Trust and Security in Virtual Communities

advertisement
Trust and Security in Virtual Communities
Third Workshop: Trusted Services Requirements and Prospects
The aim of the Third Workshop is to move the agenda
forward by considering application domains which have
significant trust requirements, beyond those offered by
current commodity grid,cloud) computing models.
In particular:
●
●
look for case studies matching emerging
technologies with emerging needs
identify steps (possible projects?) towards trialling
these
Topics
1. Experiences with developing ePCRN projects...medical
data
2. Aspects of Application Security
3. User-Controlled Dynamic Collaborations
4. Provenance and Security
5. Towards a Trusted Grid Architecture
6. Trusted Logging for Grid Computing,
7. Applying Trusted Computing to a workflow system
8. Reputation-Policy Trust Model for Grid Resource Selection
●
●
trusted computing
●
reputation
●
hardware-based
technologies
–
tpm
–
gumstix
–
encrypting storage devices
–
hardware-backed virtualization. (VTx)
●
virtual machines
●
PKI
Technologies: fit for (which)
purpose?
●
convergence of ideas?
–
●
●
kinds of trust: quality of service, roles, crypto-based
performance? overheads for VMs, overheads for encrypted
data transfers, for local data encryption/decryption
interoperability:
–
use of standards, system integration
–
other uses of virtualization; compatibility with these
(standards); VM standards? not really happening...
–
also need standards for describing configuration of VMs
incorporating legacy applications
–
operating in a mixed environment
●
●
●
●
●
●
concrete requirements?
–
mining companies' collaboration
–
yes, others
–
nanoCMOS – using grids? how?!
is it worth trying to get those with higher assurance needs to
use grid systems?
–
who's on the edge, just needing gentle encouragement?
–
not to over-sell capabilities
–
give customer framework for risk assessment
some degree of “grand vision” is needed to motivate
development
current notion of grid may not be appropriate for joining current
organisations
Other issues, not just technology
●
getting user communities on board
●
understanding risks end-to-end / workflow
●
legal compliance issues; some vague
●
–
corporate responsibility issues
–
liability for processing unseen jobs
policies. (c.f. DRM etc.)
–
e.g. adding a VO to NGS
–
attributes: semantic standardization
–
logging, provenance, trust evaluation requirements
●
metrics for trust
●
privacy
Discussion
●
Technologies: fit for (which) purpose?
●
Next steps
●
–
workshops (levels of assurance, DRM) ?
–
developing the discussions here
–
projects/case studies?
–
collaboration regimes; sharing information; etc.
Generalizing the “levels of assurance” idea
–
for authN, authZ, isolation, confidentiality
protections, integrity, administrator trust,
–
menu in each area; “profile” for application domain?
●
Generalizing the “levels of
authN (4 levels) assurance” idea
–
●
authZ / attribute authorities (Dave Kelsey)
–
●
●
private key protection.
VOs, and their procedures
isolation (accounts, sandboxing, virt. machines (“type 1”/”type
2)
–
cluster, cloud, desktop grid, end-user grid
–
network characteristics
data at rest (quality of storage, curated, encrypted, encrypted
by end user...)
●
QoS (availability, performance ...)
●
data in transit
●
provenance?
Next steps
●
workshops (levels of assurance, DRM) ?
–
developing the discussions here
–
projects/case studies?
–
collaboration regimes; sharing information; etc.
–
www.trustedgridcomputing.org
●
Australia, collab.
●
carrot method: get access to resources if...
●
how to engage application domains?
●
security assurance role in project definition, etc.
–
talk to funding councils? with outline draft?
Download