Trust and Security for Next Generation Grids, Tutorial Usage Control for Next Generation Grids...
-
Upload
damian-berry -
Category
Documents
-
view
212 -
download
0
Transcript of Trust and Security for Next Generation Grids, Tutorial Usage Control for Next Generation Grids...
Trust and Security for Next Generation Grids, www.gridtrust.eu
TutorialTutorialUsage Control for Next Generation GridsUsage Control for Next Generation Grids
IntroductionIntroduction
Philippe Massonet et al
CETIC
OGF-25-Tutorial
Catania, 02-06/02/2009
Trust and Security for Next Generation Grids, www.gridtrust.eu
Tutorial AgendaTutorial Agenda
1.1. Usage Control for Grids (25 minutes)Usage Control for Grids (25 minutes)
2.2. An Architecture for Usage Control in Grids (20 An Architecture for Usage Control in Grids (20 minutes)minutes)
3.3. Usage Control Policies in XACML (45 minutes)Usage Control Policies in XACML (45 minutes)
4.4. Usage Control in Action: Controlling Service Usage in Usage Control in Action: Controlling Service Usage in a Grid-Based Content Management System (20 a Grid-Based Content Management System (20 minutes)minutes)
5.5. PolPA: A Usage Control Policy Language for Grids PolPA: A Usage Control Policy Language for Grids (45 minutes)(45 minutes)
6.6. Usage Control in Action: Controlling Resource Usage Usage Control in Action: Controlling Resource Usage in a Grid-Based Supply Chain (25 minutes)in a Grid-Based Supply Chain (25 minutes)
Trust and Security for Next Generation Grids, www.gridtrust.eu
Security Virtual OrganisationsSecurity Virtual Organisations
Trust and Security for Next Generation Grids, www.gridtrust.eu
Security throughout the VO LifecycleSecurity throughout the VO Lifecycle
Trust and Security for Next Generation Grids, www.gridtrust.eu
PlanPlan
• Introduction to virtual organisationsIntroduction to virtual organisations
• Introduction to access control and usage Introduction to access control and usage controlcontrol
• ExamplesExamples
Trust and Security for Next Generation Grids, www.gridtrust.eu
Dynamic Virtual OrganisationsDynamic Virtual Organisations
“ “ Virtual organizations: Virtual organizations: a temporary or permanent coalition of a temporary or permanent coalition of geographically dispersed individuals, groups, organisational geographically dispersed individuals, groups, organisational units or entire organisations that pool resources, capabilities units or entire organisations that pool resources, capabilities and information in order to achieve common goalsand information in order to achieve common goals””
1 54
3
2
Services
3’
Dynamic
Dynamic
6
Trust and Security for Next Generation Grids, www.gridtrust.eu
Trust in Virtual OrganisationsTrust in Virtual Organisations
““Since VOs are based on sharing information and knowledge, Since VOs are based on sharing information and knowledge, there must be a high amount of trust among the partners. there must be a high amount of trust among the partners. Especially since each partner contribute with Especially since each partner contribute with their core their core competenciescompetencies””
1 54
3
2
Collaboration
Threats:• Bad service (contract not respected)• Attacks – loss of information• Attacks – disruption of service• Vulnerability to attacks (low level of security at one of the partners)• …
How do you maintain Trust and Security properties in dynamic VO?Need for Trust and security mechanisms
Trust and Security for Next Generation Grids, www.gridtrust.eu
Desired Self-Organization/Self-Desired Self-Organization/Self-Protection BehaviorProtection Behavior
1 54
3
2User Trust requirement: always all nodes sufficiently trusted
Dynamic Business Processes -> Self-organization <-> Self-protection
Avoid/Minimize intervention of human operators
3’•If trust of node x < Min trust threshold Then replace node x
VO policy rules:3 •If trust of node x < Min trust threshold
Then tighten security for node x
Trust and Security for Next Generation Grids, www.gridtrust.eu
Issues: Policy Based Trust and Issues: Policy Based Trust and Security Management in VOsSecurity Management in VOs
• VO = set of users that pool resources in order to achieve VO = set of users that pool resources in order to achieve common goals - common goals - Rules governing the sharing of the resourcesRules governing the sharing of the resources
• Trust and security policies are derived following the Trust and security policies are derived following the goals of the VO and rules for sharing resourcesgoals of the VO and rules for sharing resources Access to resources can be updated according to the behaviour of users
(reputation)
discovery of potential
trustworthy partners
Establishment of security policies, following governing
rules
MonitoringEnforcing policies
Maintenance of reputation
membership and policy adaptation
termination of trust relationshipsmaintenance of reputation
Trust and Security for Next Generation Grids, www.gridtrust.eu
Trust and Security in Grids (Outsourcing)Trust and Security in Grids (Outsourcing)
Res. Res.
