3rd EGEE User Forum

Evaluation of EGEE-grid security.

12 Feb 2008, 16:00

Exhibition Hall (<a href="http://www.polydome.org">Le Polydôme</a>, Clermont-Ferrand, FRANCE)

Poster Existing or Prospective Grid Services Posters

Speakers

Ms Dorine FOUOSSONG (IN2P3-LPC)Mr STEPHANE LIAUZU (IN2P3-LPC)

Description

Our first goal is an evaluation of the overall security. Using the grid introduces in the information system of a laboratory or a company new infrastructure and processes that have to be taken into account in the management. This is specially true in the security management, where relevant subsystem should be introduced in the trust chain. The trust chain is the subset of the information system that is “secure” in terms of the security strategy plan of this specific firm. The everyday work of the security manager is to deploy and maintain that trust chain. A good management strategy in our terms should follow the Deming Wheel: plan, do, check, act. Our work is mainly concerned by the third point which is “check” as it evaluates the security level of the new trust chain (modified to take in account the EGEE-grid resources). Thus, this activity should contribute significantly to the security risk management of the EGEE-grid environment.

4. Conclusions / Future plans

The approach is pragmatic because it focuses on results and is iterative. We work on both technical and organisational sides by checking the vulnerability risk assessment of software and auditing operational guidelines for the use of the grid. Achievement of security objectives is measured against the standard ISO27000s.
That will lead us to get a formal estimation of the level of maturity for integrated security one could expect from EGEE resources.

3. Impact

This activity is complementary to the other activity dealing with security in EGEE.
In fact, EGEE Grid Security provides the suckle for security (operational management tools and security infrastructure), and ISSEG focuses on practical expertise on the deployment of integrated site security; our activity, as described above, aims at providing assessment. The activity will produce feedback for those projects.

Finally, the ISMS (Information Security Management System) deployment task will be made simpler to security manager who are dealing with EGEE-grid.

1. Short overview

AUVERGRID is developing an activity in the field of security management which aims at answering the question of many grid users and administrators:
«How much can I trust EGEE security features and services?”.

Our goal is to provide a formal response to site security managers, and grid users.

Provide a set of generic keywords that define your contribution (e.g. Data Management, Workflows, High Energy Physics)

Grid security, security risk mitigation, authenticity, secure access, authorization