providing security to the desktop data grid forth ics (greece)
DESCRIPTION
CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies. Providing security to the Desktop Data Grid FORTH ICS (Greece) Jesus Luna , Michail Flouris, Manolis Marazakis and Angelos Bilas - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/1.jpg)
Managed by
CoreGRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID
and Peer-to-Peer Technologies
Providing security to the Desktop Data Grid
FORTH ICS (Greece)
Jesus Luna, Michail Flouris, Manolis Marazakis and Angelos Bilas
April-2008
![Page 2: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/2.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 2
Outline
• Introduction• Desktop Data Grids• Methodology:
– Security Analysis– Data Security Protocol– Analytical Results
• Conclusions• Future Work
![Page 3: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/3.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 3
Introduction
• Desktop Grids, and in particular Volunteer Computing, are well-known for their computational power:– BOINC has approximately 316,000 volunteers,
558,000 nodes and 1,024 TeraFLOPS (24-hr average). (March-08)
![Page 4: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/4.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 4
Desktop Data Grids
• Nowadays the storage potential of Desktop Grids is also being considered: 7.74 PetaBytes @ 5.27 TeraBytes/sec.
• Interesting initiatives are appearing, i.e. Storage@Home [IPDPS07] and RevStor.
• However, from a data-centric point of view which are the security requirements of these novel Desktop Data Grids (DDG)?
![Page 5: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/5.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 5
Methodology
• Extrapolating our current security research (Data Grids) to the DDG:1. Applied a data-centric security analysis
framework.2. Adapted the contributed data security
protocol.3. Obtained some analytical results about
the stored data’s assurance.
![Page 6: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/6.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 6
Data Security Analysis
• Desktop Data Grid’s architecture:
Submits a Job
Data I/O
AuthN/A
uthZ
Data Staged for VSC
Requests Data
All Data I/O is initiated by the VSC
![Page 7: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/7.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 7
Data Security Analysis
• Security issues found with the analysis:Trusted Services
Secure Channels
HighVolatility
Stored Data may beLeaked, Changed or
Destroyed
HeterogeneousSW, HW, Admin
Static propagation of Revocation
Data
![Page 8: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/8.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 8
Data Security Protocol
• Based on three mechanisms to protect data stored at VSCs:
1. Symmetric cryptosystem: Provides confidentiality and integrity (hash and nonce) to the data at-rest.
2. Data fragmentation: Contrary to replication, provides data availability and confidentiality using a “m out-of n” IDA.
3. Quality of Security: Improves the IDA by distributing fragments to “secure” VSCs.
![Page 9: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/9.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 9
Quality of Security (QoSec)
• VSCs are heterogeneous in every way: may join or leave anytime, may be compromised, etc. Therefore they provide different levels of assurance to stored fragments.
• If this “QoSec” can be quantified to characterize each VSC, then a Client may request a minimum value to be fulfilled for storing his data.
• Analogous to QoS (communication) and LoA (Grid AuthN).
• Requirements:
– A “security policy” with provisions relevant to data assurance (i.e. availability).
– An evaluation methodology.
![Page 10: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/10.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 10
Evaluation Methodology: REM in-a-box
• Step 0 – Policy Definition: Set of rules modeling the VSC’s behavior.• Step 1- Policy Formalization
Px=“RAID Level”Px={No RAID, RAID-0, RAID-1, RAID-5}
Card(Px)=4• Step 2a – Security Matrix per-VSC
P(vsc)=“PC with RAID-1”P(vsc)=(1,1,1,0) - vector per-provision
P(RAID-0) < P(RAID-1) < P(RAID-5) - Ordered relationshipM(vsc) is a matrix built from a set of P(vsc) - Security Policy
• Step 2b - Evaluation technique: uses a metric criteria (i.e. Euclidean Distance) to compute a numeric QoSec relative to a reference Matrix (i.e. a Zero-matrix)
![Page 11: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/11.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 11
QoSec: Analytical Results
• As a proof of concept, we analyzed the relationship among QoSec and Data Assurance:– A first approach for the VSC’s security policy
considered a subset of rules from a Certificate Policy (CP).
– CPs from HellasGrid, CERN and IRISGrid were evaluated with REM.
– Analyzed the distribution assurance for a dispersal algorithm μ [Mei03], but considering the introduced QoSec:
![Page 12: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/12.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 12
QoSec: Analytical Results
• QoSec(HellasGrid) = 4.47
• QoSec(CERN) = 6.00
• QoSec(IRISGrid) = 5.48
• QoSec(EUGridPMA) = 4.24
N=100n=15
High QoSec= Better Data Assurance with smaller number of fragments
Low QoSec= requires more fragments to achieve higher Data Assurance
![Page 13: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/13.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 13
Conclusions
• Desktop Grids offer an interesting option for storing data, however security implications of using untrusted clients need to be studied (among other factors!).
• Based on our current work for the Data Grid, we analyzed the security of DDGs and proposed a protocol that if implemented at the Project Server, then may minimize key compromise while avoiding extra processing at the VSCs.
• An analytical model has shown the relationship QoSec -> data assurance.
![Page 14: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/14.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 14
Future work
• Definition of a comprehensive Security Policy, mostly focused on the VSC’s availability.
• Client executing code directly on the data stored at the VSC.
• Begin contact with EDGeS (Enabling Desktop Grids for eScience) http://www.edges-grid.eu/
![Page 15: Providing security to the Desktop Data Grid FORTH ICS (Greece)](https://reader033.vdocument.in/reader033/viewer/2022051117/568159e8550346895dc732d0/html5/thumbnails/15.jpg)
European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 15
Thank you for your attention!
Questions?
Jesus Luna
[email protected]@cs.ucy.ac.cy