Open Science Grid Security Activities

Mine Altunay, FNALOSG Security Officer

For the OSG Security Team:Doug Olson, Deputy Security Officer, LBNL,Jim Basney NCSA, Ron Cudzewicz FNAL,

Grid Deployment BoardJuly 9, 2008

OSG Security: Organization and Interfaces

207/09/2008 Altunay, OSG Security, GDB July, 2008

OSG Security Team

Middleware

Security Group

Joint Security Policy Group

IntlGrid Trust Federatio

n

Partner Grids

Incident Response

Basney EUGridPMAOlson TAGPMA

M. Altunay Wartel (EGEE-OSCT), Marsteller (TG), NDGF, …

J.Basney

Altunay co-chair with Witzig

OSG VO and Site Security Contacts

Altunay: VDT Security Officer

WLCG

Dave KelseyWLCG Security Coordinator

Altunay & Witzig

VDT Security & OSG

Operations & OSG Core

Assets

Interfaces between OSG and WLCG

• Some questions: Only through JSPG and MWSG ??? Should there be a separate direct arrow

between OSG Security and WLCG What about VDT Security Officer

Another direct arrow from VDT to WLCG?

• Any additions to the previous picture, any mistakes?

307/09/2008 Altunay, OSG Security, GDB July, 2008

Interfaces between OSG and JSPG

• New JSPG Mandate JSPG reports to WLCG

Dave Kelsey -- also WLCG Security Coordinator

No WLCG Security Officer

OSG only gives feedback for the policies – no mandatory inclusion of JSPG policies

OSG ED is part of WLCG MB and relays OSG concerns at MB

407/09/2008 Altunay, OSG Security, GDB July, 2008

Recent WLCG Security Challenge

• USCMS received pretty poor scores OSG is actively working on it Held a meeting on 6/27 with USCMS

Discovered policy problems Unawareness of WLCG incident response procedure Policy enactment issues: lack of CMS security contacts

at FNAL

• Going back to tie between OSG and WLCG Should OSG Security be involved with next

challenges? Are we missing a link here?

507/09/2008 Altunay, OSG Security, GDB July, 2008

A Recent Incident at Atlas

• We had a security incident at AGLT2 (Atlas)• Have not completed the post-mortem and no

operational disruption• Take-home messages: What we learned

Good test for Atlas security officers: John Hover USAtlas Security Officer Atlas Security Officer: Alessandro de Salvo (OSG did not

have his contact before)

• Very important for VOs to identify Security Officers.

We worked with CMS (Marie-Christine Sawley) Other VOs ?

607/09/2008 Altunay, OSG Security, GDB July, 2008

VO Policies & Security Duties

• Urged and educated VOs for their security policies and work at OSG Users meeting

• A VO must have Security Officers: intl and local levels Operations and Management contacts

local contacts (in USA) are registered with OSG

A clear user registration workflow – presented a sample policy template to OSG VOs

A clear AUP – presented a template to OSG VOs 5 VOs are preparing their policies: CMS, USAtlas, Edu, OSG VO,

Engage More VOs to come

Essential for Incident Response

707/09/2008 Altunay, OSG Security, GDB July, 2008