Speaker
Dr
Mine Altunay
(FERMILAB)
Description
Open Science Grid stakeholders invariably depend on multiple
infrastructures to build their community-based distributed systems.
To meet this need, OSG has built new gateways with TeraGrid, Campus
Grids, and Regional Grids (NYSGrid, BrazilGrid). This has brought new
security challenges for the OSG architecture and operations. The
impact of security incidents now has a larger scope and demands a
coordinated response.
Operationally, we took first steps towards building an incident
sharing community among our peer grids. To reach higher-education user
communities, especially HEP researchers, outside the grids, OSG
members joined REN-ISAC. We also defined (jointly with EGEE) a set of
operational security tools and began implementation. And, because
across the infrastructures certificate hygiene is a top priority, we
worked with the IGTF (International Grid Trust Federation) to develop
risk assessment and incident response processes.
Architecturally, we analyzed how proxy credentials are treated
end-to-end in the OSG infrastructure. We discovered that the treatment
of proxies, after a job is finished, has some shortcomings. Given long
proxy lifetimes, a breach of a host can affect multiple users and
grids.
Finally, we are working on a banning service that can deny access to
resources by suspect users at the gatekeeper. We designed this site
service to receive alerts from a central banning service managed by
the security team in cases of emergencies. We envision that coupled
with our operational efforts, this service would be a first-line
defense against security incidents.
| Presentation type (oral | poster) | oral |
|---|
Authors
Dr
James Basney
(NCSA)
Dr
Mine Altunay
(FERMILAB)
