wiki:GENISecurity-GEC9-status

Version 1 (modified by Stephen Schwab, 13 years ago) (diff)

--

GSAT Project Status Report

Period: July 2010 - Nov 2010

I. Major accomplishments

During this period the project completed the next revision of the GENI Security Architecture Report and posted to the GENI wiki, as well as collaborating with ISI to prepare and present a mini-tutorial/workshop at GEC-8 on the uses of Attribute Based Access Control (ABAC) for authorization and distributed trust management between clients and projects/institutions that manage clients who will access GENI resources, and the control frameworks and aggregate managers that will establish policies to govern use of their GENI resources.

A. Milestones achieved

Completed the GENI Security Architecture Report for Spiral 2.

B. Deliverables made

GENI Security Architecture Report for Spiral 2 (version 0.9)

II. Description of work performed during last quarter

A. Activities and findings

During this period, the main work consisted of working on the revisions to the GENI Security Architecture document, as well as preparing tutorial materials for GEC-8. Stephen Schwab primarily prepared revisions to the Security Architecture, while Alefiya Hussain worked with Ted Faber to prepare and present the ABAC mini-tutorial.

One of the key findings was that the GENI community was not necessarily aware of the previous work done in distributed trust management, nor necessarily able to map from the fully general logics and authorization examples presented in the literature to the specific ways in which GENI and GENI actors might make use of ABAC. Presenting material in a GENI-specific context to illustrate the use and power of this approach seems key to achieving buy-in from GENI participants.

B. Project participants

The following SPARTA staff are participating in the GSAT project: Stephen Schwab, Alefiya Hussain.

C. Publications (individual and organizational)

None.

D. Outreach activities

None.

E. Collaborations

We have been actively collaborating with Rob Ricci/Utah and other members of the projects collaborating under the ProtoGENI cluster umbrella. This collaboration includes periodic bi-weekly status telecons as well as additional frequent email and other interactions with Emulab staff at Utah.

We also have been working closely with John Wroclawski and Ted Faber of USC/ISI under the DETER project (DETER TIED). In particular, we have progressed to integrating Attribute Based Access Control (ABAC) as a basis for prototyping the security abstractions underpinning the DETER Federation implementation.

We have continued to participate in OMIS calls reviewing security policy documents for GENI as prepared by Adam Slagell.

F. Other Contributions

None.