Service Provider
(SP)
Service Requesto
r (SR)
VO
Service Request
Shared resource
s
Infrastructure Provider (IP)
Service Instance
Can I trust the SR and SP?
Is SP using my resources with malicious
intent?
Is the selected IP secure?
Trust and Security for Next Generation Grids, www.gridtrust.eu
Current State of the Art in Grid Current State of the Art in Grid AuthorizationAuthorization
• GridTrust focuses on authorizationGridTrust focuses on authorization
• OGSA/Globus default autorisation mechanism: GridMap is OGSA/Globus default autorisation mechanism: GridMap is coarse Grainedcoarse Grained and and staticstatic
• Extended authorization mechanismsExtended authorization mechanisms Akenti (fine grained distributed access control) PERMIS (RBAC) Shibboleth (cross-domain single sign-on and attribute-based
authorization )• Basic limitation: once you receive access to a resource, you Basic limitation: once you receive access to a resource, you
are free to use it without any controlare free to use it without any control..
• Need for Need for finer grainedfiner grained and and continuouscontinuous control control
Trust and Security for Next Generation Grids, www.gridtrust.eu
Usage ControlUsage Control Model: Beyond Ac. Model: Beyond Ac. ControlControl
Usage Control
DRM
TrustMangt.
TraditionalAccessControl
Server-sideReference Monitor
(SRM)
Client-sideReference Monitor
(CRM)
SRM & CRM
SensitiveInformationProtection
IntellectualProperty RightsProtection
PrivacyProtection
UCON [Park04]
Trust and Security for Next Generation Grids, www.gridtrust.eu
Example of UCON ModelExample of UCON Model
• PreAuthorization without update (PreA0)PreAuthorization without update (PreA0)• Temporal logic specificationTemporal logic specification
permitaccess(s, o, r) → • (tryaccess(s, o, r) (p1 ∧ ∧ ・・ ・∧ pi))
where p1, . . . , pi are predicates built from subject and/or object attributes, which are pre-authorization predicates.
• Polpa EncodingPolpa Encoding tryaccess(s, o, r).pA(s, o, r).permitaccess(s, o, r).endaccess(s, o, r)
Trust and Security for Next Generation Grids, www.gridtrust.eu
Another Example of UCON ModelAnother Example of UCON Model
• OnAuthorization with preUpdate (OnA1)OnAuthorization with preUpdate (OnA1)
• Temporal logic specificationTemporal logic specification (1) permitaccess(s, o, r) →•tryaccess(s, o, r)
•preupdate(attribute)∧ (2) ( ¬ (p1 ∧ ・・ ・∧ pi) (state(s, o, r) = ∧
accessing) → revokeaccess(s, o, r))
• Polpa EncodingPolpa Encoding tryaccess(s, o, r).update(s, o, r).permitaccess(s, o, r). (endaccess(s, o, r) or (pA(s, o, r).revokeaccess(s, o, r)))
Trust and Security for Next Generation Grids, www.gridtrust.eu
Applications of Usage ControlApplications of Usage Control
• With UCON we can express policies such as With UCON we can express policies such as Mandatory Access Control (MAC), History based access control in general, Resource usage limitation, Chinese wall (CWSP),
• With UCON integrated with RTML, credential based-trust With UCON integrated with RTML, credential based-trust management, we can also enforcemanagement, we can also enforce Role Based Access Control, Attribute Based Access Control policies, or Other credential-based policies
• Other …Other …
Trust and Security for Next Generation Grids, www.gridtrust.eu
From Access Control to Usage From Access Control to Usage ControlControl
Before usageBefore usage
Pre decisionPre decision
Pre updatePre update
OngoingOngoing usageusage After usageAfter usage
Ongoing updateOngoing update Post updatePost update
Mutability of attributesMutability of attributes
Ongoing decisionOngoing decision
Continuity of decisionContinuity of decision
TimeTime
Usage Decision still valid ?Usage Decision still valid ?
Can you revoke access ?Can you revoke access ?
