Lecture 19-20 – Security and Clouds Professor . Sinnott
Director, eResearch University of Melbourne
Real-time congestion identification
Copyright By PowCoder代写 加微信 powcoder
Yikai Gong, MSc 2014
Human Trafficking vs Voyeurism (?)
, MSc 2015
Orwellian Nightmare…
http://www.pedestrian.melbourne.vic.gov.au/
https://www.zdnet.com/article/victoria-invests-au34m-in-distracted- driver-ai-mobile-phone-detection-tech/
Twitter tracking…
Digital Security (in the e-World)
Resources Access Control Privileges User Communities
Fine grained Dynamic
Site autonomy Manageability
Ease of use Single sign-on
LPSYVDWRSAGAVVDIKSQG ECGGCWAFSAIATVEGINKI TSGSLISLSEQELIDCGRTQQD NTRGCDGGYI TDGFQFIIND GGINTEENYPYTAQDGDCDV
AGGTATAGCGCGCGCGATATATA
AAATGTACGTACGGGCCCTTATA CGCGCGCGATATATAGCGCGCG
competitors
Why is security so important?
• Ifsystems(Grids/Clouds/outsourcedinfrastructure!) are not secure
– Large communities will not engage
• medical community, industry, financial community … – or rather they will only use their own internal resources – private clouds!
– Expensive (impossible?) to repeat some experiments
• Huge machines running large simulations for several years
– Legal and ethical issues possible to be violated with all sorts of consequences
• e.g. data protection act violations and fines incurred – Amazon Web Services, Sydney
– Amazon Web Services, Melbourne
– Trust (more later!) is easily lost and hard to re-establish
The Challenge of Security
• GridsandClouds(IaaS)allowuserstocompilecodes that do stuff on physical/virtual machines
– IntheGridworldarichblendoffacilitiesco-existed(were accessible/integrated!) which had “issues”
• Highly secure supercomputing facilities compromised by single user PCs/laptops
– Glasgow experience!
• Need security technologies that scales to meet wide variety of applications
– from highly secure medical information data sets through to particle physics/public genome data sets
– Using services for processing of patient data through to “needle in haystack” searching of physics experiments
• Should try to develop generic security solutions
• Avoid all application areas re-inventing their own (incompatible/inoperable) solutions
The Challenge of Security …ctd
• Cloudsallowscenariosthatstretchinter- organisational security
– Policies that restrict access to and usage of resources based on pre-identified users, resources
• Groups/tenancy…
– But what if new resources added, new users added, old users go…?
• Over-subscription issues
• User management (per user, per team, per organisation, per country…)
– Whatiforganisationsdecidetochangepoliciesgoverning access to and usage of resources, or bring their data back inside of their firewall?
• Really not replicated somewhere else?
– Whatifyoushareatenancywithanoisyneighbour!
• I/O demanding applications
– You hopefully never experienced this, but early NeCTAR RC had performance issues!
– Themulti-facetedchallengesof”lifebeyondthe organisational firewall”?
Prelude to Security
• Whatdowemeanbysecurityanyway?
– Secure from whom?
• From sys-admin?
• From rogue employee? •…
– Secure against what?
• Security is never black and white but is a grey landscape where the context determines the accuracy of how secure a system is
– e.g. secure as given by a set of security requirements – Secure for how long?
• “I recommend overwriting a deleted file seven times: the first time with all ones, the second time with all zeros, and five times with a cryptographically secure pseudo-random sequence. Recent developments at the National Institute of Standards and Technology with electron-tunnelling microscopes suggest even that might not be enough. Honestly, if your data is sufficiently valuable, assume that it is impossible to erase data completely off magnetic media. Burn or shred the media; it’s cheaper to buy media new than to lose your secrets….”
» -Applied Cryptography
Prelude to Security …ctd
• Note that security technology ≠
secure system
– Ultra secure system using 2048+ bit encryption technology, packet filtering firewalls, …
• … on laptop in unlocked room
• … on PC with password on “post-it” on screen/desk
• … the challenge of peta/exa-scale computers and possibility for brute force cracking
– Famous quote to muse over:
• “…if you think that technology can solve your security problems then you don’t know enough about the technology, and worse you don’t know what your problems are…”
, Secrets and Lies in a Digital Networked World
Technical Challenges of Security
• Several key terms that associated with security
– Authentication
– Authorisation
– Audit/accounting
– Confidentiality
– Fabric management – Trust
Generally speaking AAAA
Domain specific
(name -> DOB -> DNA)
Inter-organisational and Technological challenges
All are important but some applications/domains have more emphasis on concepts than others
Key is to make all of this simple/transparent to users!
Security Concepts::Authentication
• Authenticationistheestablishmentandpropagationofa user’s identity in the system
• e.g. so site X can check that user Y is attempting to gain access to it’s resources
• Note does not check what user is allowed to do, only that we know (and can check!) who they are
• Masquerading always a danger (and realistic possibility) • Security guidance/balances
• Password selection
• 16 characters, upper/lower case and must include non- alphanumeric characters and be changed quarterly…!?!?!?!
