SESEC

1
SESEC

• Storage Element (In)Security
• hepsysman, RAL 0-1 July 2009
• Jens Jensen

2
What is an SE

• Control interface SRM via SOAP via HTTPG
• Information interface GLUE via BDII
• GridFTP

3
Basics

• Using X.509 certificates for AuC
• GSI Globus Security Infrastructure
• HTTPG HTTPS over GSI socket
• GSI adds support for delegation
• Delegation of identity, proxy (cf RFC3820)

4
Basics Data Transfer

• GridFTP FTP with Grid extensions, uses GSI
• Control channel always authenticated and
  encrypted
• Data channel sometimes not authenticated
• Data channel usually not encrypted

5
Basics Data Transfer

• Local protocols
• RFIO and DCAP have secure versions
• DPM uses secure RFIO by default
• dCache uses insecure DCAP by default
• secure xroot?

6
Architecture
User (UI)
Service Discovery
Information Publisher
Database
SRM
Head Node
data transfer
Not secure
Secure
pool to pool transfer (maybe)
Sometimes secure
Disk pool
7
Architecture
User (UI)
A
B
8
Authorisation

• Typically, people are mapped to Unix accounts
• Direct mapping DN?uid,gid
• Pool account mapping DN?uid,gid
• Map by FQAN (sometimes)
• Need consistency SRM, GridFTP, local protocols

9
Authorisation

• GridMap you only map to 1st entry
• New DN needed for second VO
• Unix mapping coarse grained ACL
• (Usually)
• Learn how to set ACLs correctly! (Friday)

10
Higher Security at Higher Level

• See EGEE biomed use cases
• Goes waaaay back to EDG
• Storing keys in Hydra
• Encrypted data in SEs

11
Logging

• Use toolkit for DPM (see Fridays talk)
• SSSCs
• Storage Security Service Challenges
• Get Mingchao to organise one

12
Availability

• Grid is sometimes not very resilient
• DoS attacks possible
• Most likely unintentional
• Cf. banning/unbanning user discussion
• Cf. reporting who-used-all-our-space to VO

13
Accounting

• Less a security issue
• Until people start paying for their allocations
• (cf Alices accounting system)

14
Firewalls

• Cant inspect HTTPS (or G) packets
• SOAPful firewalls proposed
• Not necessarily a good idea?
• PASV available for GridFTP

15
Performance
Root CA
Root CA
Easy public exponents, eg 0x11 or 0x10001
eSc CA
eSc CA
2048 bits only make things slower CA certs MUST
be 2048 though
Host
User
Server validates clients id Client validates
servers
Proxy(ies)
16
Performance

• For SRM, lots of ways to improve performance
• There can be (many) other bottlenecks
• The case for insecurity
• RFIO or DCAP without GSI security
• RFIO using UID for AuC (16 bit)

17
Standards

• are important!
• Certificates X.509, PKIX, IGTF
• SSL/TLS ? GSI
• gLite delegation API
• Standard proxies (or not) RFC 3820

18
What we dont do(that others (sometimes) do
(with storage))

• Access control policies
• Fine grained access control
• SAML
• Normal user access, browser, password,