infso-ri-508833 enabling grids for e-science egee security status – biomed meeting – valencia,...

INFSO-RI-508833

Enabling Grids for E-sciencE

www.eu-egee.org

EGEE Security Status – Biomed meeting – Valencia, January 27th, 2006

EGEE Security status

Remi Mollon, Christophe Blanchet

Bioinformatics Centre of Lyon – PBIL

Institute of Biology and Chemistry of Proteins

IBCP – CNRS UMR 5086

Lyon – Gerland, France

R Mollon, C Blanchet - EGEE Security Status – Biomed – Valencia, January 27th, 2006 2


INFSO-RI-508833

Outlines

• Bioinformatic requirements

• EGEE Security Overview

• Data Encryption Systems– JRA3 prototype on gLite

– IBCP prototype on LCG-2

– …

• Benchmarks

• Data security status

• Next meetings



INFSO-RI-508833

Bioinformatic requirements

• Certificate management [DONE]– For all entities (like users, services, Web portals, ...)

– Renew and revoke mechanisms

• Fine grain access to data [IN PROGRESS]– Access Control Lists (ACL) support

– The owner can do modifications

• Data encryption [IN PROGRESS]– Long-term storage of encrypted data

– Transparent (unencrypted) access for authorized users

• Data anonymization [STOPPED]– Medical data (analyses, diagnoses, pictures, ...)

– Legislation problems in FranceAccording to Biomed requirement database, and Ake Edlund, JRA3 manager



INFSO-RI-508833

EGEE Security Overview (1)

• Main high-level security functionalities :– Single Sign On (SSO) [DONE]

A unique authentication to access to the entire grid

– Data confidentiality and integrity (commercial context, patient's data, ...) [IN PROGRESS]

– Fine resource access control [IN PROGRESS] Deny or grant access to a resource for a user, a group of users, a

VO, a role, ...

– Pseudonymity [NOT STARTED] Accessing the grid with a pseudonym instead of user real identity

According to Ake Edlund, JRA3 manager



INFSO-RI-508833


• Low-level security functionalities :– Monitoring & Logging [DONE]

Analysis : pre-event and post-event Prevention : scan, attack and intrusion detection Identification : responsibilization and non-repudiation

– Authentication [DONE] Trusted Third Party (TTP) X.509 certificates with a Public Key Infrastructure (PKI)

– Authorization [IN PROGRESS] Virtual Organization (VO) – the Biomed VO for example

• user group with a common goal who want to share their resources Delegation with proxy certificates : act on the behalf of someone else VO Membership Service (VOMS)

• Management of VOs, roles, permissions, ...




INFSO-RI-508833


– Isolation At local system level : [IN PROGRESS]

• Minimize user application consequences

• Local Credential MAPping Service (LCMAPS) At network level : [FROZEN]

• Avoid virus/worm propagation, DDoS attacks, ...

• Dynamic Connectivity Service

– Encryption key management User keys (tied to X.509 certificates) [DONE]

• manage by users themselves, or by dedicated service (MyProxy) Data keys : long-term encrypted data storage

• Single key store [DONE]

• Techniques “M-of-N” [NONE]




INFSO-RI-508833

Data encryption systemsJRA3 MDM IBCP EncFile

Avalaibility gLite 1.5 on PPS LCG2 on production, not depend of a platform

Cipher AES, 256bits keys AES, 256bits keys

Decryption Explicit Implicit

Encryption Explicit Explicit

Enc/decrypt location RAM RAM, on-the-fly

Key Store Hydra AMGA PostgreSQL

M-of-N technique None Shamir share algorithm

Integration C++ API Transparent to users, catch I/O calls

Deployement MDM experience GPS@ Web portal and all its programs

Link key to data LFN+Metadata LFN

Authorization gLite LCG2



INFSO-RI-508833

Data encryption systems

• And other ones…– Third development from UPV

Some details from Ignacio …



INFSO-RI-508833

EncFile Benchmarks

Time to download a 205-MB gridified file

0 10 20 30 40 50 60 70 80 90

Plain LFN + Perroquet (without cache)

Plain LFN + Perroquet (with cache)

Plain LFN + lcg-cp

Encrypted LFN + Perroquet (without cache)

Encrypted LFN + Perroquet (with cache)

Encrypted LFN + lcg-cp (+ decryption)

Time (seconds)



INFSO-RI-508833

Status of data security

• Anybody can get the list of all files (all VOs) on a SE– Just need to know the LRC_ENDPOINT

• « lcg-infosites --vo biomed lrc »,• from GOOGLE, keywords « LRC egee biomed »• http://rm-biomed.in2p3.fr:8080/biomed/edg-local-replica-catalog/services/edg-

local-replica-catalog

• Anybody can get the list of LFNs of a VO– Just need to know the RMC_ENDPOINT

• change “edg-local-replica-catalog” by “edg-replica-metadata-catalog”• From GOOGLE, keywords: « RMC egee biomed »• http://rm-biomed.in2p3.fr:8080/biomed/ edg-replica-metadata-catalog

/services/edg-local-replica-catalog

• Some lcg-xx commands do not require nor proxy nor valid certificate.– Anybody can list/change/remove any LFN/alias

« How anybody can do what he wants with all files stored on the EGEE grid: reality of data security on the EGEE grid »



INFSO-RI-508833

Status of data security (2)

• Some LCG commands don't require a valid proxy certificate– All commands that manage aliases: anybody can modify any file aliases

– All commands that list elements (replica, GUID): anybody can list file entities

– Even some core commands managing files !

– Sometimes the '--vo' parameter is taken as truth without any further checks

Command Proxy certificate needed ?lcg-cr Yes, good VO membership required

lcg-cp Yes, if the SE must accept the true user VO, generally good '--vo' parameter is sufficient (it depends unix directory rights on SE)

lcg-la, -lg, -lr, -aa, -ra

No ! Only the '--vo' is take into account



INFSO-RI-508833

Status of data security (3)

• Tests between 2 Vos: biomed and dteam– One file gridified with dteam VO– Then manipulated with biomed VO– Alias was deleted, and a new one was added with biomed VO (!!)

– Odd listing command behaviour lcg-la, lcg-lg, lcg-lr

– 2 independent catalogs LRC = {(GUID, SFN)} RMC = {(GUID, LFN)} a GUID can be associated

with a VO in the LRC and another in the RMC

DTEAM BIOMED

LFN -> LFNs OK ERROR

LFN -> GUID OK ERROR

LFN -> SFNs EMPTY ERROR

GUID -> LFNs OK ERROR

GUID -> SFNs EMPTY OK

SFN -> LFNs ERROR ERROR

SFN -> GUID ERROR OK

SFN -> SFNs ERROR OK



INFSO-RI-508833

Next meetings

• Next MWSG : March 7-8 at Cern– Biomed attendees: R. Mollon, C. Blanchet

• “Authorization” session at next GGF16 in Athens (February 13-17)– Biomed attendees: R. Mollon, C. Blanchet (co-organizer)

– Agenda: http://www.ggf.org/gf/event_schedule/index.php?id=157

– Abstract: “This workshop will consider short-term (now and next two years)

Grid Authorization and Policy implementations, requirements and issues. It will investigate what improvements can be made to encourage and facilitate interoperability between Grid operational infrastructures. It will also consider lessons learned from today's implementations for the Grid security standards activities in GGF for the longer-term future. The workshop will highlight the Life Science perspective with requirements from the biomed VO in EGEE and in the overall biomedical community. »

infso-ri-508833 enabling grids for e-science egee security status – biomed meeting – valencia,...

Documents