Dr Mine Altunay (FERMILAB)
Open Science Grid stakeholders invariably depend on multiple infrastructures to build their community-based distributed systems. To meet this need, OSG has built new gateways with TeraGrid, Campus Grids, and Regional Grids (NYSGrid, BrazilGrid). This has brought new security challenges for the OSG architecture and operations. The impact of security incidents now has a larger scope and demands a coordinated response. Operationally, we took first steps towards building an incident sharing community among our peer grids. To reach higher-education user communities, especially HEP researchers, outside the grids, OSG members joined REN-ISAC. We also defined (jointly with EGEE) a set of operational security tools and began implementation. And, because across the infrastructures certificate hygiene is a top priority, we worked with the IGTF (International Grid Trust Federation) to develop risk assessment and incident response processes. Architecturally, we analyzed how proxy credentials are treated end-to-end in the OSG infrastructure. We discovered that the treatment of proxies, after a job is finished, has some shortcomings. Given long proxy lifetimes, a breach of a host can affect multiple users and grids. Finally, we are working on a banning service that can deny access to resources by suspect users at the gatekeeper. We designed this site service to receive alerts from a central banning service managed by the security team in cases of emergencies. We envision that coupled with our operational efforts, this service would be a first-line defense against security incidents.
|Presentation type (oral | poster)||oral|