wiki:GENISecurity-2Q10-status

Version 1 (modified by Stephen Schwab, 9 years ago) (diff)

--

GSAT Project Status Report

Period: Apr 2010 - Jun 2010

I. Major accomplishments

Continued discussions and contributions to the slice-based facility (now slice-based federation) architecture, leading to SFA version 2.0.

A. Milestones achieved

None.

B. Deliverables made

No deliverables in this period.

II. Description of work performed during last quarter

A. Activities and findings

We continue to have discussions and email interactions with a large cross-section of GENI projects, trying to better understand where they are in terms of implementation progress and security needs, and to prepare to summarize the overall state of security issues within the spiral 2 GENI Security Architecture document due out August 15. We are also drawing upon our own experience and information gathered informally from PlanetLab, ProtoGENI/Emulab and ORCA to roll into a best security practices write-up.

Stephen Schwab visited Jeff Chase at Duke in early April to collaborate on changes to the Slice-based Facility Architecture. In particular, we developed a consistent understanding of the set of changes needed to clean up the abstractions in the previous version that were too closely associated with PlanetLab implementation artifacts, and to generalize some concepts related to identity and authorization to allow ORCA’s approach to fit in with the updated Slice-based Facility 2.0 draft. We also believe these changes simplify the presentation of concepts, and are not merely minor changes to the interfaces so that ORCA, as well as ProtoGENI and PlanetLab can be SFA compatible.

Stephen Schwab met with Giridhar Manepali and Larry Lannom at the CNRI offices in April to discuss distributed authorization requirements and architecture in GENI. One of the open questions is how the digital object registry technology developed and operated by CNRI can best be employed in the D&P spirals to demonstrate capabilities supporting short-term and longer-term GENI objectives. One possible role surfaced during these discussions was that of using digital object registries as certificate repositories, especially in the role of attribute certificates that may have varying lifetimes and need to be located and retrieved by many entities distributed across the GENI infrastructure. Such a service would be useful for ABAC specifically, but more generally for storage, updating, and retrieval of a variety of certificate formats and identity, attribute and authorization policy information.

Stephen Schwab attended and spoke at the NSF Federation workshop at Princeton in May 11-12th. The workshop was attended by many GENI control framework developers, GPO representatives (Chip Elliot, Aaron Falk) and participants in the European FIRE project. The focus on Federation naturally led to questions of how best to address security (authentication, authorization, and federated trust management) issues. It also surfaced a clear and under-appreciated difference of opinion regarding the splitting or joint treatment of authorization and resource management. On the one hand, there are Boolean authorization policies (in the security sense) which grant or deny access to specific interfaces or resource types (nodes, link, etc. with characteristics C1, C2, … Cn). On the other hand, there are resource management policies (in the quota or allocation sense) which assign a specific number of, or numerical share of, a resource (total number of nodes, total bandwidth or QoS limits, etc.) Many of the architects from earlier testbed and the initial control framework WG would treat the authorization and resource management issues via separate mechanisms and distinct policies. Others, including the GPO wearing an operational mindset, would prefer a joint treatment whereby a security policy might grant not only the right to use, but a specific numerical limit of how much, in a single policy statement. That differing viewpoints of how best to structure these functions exist is not surprising, but that the different viewpoints had never been publicly shared and the parties involved realized that other’s had a 180-degree opposite idea of how things should work was surprising.

Stephen Schwab attended and spoke at the NSF Archive ’10 workshop on Replayable Experimentation May 25-26th at the University of Utah. This workshop was focused on the needs of information archiving for not only the network testbed community, but also other broad scientific communities including compiler research, physical sciences, and bio-medical/life sciences. It is perhaps not surprising that other fields have great difficulty, not unlike the networking community, in preserving experimental data and experiment descriptions with sufficient semantics and fidelity to enable reuse, replay, or comparison with archived experimental data in the future.

B. Project participants

The following SPARTA staff are participating in the GSAT project: Stephen Schwab, Alefiya Hussain. We may also consult with Sandy Murphy, although her participation is limited by available funding.

C. Publications (individual and organizational)

None.

D. Outreach activities

None.

E. Collaborations

We have been actively collaborating with Rob Ricci/Utah and other members of the projects collaborating under the ProtoGENI cluster umbrella. This collaboration includes periodic bi-weekly status telecons as well as additional frequent email and other interactions with Emulab staff at Utah.

We also have been working closely with John Wroclawski and Ted Faber of USC/ISI under the DETER project (DETER TIED). In particular, we have progressed to integrating Attribute Based Access Control (ABAC) as a basis for prototyping the security abstractions underpinning the DETER Federation implementation.

We have also continued to interact with Larry Peterson and the PlanetLab control framework, as well as had discussions with Ivan Seskar, Max Ott and others collaborating on the ORBIT testbed. Additional email discussions with Jon-Paul Herron and Luke Fowler of the GMOC project at Indiana University have also taken place, to track progress on the Emergency Stop draft.

F. Other Contributions

We have had some email interactions and phone conversations with Giridhar ManePalli of the CNRI Digital Objects Repository project, and plan to review their security-relevant documents and provide guidance on how their technology can fit with, or serve a constructive role, in the GENI control frameworks and overall security architecture.