Скачать презентацию Core GRID European Research Network on Foundations Software Скачать презентацию Core GRID European Research Network on Foundations Software

b00f6c61b15959319ba223eb608ecb15.ppt

  • Количество слайдов: 15

Core. GRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale Core. GRID: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies Providing security to the Desktop Data Grid FORTH ICS (Greece) Jesus Luna, Michail Flouris, Manolis Marazakis and Angelos Bilas April-2008

Outline • Introduction • Desktop Data Grids • Methodology: – Security Analysis – Data Outline • Introduction • Desktop Data Grids • Methodology: – Security Analysis – Data Security Protocol – Analytical Results • Conclusions • Future Work European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 2

Introduction • Desktop Grids, and in particular Volunteer Computing, are well-known for their computational Introduction • Desktop Grids, and in particular Volunteer Computing, are well-known for their computational power: – BOINC has approximately 316, 000 volunteers, 558, 000 nodes and 1, 024 Tera. FLOPS (24 -hr average). (March-08) European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 3

Desktop Data Grids • Nowadays the storage potential of Desktop Grids is also being Desktop Data Grids • Nowadays the storage potential of Desktop Grids is also being considered: 7. 74 Peta. Bytes @ 5. 27 Tera. Bytes/sec. • Interesting initiatives are appearing, i. e. Storage@Home [IPDPS 07] and Rev. Stor. • However, from a data-centric point of view which are the security requirements of these novel Desktop Data Grids (DDG)? European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 4

Methodology • Extrapolating our current security research (Data Grids) to the DDG: 1. Applied Methodology • Extrapolating our current security research (Data Grids) to the DDG: 1. Applied a data-centric security analysis framework. 2. Adapted the contributed data security protocol. 3. Obtained some analytical results about the stored data’s assurance. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 5

Data Security Analysis • Desktop Data Grid’s architecture: Au th N /A ut h. Data Security Analysis • Desktop Data Grid’s architecture: Au th N /A ut h. Z All Data I/O is initiated by the VSC ta Da I/O Submits a Job Requests Data Staged for VSC European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 6

Data Security Analysis • Security issues found with the analysis: Trusted Services High Volatility Data Security Analysis • Security issues found with the analysis: Trusted Services High Volatility Static propagation of Revocation Data Heterogeneous SW, HW, Admin Stored Data may be Leaked, Changed or Destroyed Secure Channels European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 7

Data Security Protocol • Based on three mechanisms to protect data stored at VSCs: Data Security Protocol • Based on three mechanisms to protect data stored at VSCs: 1. Symmetric cryptosystem: Provides confidentiality and integrity (hash and nonce) to the data at-rest. 2. Data fragmentation: Contrary to replication, provides data availability and confidentiality using a “m out-of n” IDA. 3. Quality of Security: Improves the IDA by distributing fragments to “secure” VSCs. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 8

Quality of Security (Qo. Sec) • VSCs are heterogeneous in every way: may join Quality of Security (Qo. Sec) • VSCs are heterogeneous in every way: may join or leave anytime, may be compromised, etc. Therefore they provide different levels of assurance to stored fragments. • If this “Qo. Sec” can be quantified to characterize each VSC, then a Client may request a minimum value to be fulfilled for storing his data. • Analogous to Qo. S (communication) and Lo. A (Grid Auth. N). • Requirements: – A “security policy” with provisions relevant to data assurance (i. e. availability). – An evaluation methodology. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 9

Evaluation Methodology: REM in-a-box • Step 0 – Policy Definition: Set of rules modeling Evaluation Methodology: REM in-a-box • Step 0 – Policy Definition: Set of rules modeling the VSC’s behavior. • Step 1 - Policy Formalization Px=“RAID Level” Px={No RAID, RAID-0, RAID-1, RAID-5} Card(Px)=4 • Step 2 a – Security Matrix per-VSC P(vsc)=“PC with RAID-1” P(vsc)=(1, 1, 1, 0) - vector per-provision P(RAID-0) < P(RAID-1) < P(RAID-5) - Ordered relationship M(vsc) is a matrix built from a set of P(vsc) - Security Policy • Step 2 b - Evaluation technique: uses a metric criteria (i. e. Euclidean Distance) to compute a numeric Qo. Sec relative to a reference Matrix (i. e. a Zero-matrix) European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 10

Qo. Sec: Analytical Results • As a proof of concept, we analyzed the relationship Qo. Sec: Analytical Results • As a proof of concept, we analyzed the relationship among Qo. Sec and Data Assurance: – A first approach for the VSC’s security policy considered a subset of rules from a Certificate Policy (CP). – CPs from Hellas. Grid, CERN and IRISGrid were evaluated with REM. – Analyzed the distribution assurance for a dispersal algorithm μ [Mei 03], but considering the introduced Qo. Sec: European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 11

Qo. Sec: Analytical Results • • Qo. Sec(Hellas. Grid) = 4. 47 Qo. Sec(CERN) Qo. Sec: Analytical Results • • Qo. Sec(Hellas. Grid) = 4. 47 Qo. Sec(CERN) = 6. 00 Qo. Sec(IRISGrid) = 5. 48 Qo. Sec(EUGrid. PMA) = 4. 24 High Qo. Sec= Better Data Assurance with smaller number of fragments N=100 n=15 Low Qo. Sec= requires more fragments to achieve higher Data Assurance European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 12

Conclusions • Desktop Grids offer an interesting option for storing data, however security implications Conclusions • Desktop Grids offer an interesting option for storing data, however security implications of using untrusted clients need to be studied (among other factors!). • Based on our current work for the Data Grid, we analyzed the security of DDGs and proposed a protocol that if implemented at the Project Server, then may minimize key compromise while avoiding extra processing at the VSCs. • An analytical model has shown the relationship Qo. Sec -> data assurance. European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 13

Future work • Definition of a comprehensive Security Policy, mostly focused on the VSC’s Future work • Definition of a comprehensive Security Policy, mostly focused on the VSC’s availability. • Client executing code directly on the data stored at the VSC. • Begin contact with EDGe. S (Enabling Desktop Grids for e. Science) http: //www. edges-grid. eu/ European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 14

Thank you for your attention! Questions? Jesus Luna jluna@ics. forth. gr jluna@cs. ucy. ac. Thank you for your attention! Questions? Jesus Luna jluna@ics. forth. gr jluna@cs. ucy. ac. cy European Research Network on Foundations, Software Infrastructures and Applications for large scale distributed, GRID and Peer-to-Peer Technologies 15