• Treatment of certificates
– Local username/password?
• 100,000+ users that come and go
– Centralised vs decentralised systems? • More scalable solution needed
– Public Key Infrastructures (PKI) underpins MANY systems • Based on public key cryptography
This might seem like an aside on Cloud Security but IS important and relevant…honestly!!!
Public Key Cryptography
• AlsocalledAsymmetricCryptography
– Two distinct keys
• One that must be kept private
– Private Key … Duh! ;o)
• One that can be made public
– Public Key … Double duh!
– Two keys complementary, but essential that cannot find out value of private key from public key
• With private keys can digitally sign messages, documents, … and validate them with associated public keys
– Check whether changed, useful for non-repudiation, …
• PublicKeyCryptographysimplifieskeymanagement
– Don’t need to have many keys for long time
• The longer keys are left in storage, more likelihood of their being compromised
– Instead use Public Keys for short time and then discard
– Public Keys can be freely distributed
• Only Private Key needs to be kept long term and kept securely
Public Key Certificates
• Mechanismconnectingpublickeytouserwithcorresponding
private key is Public Key Certificate
– Public key certificate contains public key and identifies the user with the corresponding private key
• Distinguished Name (DN): CN= ; OU=CIS; O=UniMelb; C=AU
– Not a new idea
• Business card
– My name, my association, contact details, …
» Can be distributed to people I want to exchange info with
– If include public key on it, then have basic certificate, but …
» has to be delivered in person (or no trust!), who says I work at Melbourne?, could be a forgery, I might be an impostor, what if I move to Monash or my phone number changes, who would have 1024-bit key on business card, …
– Public Key Certificates issued by trusted “Certification Authority”
Certification Authority
• CentralcomponentofPKIisCertificationAuthority(CA) – CA has numerous responsibilities
• Policy and procedures
– How to’s, do’s and don’ts of using certificates
– Processes that should be followed by users, organisations, service providers …(and consequence for violating them!)
• Issuing certificates
– Often need to delegate to local Registration Authority
» Prove who you are, e.g. with passport, student card • Revoking certificates
– Certificate Revocation List (CRL) for expired/compromised certificates
• Storing, archiving
– Keeping track of existing certificates, various other information, …
User User User
rootCA subCA
Typical Simple CA
• Based on statically defined centralised CA with direct single hierarchy to users
• Typical scenario for getting a certificate
2. Check details of request
1. Request certificate (and generate private key)
4. Download and install certificate in browser 5. Download and install CRL
6. Export certificate to various formats e.g. for use on Grid
$> openssl pkcs12 -in cert.p12 -clcerts -nokeys -out usercert.pem!!!!
This was/ is off-putting for end users!!! Typically not available on Windows!!!
Root access? Local sys-admin?
Who is the RA at University/College of “SomewhereSmall” that isn’t in the e-Club?
UK e-Science Grid (~2004)
• Grid mapfile
– DN=Rich… -> ros – DN=Bob… -> bob –…
• EGEE Grid
– Similar principal – (butroleofVO)
PKI and Cloud
• So what has this got to do with Cloud…?
– IaaS – key pair!
• Cloud inter-operability begins with security!
– There is no single, ubiquitous CA, there are many
• Your access to:
– MRC VMs was achieved through proving your identity as a member of the University of Melbourne
– SPARTAN cluster was through proving your identity as a student enrolled in COMP90024 at the University of Melbourne
• There are many ways to prove your identity
– OpenId, FacebookId, Visa credit card for Amazon, …
• Degrees of trust
– But remember need for single sign-on
Prove identity once and access distributed, autonomous resources!
Decentralised Authentication (Proof of Identity) thru Shibboleth
Identity Provider
Home Institution
Federation
This is underpinned by a PKI
• Service Providers
• Identity Providers • WAYF
Service provider
5. User accesses resource
Web site/e-Journal
User points browser at protected resource/portal
Log-in once and (identity proven!?)
Supports Single-Sign On (in case you were unaware)
4. Home site authenticates user
2. Shibboleth redirects user to W.A.Y.F. service
3.User selects their home institution
Demonstration of Single Sign-On
• DoesBallarathaveasinglewaytoproveidentityforalltheir staff/students? Fired but still with VPN access?
• DoesWollongonghaveastrongpasswordpolicy?Admin/admin?
• DowereallyknowthatitisJoeBloggslogginginfrom University and not his student/secretary/the cleaner?
• DoIwantanyonefromMonashtobeabletolog-intomyservice (if they aren’t involved in my project!?)
• IsitreallyMYVisacardIamusingonAmazontodobadstuff?
• RelationwithCloudforIaaSvsUsageofaCloud
– What we really want is finer-grained security
– Clouds don’t tackle this right now
– Typically domain/user specific (and generally a dark art!!!)
