation problems in FranceAccording to Biomed requirement database, and Ake Edlund, JRA3 manager
R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 4
Enabling Grids for E-sciencE
INFSO-RI-508833
EGEE Security Overview (1)
• Main high-level security functionalities :– Single Sign On (SSO) [DONE]
A unique authentication to access to the entire grid
– Data confidentiality and integrity (commercial context, patient's data, ...) [IN PROGRESS]
– Fine resource access control [IN PROGRESS] Deny or grant access to a resource for a user, a group of users, a
VO, a role, ...
– Pseudonymity [NOT STARTED] Accessing the grid with a pseudonym instead of user real identity
According to Ake Edlund, JRA3 manager
R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 5
Enabling Grids for E-sciencE
INFSO-RI-508833
EGEE Security Overview (2)
• Low-level security functionalities :– Monitoring & Logging [DONE]
Analysis : pre-event and post-event Prevention : scan, attack and intrusion detection Identification : responsibilization and non-repudiation
– Authentication [DONE] Trusted Third Party (TTP) X.509 certificates with a Public Key Infrastructure (PKI)
– Authorization [IN PROGRESS] Virtual Organization (VO) – the Biomed VO for example
• user group with a common goal who want to share their resources Delegation with proxy certificates : act on the behalf of someone else VO Membership Service (VOMS)
• Management of VOs, roles, permissions, ...
According to Ake Edlund, JRA3 manager
R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 6
Enabling Grids for E-sciencE
INFSO-RI-508833
EGEE Security Overview (3)
– Isolation At local system level : [IN PROGRESS]
• Minimize user application consequences
• Local Credential MAPping Service (LCMAPS) At network level : [FROZEN]
• Avoid virus/worm propagation, DDoS attacks, ...
• Dynamic Connectivity Service
– Encryption key management User keys (tied to X.509 certificates) [DONE]
• manage by users themselves, or by dedicated service (MyProxy) Data keys : long-term encrypted data storage
• Single key store [DONE]
• Techniques “M-of-N” [NONE]
According to Ake Edlund, JRA3 manager
R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 7
Enabling Grids for E-sciencE
INFSO-RI-508833
Data encryption systemsJRA3 MDM IBCP EncFile
Avalaibility gLite 1.5 on PPS LCG2 on production, not depend of a platform
Cipher AES, 256bits keys AES, 256bits keys
Decryption Explicit Implicit
Encryption Explicit Explicit
Enc/decrypt location RAM RAM, on-the-fly
Key Store Hydra AMGA PostgreSQL
M-of-N technique None Shamir share algorithm
Integration C++ API Transparent to users, catch I/O calls
Deployement MDM experience GPS@ Web portal and all its programs
Link key to data LFN+Metadata LFN
Authorization gLite LCG2
R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 8
Enabling Grids for E-sciencE
INFSO-RI-508833
Data encryption systems
• And other ones…– Third development from UPV
Some details from Ignacio …
R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 9
Enabling Grids for E-sciencE
INFSO-RI-508833
EncFile Benchmarks
Time to download a 205-MB gridified file
0 10 20 30 40 50 60 70 80 90
Plain LFN + Perroquet (without cache)
Plain LFN + Perroquet (with cache)
Plain LFN + lcg-cp
Encrypted LFN + Perroquet (without cache)
Encrypted LFN + Perroquet (with cache)
Encrypted LFN + lcg-cp (+ decryption)
Time (seconds)
R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 10
Enabling Grids for E-sciencE
INFSO-RI-508833
Status of data security
• Anybody can get the list of all files (all VOs) on a SE– Just need to know the LRC_ENDPOINT
• « lcg-infosites --vo biomed lrc »,• from GOOGLE, keywords « LRC egee biomed »• http://rm-biomed.in2p3.fr:8080/biomed/edg-local-replica-catalog/services/edg-
local-replica-catalog
• Anybody can get the list of LFNs of a VO– Just need to know the RMC_ENDPOINT
• change “edg-local-replica-catalog” by “edg-replica-metadata-catalog”• From GOOGLE, keywords: « RMC egee biomed »• http://rm-biomed.in2p3.fr:8080/biomed/ edg-replica-metadata-catalog
/services/edg-local-replica-catalog
• Some lcg-xx commands do not require nor proxy nor valid certificate.– Anybody can list/change/remove any LFN/alias
« How anybody can do what he wants with all files stored on the EGEE grid: reality of data security on the EGEE grid »
R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 11
Enabling Grids for E-sciencE
INFSO-RI-508833
Status of data security (2)
• Some LCG commands don't require a valid proxy certificate– All commands that manage aliases: anybody can modify any file aliases
– All commands that list elements (replica, GUID): anybody can list file entities
– Even some core commands managing files !
– Sometimes the '--vo' parameter is taken as truth without any further checks
Command Proxy certificate needed ?lcg-cr Yes, good VO membership required
lcg-cp Yes, if the SE must accept the true user VO, generally good '--vo' parameter is sufficient (it depends unix directory rights on SE)
lcg-la, -lg, -lr, -aa, -ra
No ! Only the '--vo' is take into account
R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 12
Enabling Grids for E-sciencE
INFSO-RI-508833
Status of data security (3)
• Tests between 2 Vos: biomed and dteam– One file gridified with dteam VO– Then manipulated with biomed VO– Alias was deleted, and a new one was added with biomed VO (!!)
– Odd listing command behaviour lcg-la, lcg-lg, lcg-lr
– 2 independent catalogs LRC = {(GUID, SFN)} RMC = {(GUID, LFN)} a GUID can be associated
with a VO in the LRC and another in the RMC
DTEAM BIOMED
LFN -> LFNs OK ERROR
LFN -> GUID OK ERROR
LFN -> SFNs EMPTY ERROR
GUID -> LFNs OK ERROR
GUID -> SFNs EMPTY OK
SFN -> LFNs ERROR ERROR
SFN -> GUID ERROR OK
SFN -> SFNs ERROR OK
R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 13
Enabling Grids for E-sciencE
INFSO-RI-508833
Next meetings
• Next MWSG : March 7-8 at Cern– Biomed attendees: R. Mollon, C. Blanchet
• “Authorization” session at next GGF16 in Athens (February 13-17)– Biomed attendees: R. Mollon, C. Blanchet (co-organizer)
– Agenda: http://www.ggf.org/gf/event_schedule/index.php?id=157
– Abstract: “This workshop will consider short-term (now and next two years)
Grid Authorization and Policy implementations, requirements and issues. It will investigate what improvements can be made to encourage and facilitate interoperability between Grid operational infrastructures. It will also consider lessons learned from today's implementations for the Grid security standards activities in GGF for the longer-term future. The workshop will highlight the Life Science perspective with requirements from the biomed VO in EGEE and in the overall biomedical community. »