E-Science Security Roadmap
Grid Security Task Force
From original presentation by Howard Chivers,
University of York
Brief content:

Seek feedback on security problems

Invite projects to offer good security
practice where it already exists
Purpose of the Roadmap



Documents status of Grid security
Highlights problems and gaps
Identifies priority needs to be addressed
by the programme, e.g.




Promulgation of best practice
Calls for specific technology development
Engaging in international standards activities
Adopting commercial solutions
“Unless security measures are integrated into the
e-Science programme, it risks failure because the
results are not exploitable by their target community”
Background

Direction of infrastructure




Considers current status and expected
evolution of Globus Toolkit
Notes trend towards web services
But acknowledges diverse infrastructure in
current programme
Problems

Identified by members of Security Task Force
in their dealings with typical projects

Further project input would be very welcome
Roadmap structure (1)

Technology gaps classified by timescale




Short – ideally needed now (or within 1 year)
Medium – needed to move current projects
onto production footing (without can signal
failure of e-Science programme) (<2005)
Long – needed to fully exploit programme in
the longer term
Gaps also classified by function

Authentication, authorisation, audit, privacy,
integrity, fabric, trust
Roadmap structure (2)

Discussion of operational concerns


Usability, performance, scalability,
manageability, interoperability, assurance
Summary of key recommendations

15 priority needs
Related documents

E-Science Task Force Recommendations


High-level framework of recommendations,
of which the roadmap provides the technical
content
E-Science Security Policy

Identifies structure and responsibilities for
security in the e-Science programme
The Detail
Problems and associated
recommendations
Generic issues
Problems
 Projects are not well provided with
security solutions, and security skills are
not always available
Needs
 Promulgate good practice, wherever it has
been established in the programme
Authentication
Problems
 Some projects are investigating large scale
deployment, but


The current e-Science PKI may not scale
PKI credentials hard to use by non-specialist users
Needs
 Scalable production infrastructure (medium)
 Better credential management (medium)
 Secure roaming (long)
Authorisation & delegation (1)
Problems
 Some authorisation systems exist



Akenti, PERMIS, CAS, VOMS, VOM, Cardea
Management and scalability of authorisation
policies and users are major weaknesses
Globus provides a delegation solution via short
term proxy certificates, but

The current delegation model is not suitable for all
situations – some projects are developing their own
Authorisation & delegation (2)
Needs
 Selection and central support of a policy
and authorisation infrastructure (short)
 A policy reference model and protocols to
support interoperability (medium)
 Policy creation and management tools
(medium)
 An improved model for delegation (long)
Audit
Problems
 Logging and auditing are generally well
established and understood but

The Grid introduces new problems – audit
trails become widely distributed
Needs
 Tools to support the generation of
diagnostic trails in distributed/Grid
systems (long)
Privacy
Definition
 Consent of data owner (so distinct from
confidentiality)
Problems
 Relatively little prior art exists, and some areas,
e.g. health related systems, have specific
concerns
Needs
 Generation and promulgation of good practice in
both policy and implementation, particularly for
health related systems (medium)
Confidentiality
Problems
 Most requirements dealt with under
authorisation and encryption but

Some projects are so distributed they will
need to propagate constraints with data (e.g.
rights metadata for digital content)
Needs
 Mechanisms to transport access
constraints with data (long)
Integrity
Problems
 Solutions exist to manage integrity of data
in transit but

Wider problems of ensuring integrity of
groups of related distributed data
(provenance) and the need to manage this
Needs
 To collect and promulgate successful
approaches to provenance management
from current research (medium)
Fabric
(the compute/network infrastructure)
Problems
 At present there is a tension between
conventional fabric security (e.g. firewalls)
and typical Grid systems
Needs
 Packaged Grid security solutions that are
friendly to fabric (long)
 Advanced firewalls with flexible policies,
able to parse service information (long)
Trust
Problems
 Trust is more than CAs or authorisation systems, it
covers any actions by all parties e.g. that a user is
obliged to delete data after reading it

Projects in general won’t adopt an open Grid: they need
to be able to restrict some aspects of their applications
Needs
 A trust management framework for “virtual grids”
with locally specific security features (medium)
Summary

Operational characteristics are also important



Authorisation, authentication, delegation and
trust problems are inter-related
Roadmap identifies a total of 15 priority needs:




usability, performance, scalability, manageability,
inter-operability, assurance
2 short term
7 medium term
6 long term
These are only the technical recommendations –
non-technical (or “socio-technical”)
recommendations will follow as a later paper
You can help …


Do you have any major security concerns
which we haven’t noted?
Are you developing security practices,
policies or technology? If so please let us
know – the programme needs to spread
good practice