Trust and Security for Next Generation Grids, www.gridtrust.eu
GridTrust Objective: Bring GridTrust Objective: Bring Usage Control Usage Control
To The GridTo The Grid• Integrate usage control into Integrate usage control into
GridGrid
• Supports many existing Supports many existing access control modelsaccess control models
• New models of trust and New models of trust and securitysecurity
• Usage control model: policy Usage control model: policy languagelanguage
Rights
Authorizations
Obligations
Conditions
Subjects Objects
Attributes Attributes
Usage Decision
Trust and Security for Next Generation Grids, www.gridtrust.eu
Examples of UCON conceptsExamples of UCON concepts• Subject attributesSubject attributes
Immutable: subject.identity Mutable: subject.credit = subject.credit – resource.cost
• Object attributesObject attributes• Immutable: Object.identity• Mutable: r.availableSpace = r.availableSpace – s.assignedSpace
• Mutable attribute updateMutable attribute update Pre-update: Pre-update: s. balance = s. balance - r.costs. balance = s. balance - r.cost Ongoing-update: Ongoing-update: . balance = s. balance - r.costunit. balance = s. balance - r.costunit Post-update: Post-update: s.totalUsage = s.totalUsage + r.resourceUsages.totalUsage = s.totalUsage + r.resourceUsage
• AuthorizationAuthorization Pre-authorization: s.balance >= r.cost Ongoing-authorization: s.reputation > r.reputationMinimum Post-authorization: socket.remoteDomain Є AcceptableDomains
• ConditionsConditions Pre-conditions: 08:00 <= currentTime <= 18:00 Ongoing-conditions: 08:00 <= currentTime <= 18:00 (long duration access
can be revoked)• ObligationsObligations
Pre-obligations: accepted(s, r.licenseAgreement) Ongoing-obligations: read(s, r.publicity)
Trust and Security for Next Generation Grids, www.gridtrust.eu
How Continous Usage Control WorksHow Continous Usage Control Works
Shared resource
s
Hosting Environme
ntService Program
…
OpenFile()…
ReadFile()…
OpenFile()
…CloseFile()
…
Maps
Service Provider
(SP)
Service Instance
Monitor
Start Opened
ReadingClosed
Policy EnforcementPoint
Violation
Local Policy
Trust and Security for Next Generation Grids, www.gridtrust.eu
Example: Managing Conflicts of Example: Managing Conflicts of Interest in Interest in
Virtual OrganisationsVirtual Organisations
Conflict of Interest
Collaborates on
Collaborates onAllo
cate
d t
o
Ow
ned B
y
Trust and Security for Next Generation Grids, www.gridtrust.eu
Example: The Chinese WallExample: The Chinese Wall
• Based on the notion of conflict of interest classBased on the notion of conflict of interest class
• Need a historyNeed a history
Client 1
Resource 1Resource 2
Client 2
Resource 3Resource 4
Conflict of interest class
access
Example: Chinese Wall Security Example: Chinese Wall Security PolicyPolicy
gvar[1]:=0. gvar[2]:=0.gvar[1]:=0. gvar[2]:=0.
([eq(gvar[2],0),eq(x1,”/home/paolo/SetA/*”),eq(x2,READ)].open(x1,x2,x3).lvar[1]:= ([eq(gvar[2],0),eq(x1,”/home/paolo/SetA/*”),eq(x2,READ)].open(x1,x2,x3).lvar[1]:= x3.gvar[1]:= 1.x3.gvar[1]:= 1.
i([eq(x1,lvar[1])].i([eq(x1,lvar[1])].readread(x1,x2,x3)).(x1,x2,x3)).[eq(x1,lvar[1])].close(x1,x2)[eq(x1,lvar[1])].close(x1,x2)))
ParPar
([eq(gvar[1],0),eq(x1,”/home/paolo/SetB/*”),eq(x1,READ)].open(x1,x2,x3).lvar[1]:= ([eq(gvar[1],0),eq(x1,”/home/paolo/SetB/*”),eq(x1,READ)].open(x1,x2,x3).lvar[1]:= x3.gvar[2]:=1.x3.gvar[2]:=1.
i([eq(x1,lvar[1])].i([eq(x1,lvar[1])].readread(x1,x2,x3)).(x1,x2,x3)).[eq(x1,lvar[1])].close(x1,x2)[eq(x1,lvar[1])].close(x1,x2)))
Usage Control Policy Language
History of System Calls
Trust and Security for Next Generation Grids, www.gridtrust.eu
GridTrust Framework: GridTrust Framework: Tools and Policy-based ServicesTools and Policy-based Services
GRID Service
Middleware Layer
NGG Architecture
GRID Application
Layer
GRID Foundation Middleware
Layer
Network Operating
System
Trust and SecurityGoals Self-* …
Dynamic VO
…
Reputation Mgtservice
VO Mngt
…Resources
VO Members
Services
Computational usage control +TM Fine grained
Continuous
OGSAcompliant
Usage Cont. service
Secure VO Req Editor
UsageControl Policies
VO-level Policies
VO Model and Refinement
Tool
2. Local
Policies
1. Global Policies
Sec Res Broker
Enforcer