wlcg security teg, risks and identity management david kelsey gridpp28, manchester 18 apr 2012
Post on 23-Dec-2015
219 Views
Preview:
TRANSCRIPT
WLCG Security TEG, risks and Identity Management
David KelseyGridPP28, Manchester
18 Apr 2012
Overview
• WLCG Security TEG• EGI & GridPP Security Risk Analysis• Federated Identity Management
18 Apr 12 Security, Kelsey 2
WLCG Security TEG• https://twiki.cern.ch/twiki/bin/view/LCG/WLCGSecurityTEG
– Chaired by Romain Wartel and Steffen Schreiner• ~20 active members
– Security people, Sites and Experiments– More on mail list, but still not enough Site input
• List of sub-tasks– Risk Assessment (Romain)– AAI on worker nodes (Steffen)– AAI on storage systems (Maarten Litmaath)– Usability versus security (Von Welch)– Federated Identity (Dave K)
18 Apr 12 Security, Kelsey 3
WLCG Security Risks
• Risk Management– key aspect of security
• Identify assets to be protected• Evaluate different threats• Prioritise and focus efforts• An ongoing process
– Needs regular review
18 Apr 12 Security, Kelsey 4
Security incident & auditing
• Must understand what happened– To prevent it happening again– To contain its impact– But keep services running
• Traceability is essential for this– To protect against misused credentials– And keep services running
• Response commensurate with problem
18 Apr 12 Security, Kelsey 5
Assets – to be protected
18 Apr 12 Security, Kelsey 6
Security threats
18 Apr 12 Security, Kelsey 7
Risk evaluation
18 Apr 12 Security, Kelsey 8
Risks (1)
18 Apr 12 Security, Kelsey 9
Risks (2)
18 Apr 12 Security, Kelsey 10
Mitigation• e.g. Misused identities• Compromised identities once detected
must be blocked and access to resources blocked too– Time is of the essence– A central blocking service is essential– Too many distributed services to rely on
local blocking
18 Apr 12 Security, Kelsey 11
Security on WNs• 3 parts
– Security of the pilot job– Security of the user jobs– Traceability & accountability
• 5 requirements– Reduce pilot job credential to minimum– Protect the pilot job– Mutually isolate user jobs– Provide minimal credential for user job– Prove a job’s authenticity and log it before execution
18 Apr 12 Security, Kelsey 12
Pilots - protecion & isolation
• Different options– Virtualisation– ID switching (gLExec, sudo)– SELinux– More? (Linux Containers?)
• Only serious option – in short term– ID switching with gLExec– 4 LHC expts (getting) ready for this
18 Apr 12 Security, Kelsey 13
Beyond short term - WNs
• Can we develop a more secure proxy/delegation system– Current proxies are too powerful
• No restrictions– (Often) too long-lived– Not secure – proxy can be exposed– Transfer of user proxy with pilot job
does not tie user to the job18 Apr 12 Security, Kelsey 14
Security: Storage & data access
• Data protection issues– Do all types of data need same security?– Confidentiality – data one VO not readable by another VO
• But data transferred over insecure channels
• Access traceability (security and performance) • Information leakage (e.g. filenames)• Accidental commands• Malicious attacks
– For insiders reduce privs– Require 2 users for bulk delete?
18 Apr 12 Security, Kelsey 15
Usability vs Security• Usability – key factor for security• Identified a number of issues
– And recommendations• Issues for Users
– Credential management– Proxy storage on complex systems– Lack of web authentication– Lack of internationlisation
18 Apr 12 Security, Kelsey 16
Usability – admins/ops• Managing revocation• Expired hosts and service certs• Managing authorisation policies• Client AuthZ of services• Inconsistent user banning• Mixing AuthN and AuthZ e.g. proxy• Lack of debugging and forensics• Inconsistent proxy implementations• X.509 validation overhead
18 Apr 12 Security, Kelsey 17
Usability – short termSome recommendations• Hide X.509 from end users
– Easier enrolment via Federated IdM– Use of short-lived credentials
• Tools for multiple credentials• Tools for service credentials• Improve revocation• Standards for logging• Usability evaluation
18 Apr 12 Security, Kelsey 18
Sec TEG Future work
• Security model for WNs• More on security for storage• Usability evaluation• Identity Management (see later)
18 Apr 12 Security, Kelsey 19
EGI & GridPP risk analysis• EGI security assessment being
completed now (EGI D4.4 refers) – more detailed than WLCG analysis
• https://documents.egi.eu/public/ShowDocument?docid=863
• GridPP security milestone– C3.11 Review GridPP Security Risk
Assessment (related to EGI D4.4)– August 2012– Involve whole GridPP security team here!
18 Apr 12 Security, Kelsey 20
Federated Identity Management
• Use of a digital identity credential issued by one body (typically home institute) for access to other services
• Federations – common trust and policy framework– E.g. the UK Access Management Federation
• For WLCG/GridPP/EGI we already use federated identities in form of X.509 PKI (IGTF)
• TERENA Cert Service connects national identity federation to a CA for personal certs
18 Apr 12 Security, Kelsey 21
Federated IdM in HEP• But many other services (not just Grid)
– E.g. Collaboration tools – Wikis, mail lists, webs, agenda pages, etc.
• Today CERN has to manage 10s of thousands of users
• eduroam is one solution (for wireless)• What about other services/federations?
– Using Shibboleth, OpenID, etc
18 Apr 12 Security, Kelsey 22
Federated IdM in Research• A collaborative effort started in 2011• Involves photon/neutron facilities, social science &
humanities, high energy physics, atmospheric science, bioinformatics and fusion energy
• 3 workshops to date (next one in June 2012)• https://indico.cern.ch/conferenceDisplay.py?confId=177418
• Documenting common requirements, a common vision and recommendations– To research communities, identity federations, funding
bodies
• An important use case for inter-federation
18 Apr 12 Security, Kelsey 23
WLCG Federated Identity• Security TEG just started on this
– Very much linked to IdM for Research work• Trust is essential
– not just technology• How to involve IGTF?• We need to agree a good HEP pilot
project to get some experience
18 Apr 12 Security, Kelsey 24
More GridPP involvement in the WLCG Security TEG is welcome
Questions?Discussion?
18 Apr 12 Security, Kelsey 25
top related