– Hence I get lots of grants!!! ;o)
Security Concepts::Authorisation
• Authorisation is concerned with controlling access to
resources based on policy
• Can this user invoke this service, make use of this data?
• Complementary to authentication
– Know it is this user, now can we restrict/enforce what they can/cannot do
– Many different approaches for authorisation
• Group Based Access Control (e.g. your project VMs) • Role Based Access Control (RBAC)
• Identity Based Access Control (IBAC)
• Attribute Based Access Control (ABAC)
– Consider the Passport vs Frequent Customer Shopping experience
Authorisation and Clouds ?
• Authorisation typically applies to services/data deployed on Clouds, i.e. when they are running
– But not only…
• Who can install this patch, when can they do it, how many VMs will be affected if this happens…?
• Is this virtual image free of trojans, malware etc?
• Lots of tools to support this – Pakiti, Cfengine, Puppet, …
• Real challenge of software dependency management for complex systems
– Amazingly (?) most users/organisations do not patch!!!
– Side-effects, complexities, stopping jobs, restarting jobs etc
– Defining what they can do and define and enforce rules • Each site will have different rules/regulations
– Often realised through Virtual Organisations (VO)
• Collection of distributed resources shared by collection of users from one or more organizations typically to work on common research goal
– Provides conceptual framework for rules and regulations for resources to be offered/shared between VO institutions/members
– Different domains place greater/lesser emphasis on expression and enforcement of rules and regulations (policies)
Org1 … Orgn
• Authorisation
{Resources} {Users} {Resources} {Users}
– XACML, PERMIS, CAS, VOMS, AKENTI, VOMS, SAML, WS-*
• RBACistypicalmodel
– Basic idea is to define:
• roles applicable to specific collaboration
– roles often hierarchical
» RoleX≥RoleY≥RoleZ
» XcandoeverythingandmorethanYwhocandoeverythingandmorethanZ
• actions allowed/not allowed for VO members
• resources comprising VO infrastructure (computers, data etc)
– A policy then consists of sets of these rules
– {RolexActionxTarget}
» CanuserwithVOroleXinvokeserviceYonresourceZ?
– Policy itself can be represented in many ways, » e.g.XMLdocument,SAML,XACML,…
• Standards on when/where these used (PEP) and enforced (PDP)
– Policy engines consume this information to make access decisions
Should all be transparent to end users!
Reflect needs and understanding of organisations involved!
• Many Technologies
Shibboleth Augmented Authorisation
uid AuthZ Identity Provider LDAP
Service provider
AuthZ LDAP
LDAP AuthN
6. Make final AuthZ decision
5. Pass authentication info and attributes to authZ function
Shib Frontend
Identity Provider
Home Institution
Home Institution
Federation
1. User points browser at protected resource/portal
User points browser at protected
resource portal User
4. Home site authenticates user and pushes attributes to the service provider
2. Shibboleth redirects user to W.A.Y.F. service
3.User selects their home institution
Application
4. Home site authenticates user and
pushes attributes to the service provider
Privileges, Resources, Access Control and Trust
Identity Provider
6. Make final AuthZ decision
5. Pass authentication info and attributes to authZ function
Shib Frontend
Home Institution
Federation
1. User points browser at protected resource/portal
4. Home site authenticates user and pushes attributes to the service provider
2. Shibboleth redirects user to W.A.Y.F. service
3.User selects their home institution
Other Cloud Security Challenges
• Single sign-on
– The Grid model (and Shib model!) needed
– Currently not solved for Cloud-based IaaS
– Onus is on non-Cloud developers to define/support this
Other Cloud Security Challenges
• Auditing
– logging, intrusion detection, auditing of security in external computer facilities
• well established in theory and practice and for local systems
– Less mature in Cloud environments (beyond the firewall!) • Tools to support generation of diagnostic trails
– Across federations of Clouds?
– Log/keep all information?
– For how long? –…
Other Cloud Security Challenges
• Deletion (and encryption!!!)
– Data deletion with no direct hard disk • Many tools and utilities don’t work!
– Scale of data
• Securely deleting a few Mb easy enough • Try to delete a few Tb+?
Other Cloud Security Challenges
• Liability
– http://aws.amazon.com/agreement/
Other Cloud Security Challenges
• Licensing
– Many license models • Per user
• Per server
• Per organisation
• Floating licenses • Fixed to machines •…
– Challenges with the Cloud delivery model – (Where can jobs realistically run…!)
Other Cloud Security Challenges
• Workflows
– Many workflow tools for combing SoA services/data flows
• Taverna, Pegasus, Galaxy, Kepler, Nimrod, OMS, …
– Many workflows models
• Orchestration (centralised definition/enactment), • Choreography (decentralised)
– Serious challenges of • defining,
• enforcing, • sharing,
• enacting
– security-oriented workflows
Other Cloud Security Challenges
• The Ever Changing Technical/Legal Landscape
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com