Security in the Grid, by Dr Steven Newhouse
The Grid
The Grid, as envisaged by Foster & Kessselman and more recently by Berman, Fox and Hey, is a ubiquitous computing infrastructure that allows flexible, secure, coordinated resource sharing among dynamic collections of individuals, institutions, and resources. It is this ability to form these virtual organisations, composed from individuals in real organisations with their own resources, that characterises the paradigm shift that is now occurring within many communities dependent on computational resources.
Within the UK research community this paradigm shift has been termed e-Science - a recognition that the UK's scientists are increasingly involved in collaborations which involve the sharing of data, compute and 'know how' (encapsulated within scientific software packages) within a global virtual organisation. This activity is enabled by grid middleware, the software infrastructure that enforces how these resources may be shared while providing the mechanisms to enable access.
The UK research community is currently in the middle of an ambitious three year programme that is demonstrating the opportunities offered by e-Science through a series of multi-disciplinary pilot projects that couple the needs of applied scientists with the skills of computer scientists to deliver innovative solutions to real-world requirements in engineering, physics, medicine and the environment. These applied activities are supported by a 'Core' programme, partially funded by the Department of Trade and Industry, which provides a network of eight regional e-science centres, such as the London e-Science Centre based at Imperial College London, to support their local e-science communities while engaging in collaborative projects with industry.
The early engagement of industry is a recognition that many of the challenges faced in the research community relating to secure access to shared resources are also found in the commercial environment. For instance, it is possible for large companies to collaborate in one market but to compete in others, thereby requiring strict access control on data and resources. Likewise the virtualisation of resources offered by the emerging grid middleware enables resources to be shared securely within an enterprise as well as between enterprises to enable new innovative business models. The ultimate vision of the grid is a ubiquitous computing infrastructure providing a utility capability to a worldwide community analogous to the well-established national electrical power grids that underpin our daily lives.
Securing the Grid
As we look to sharing resources within our organisations with others, our primary concern has to be to maintain the integrity of these resources. Security has therefore always been a primary concern within the grid since its origin in the high performance computing community in the mid 1990's where national supercomputering resources in the USA where linked to form the first computational grid. Security issues in the grid are usually broken down into three distinct areas: authentication (verifying the identity of an individual), authorisation (ensuring they are permitted to access a resource) and accounting (monitoring an individuals use of a resource).
Authentication
Within the Globus Toolkit, the defacto standard grid middleware, the Grid Security Infrastructure (GSI) uses an established Public Key Infrastructure (PKI) to build a security framework for distributed computing (see below). This framework is based around a verifiable certificate (similar to a passport) that may be presented to a resource to authenticate an individual.
These X.509 certificates (named after the standard specifying their format) are issued to the individuals and the resources within an organisation to enable mutual authentication. When an individual asks to use a resource they present their public key certificate to the remote resources as a means of verifying their identity. The remote resource reciprocates by providing their certificate to the individual to verify its identity. This exchange takes place automatically each time the individual creates a new connection with a remote resource.
|
Public Key Infrastructures
Public Key Infrastructures are based on a private and public piece of information or key. The private key must be kept securely on an individual's computer, or ideally on a removable smart card (similar to modern credit cards), while the public key is freely distributed in the form of certificate. To challenge the identity of a remote entity I provide some specified random data and ask them to encrypt it with their private key. The encrypted data can only be easily decrypted through the use of the well-known public key which I already possess and verify. If the decrypted data matches my original challenge then I know that the remote entity is in possession of the private key. It is therefore vital that the integrity of the private key is maintained. [More Info]
The need to preserve the integrity of the certificate is so high that all interaction on the grid takes place through the use of a proxy certificate a short-lived version of the user's main certificate. This proxy certificate is sent securely to a remote resource to enable access to other resources that may be needed as part of the remote task. For instance, a data file may need to be retrieved from another remote data source before processing may take place.
The UK e-Science programme issues certificates through the Certificate Authority (CA) at the Grid Support Centre. The verification of an individual's identity takes place through a network of Registration Authorities distributed throughout the UK. Once the identity of an individual has been confirmed they are issued a certificate. Although not currently used within the UK e-Science programme certificates issued by commercial providers such as Thawte and Verisign could be equally valid means of verifying an individuals identity.
|
Authorisation
As a resource owner I may trust the process by which a Certificate Authority (CA) issue their certificates, however just because I trust the source of the certificate it does not mean that I have to let everyone who has a certificate from this CA use my resources. Currently, within the Globus Toolkit, each individual who wants to use a resource has to be explicitly named as being able to use the resource - 'if your name's not down you're not coming in'.
While this procedure is simple and effective, this 'guest list' has to be maintained on all the resources within a virtual organisation. As the number of users, resources and virtual organisations increases this is clearly not a scalable solution. The Joint Information Systems Committee (JISC) is currently funding a number of projects to evaluate alternative means of specifying the usage policy relating to distributed resources. These infrastructures range from centralised policy servers (e.g. the Community Authorisation Service) to decentralised policy declarations that are evaluated to determine if an individual is authorised to use a resource (e.g. Akenti).
Accounting
Accounting has many connotations with the grid community, but at its most basic it is focussed on determining in a distributed community who used which resource and when. Although many organisations will collect this accounting information for their own internal purposes it is rarely shared. It is essential within a virtual organisation that this information is shared to provide a global view of the activity within the community. The integrity of this information must be ensured as it may ultimately be used as a basis for calculating any charges for resource use.
This is an area that has only recently become a priority for grid middleware developers as the expanded deployment of grids has made the monitoring of such activity within the virtual organisation essential.
The Future
Grid Security and its associated aspects of authentication, authorisation and accounting have always been a priority to grid middleware developers. The current Grid Security Infrastructure is undergoing standardisation though bodies such as the Global Grid Forum and the Internet Engineering Task Force. While the recent adoption of the Open Grid Services Architecture (OGSA) by the grid community will combine existing and future Web Service based security standards with the collaborative demands of virtual organisations. It is these commercially proven security infrastructures for managing Web Services from major industrial vendors that will form the basis for future grid middleware deployments.
|
London e-Science Centre
The London e-Science Centre (LeSC) based at Imperial College London, is one of the regional e-science centres funded through the Engineering and Physical Sciences Research Council (EPSRC) and the Department of Trade and Industry (DTI) Core programme. Its role is to develop and support their local e-science communities while engaging in collaborative research projects with industry and other academics. Amongst these is a project to evaluate the Community Authorisation Service through an e-science testbed based between Imperial, Manchester and Daresbury.
Through these activities we are developing ICENI (Imperial College e-Science Networked Infrastructure) an integrated next generation grid middleware which is being used to prototype new protocols and mechanisms to access distributed services. A recently funded EPSRC/DTI project being led by Professor John Darlington the LeSC's Director will explore the issues in dynamically pricing and trading grid resources within and between virtual organisations.
|
