wiki:GENISecurity-GEC10-status

GSAT Project Status Report

Period: Dec 2010 - March 2011

I. Major accomplishments

The focus of effort in this period was primarily on planning for integration of ABAC technology into two of the control frameworks, as a prototyping and engineering activity to shift GENI from the current hard-coded credentials to the more flexible attributed-based credentials and policies that are possible with ABAC. Stephen Schwab contributed to this planning activity, presented at GEC-10, and wrote-up plans for the on-going effort over the next time period leading up to GEC-11.

A. Milestones achieved

None.

B. Deliverables made

The GENI Security Design Report for spiral 3 (S3.b) was delivered in this period.

II. Description of work performed during last quarter

A. Activities and findings

The main finding is that both ProtoGENI and ORCA control frameworks are now at sufficient points of maturity that they can contemplate doing near-term integration work to shift to the use of ABAC for authorization. However, many of the supporting tools required by users of ABAC (both researchers and resource providers/AMs/control frameworks) will need to be improved and/or developed to support GENI deployment. The ABAC enforcement engine, as developed by ISI, requires only a few selected improvements to make its use feasible in the control frameworks, although once integrated, we may decide that additional enhancements are desirable. The key issue is how expressive or powerful the delegation logic needs to be. RT0, the basic, simplest form of the logic, does not support parameters directly. Other forms of the logic do support parameters -- but we will need to ensure that the support we build in aligns with the needs of the control frameworks.

B. Project participants

The following SPARTA staff are participating in the GSAT project: Stephen Schwab.

C. Publications (individual and organizational)

None.

D. Outreach activities

None.

E. Collaborations

We are continuing our on-going collaborations with Rob Ricci/ProtoGENI, Ted Faber/John Wroclawski/ISI, and Jeff Chase/ORCA. We are also collaborating at an informational level with Andy Bavier/PlanetLab to keep him informed of our work on ABAC, and to check that what we are doing is not fundamentally incompatible with PlanetLab's implementation.

Additional collaborations with Adam Slaggel, the GMOC project, the Hive Mind project, the Enterprise-GENI project, the Million Node GENI/Secure Updates project, and the WiMAX project are on an as-needed and time available basis. These collaborations are information gathering, as well as to build consensus for common GENI security approaches.

F. Other Contributions

None.

Last modified 13 years ago Last modified on 03/31/11 14:11:29