Changes between Version 1 and Version 2 of GENISecurity-4Q09-status


Ignore:
Timestamp:
08/28/10 15:45:39 (14 years ago)
Author:
Stephen Schwab
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • GENISecurity-4Q09-status

    v1 v2  
    3535=== E. Collaborations ===
    3636Jim Griffioen of the INSTOOLS project described challenges with authentication inside a GENI slice in discussions with Stephen Schwab at GEC-6. The central problem is that ssh keys for individual researchers must be loaded into nodes within a slice if the INSTOOL software is required to authenticate between a node and other nodes, elements of  the GENI components (via GENI APIs) or to special features of the substrate used by the measurement system. This is a fundamentally undesirable arrangement, since the private keying material (of the public-private key pair) becomes vulnerable merely by being loaded into a node that is inside the slice. We discussed possible alternate security architectures, including the possibility of using ABAC distributed authorization techniques to avoid using experimenters individual ssh keys.
     37
    3738We also continue to collaborate with several of the control framework efforts, including DETER TIED (John Wroclawski/Ted Faber), ProtoGENI (Rob Ricci), and PlanetLab (Larry Peterson, Soner Sevinc, Andy Bavier.)
    3839