Supporting Secure and Scalable GAN Collaborations - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

Supporting Secure and Scalable GAN Collaborations

Description:

Used with the private key to provide authentication of users (SSL/TLS) ... Web-based interface available for ease of use/installation. Collaborative workflow tools ... – PowerPoint PPT presentation

Number of Views:34
Avg rating:3.0/5.0
Slides: 12
Provided by: mpe580
Category:

less

Transcript and Presenter's Notes

Title: Supporting Secure and Scalable GAN Collaborations


1
Supporting Secure and Scalable GAN Collaborations
  • Deb Agarwal (DAAgarwal_at_lbl.gov)
  • Marcia Perry and Mary Thompson
  • Collaboration Technologies Group
  • Lawrence Berkeley National Laboratory

2
Grid
  • Integrated distributed computing middleware
  • Public key-based security
  • Security infrastructure
  • Proxy certificates
  • Directory services
  • Resource scheduling
  • Web services (Open grid services architecture)
  • Secure file transfer
  • Uniform compute job submission
  • Job tracking
  • DOE Science Grid
  • Global Grid Forum

3
Typical Security Requirements
  • Limit participation to authorized people
  • Specify and enforce participant access
    capabilities
  • Single sign-on into environment
  • Create and enforce authorization policy for
    dynamic components
  • Dynamically change authorization policy
  • Identify participant actions (particularly for
    auditing and logging)

4
Security Terminology/Mechanisms
  • Authentication identify users
  • PKI Certificates
  • Attribute certificates
  • Username/password
  • Authorization figure out what users are allowed
    to do
  • Access Control Lists
  • Authorization servers
  • policy
  • capability certificates
  • Privacy
  • Private Network (virtual or actual)
  • Encryption
  • Data integrity
  • Message Authentication Codes (hash)

5
Grid Security Infrastructure (GSI)
  • X.509 Public Key Infrastructure (PKI)-based
    identity certificates
  • Contains the public key issued and signed by a
    certificate authority
  • Used with the private key to provide
    authentication of users (SSL/TLS)
  • A defined set of certificate authorities are
    trusted to issue identity certificates
  • Focuses on control of static resources accessed
    by a well defined set of users
  • Authorization policy is controlled, administered,
    and enforced at the local resources
  • Grid-mapfile is used to map from identities to
    local authorization entities
  • Designed to control access to computers

6
GSI - Proxy Certificates
  • Motivation
  • Processes need to be able to act on the users
    behalf
  • Do not want to hand out the users private key
  • Want to support single sign-on
  • Proxy certificates derived from the users
    identity certificate
  • New credential
  • Stored locally unencrypted (no pass phrase)
  • Short-lived (12-24hrs)
  • Created by calling grid-proxy-init
  • Used by processes to act on the users behalf

7
Some Existing and Planned Tools
  • Grid Security Infrastructure (GSI and OGSI)
  • myProxy
  • Authorization servers
  • Akenti
  • Community Authorization Service (CAS)
  • Secure Group Communication
  • Existing technologies
  • Kerberos
  • SSL/TLS
  • Simple Authentication Security Layer
  • PGP

8
Pervasive Collaborative Computing Environment
(PCCE) Goals
  • Collaboratory centered around a shared
    computational workflow
  • Support continuous collaboration
  • Target daily tasks and base connectivity
  • Web-based interface available for ease of
    use/installation
  • Collaborative workflow tools
  • Leverage off of existing components when possible
  • Leverage off the Grid services
  • security
  • directory services
  • job submission and tracking
  • Standards-based components

9
(No Transcript)
10
Remote Instrument Access
  • Advanced Light Source LBNL
  • Remotely controllable cameras/videoconferencing
    at the beamline
  • Transmission of machine parameters and settings
    to all participants
  • Control handoff via a token
  • Collaboration communication infrastructure
    integrated into existing control system

11
Collaborative Collaboration Tools
  • Security authentication and authorization
  • single point of login
  • group and individual authorization
  • Communication
  • communicate easily between components
  • scalable to large groups
  • flexible delivery models (e.g. reliability and
    order)
  • Logging ability to record all that occurred in
    a session
  • Events notifications between tools
  • Search capabilities
  • Collaboration context awareness
  • Presence information
Write a Comment
User Comments (0)
About PowerShow.com