14-18 October 2013
Amsterdam, Beurs van Berlage
Europe/Amsterdam timezone

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures

17 Oct 2013, 11:00
20m
Veilingzaal (Amsterdam, Beurs van Berlage)

Veilingzaal

Amsterdam, Beurs van Berlage

Oral presentation to parallel session Facilities, Production Infrastructures, Networking and Collaborative Tools Facilities, Infrastructures, Networking and Collaborative Tools

Speaker

Dave Kelsey (STFC - Science & Technology Facilities Council (GB))

Description

The Security for Collaborating Infrastructures (SCI) group (http://www.eugridpma.org/sci/) is a collaborative activity of information security officers from several large-scale distributed computing infrastructures, including EGI, OSG, PRACE, WLCG, and XSEDE. SCI is developing a framework to enable interoperation of collaborating Grids with the aim of managing cross-Grid operational security risks and to build trust and develop policy standards for collaboration especially in cases where we cannot just share identical security policy documents. This assists in building the trust required for cooperation in operational security within WLCG. Each infrastructure consists of distributed computing resources, users, and a set of policies and procedures all managed by different organisations. Even when such an infrastructure considers itself to be decoupled from other infrastructures, it is in fact subject to many of the same threats and vulnerabilities as other infrastructures because of the use of common software and technologies. Moreover, in WLCG there are users who use resources in more than one infrastructure and are thus potential vectors that can spread infection from one infrastructure to another. In each of these situations, the infrastructures can benefit from working together and sharing information on security issues. We will present, based on current best practices and a long real-world experience, the current SCI activities including our documented requirements in 6 areas (operational security, incident response, traceability, participant responsibilities, legal issues and data protection) that each infrastructure must address in relation to being considered a trusted partner. We will also present an analysis method for showing the extent to which the infrastructures comply with the requirements.

Primary author

Dave Kelsey (STFC - Science & Technology Facilities Council (GB))

Co-authors

Christos Kanellopoulos (GRNET) David Groep (NIKHEF (NL)) Irwin Gaines (DOE/FNAL) James Marsteller (PSC) Jules Wolfrat (SURFsara) Dr Keith Chadwick (Fermilab) Ralph Niederberger (FZ-Juelich) Mr Romain Wartel (CERN) Urpo Kaila (CSC - IT Center for Science Ltd.) Vincent Ribaillier (CNRS) Willy Weisz (University of Vienna)

Presentation Materials