JRA1.6 Active Security

1
JRA1.6 Active Security

• Stuart Kenny, Brian Coghlan
• Trinity College Dublin
• Stuart.Kenny_at_cs.tcd.ie

2
Active Security

• Consider security measures for an interactive
  framework
• Focus on detection and reaction
• Components
• Security monitoring
• Monitors state of security of a site
• Alert Analysis
• Joins alerts into high-level attack scenarios
• single high-priority Grid alert
• Creates new Grid policies
• Control Engine
• Performs the role of a Policy Decision Point at a
  site
• Evaluates requests for guidance against Grid
  policies

3
Current Status

• Security Monitoring
• Passed test and validation
• Deployed on development testbed
• TCD, UAB, GUP
• 50,000 alerts since 2007-10-01
• Daily reports generated
• Analysis component
• Passed one test and validation
• Deployed at TCD
• Testing performed, see
• https//www.cs.tcd.ie/Stuart.Kenny/i2g/brochures/i
  2g-active-security_use_case.pdf
• New test and validation request submitted
• Control Engine
• Test and validation request submitted
• Deployed at TCD

4
Daily Monitoring Reports
5
Future Plans

• Infrastructure now fully in place
• All components either passed, or submitted for,
  TV
• Several points of extensibility
• Security monitoring
• Investigate adding additional R-GMA enabled
  monitoring tools
• Alert Analysis
• Provide a suite of Grid attack scenarios
• Control Engine
• Provide additional agents for making requests and
  for interacting with Grid services
• e.g. Interactive application monitoring agent

6
Issues

• Production testbed deployment??
• Initially just security monitoring
• New node type??
• could be optionally installed, e.g., i2g-SecMon
• Security Monitoring Control Engine