'''Project Number''' 1632 '''Project Title''' GENI Security Architecture Toolkit [[BR]] a.k.a. SECARCH '''Technical Contacts''' PI: Stephen Schwab stephen.schwab@sparta.com (located in Columbia, MD SPARTA office) [[BR]] Alefiya Hussain alefiya.hussain@sparta.com (located in El Segundo, CA SPARTA office) [[BR]] Former Project Member: Jim Horning (located in Palo Alto SPARTA office)[[BR]] '''Participating Organizations''' [http://www.sparta.com SPARTA][[BR]] '''Scope''' This effort will define a GENI Security Architecture, in support of the broad goals for GENI Spirals 1-3, including (a) working with teams prototyping multiple control frameworks and (b) demonstrating end-to-end slicing across a range of technologies, including Ethernet VLANs as an initial universal service offered by GENI. By interacting continuously with testbed prototyping efforts, we will jointly refine the security requirements, reflect those requirements within the security architecture, and validate through feedback gleaned from our collaborator’s rapid deployment cycles that our security architecture concepts are indeed aligned and addressing the needs of the GENI testbed community. Task 1. Develop security designs for each of the three major integration spirals, working in close collaboration with the funded projects for each spiral. Also work with the GENI operations team (one of the funded projects) and the GPO on designs for sharing operational, measurement, and end-user data between projects in a way that fits into the overall security design for the spiral. Task 2. Collaborate with the GENI control framework architects, the GPO, and other interested GENI participants (such as campus CIOs) to develop a security architecture for GENI. Task 3. Through activities in appropriate GENI working groups, produce draft GENI Security Architecture and Policy documents that encompass the longer-term GENI design that the GENI Community expects to put in place after the first 3 spiral integrations are complete. == Milestones == === Spiral 1 === * [[MilestoneDate(SECARCH: S1.a Draft Security Design Report)]] * [[MilestoneDate(SECARCH: S1.b Security Contributions to GMOC documents)]] * [[MilestoneDate(SECARCH: S1.c Revised Security Design Report)]] === Spiral 2 === * [[MilestoneDate(SECARCH: S2.a draft S2 Security Design report)]] * [[MilestoneDate(SECARCH: S2.b Release Spiral 2 Security Design Report)]] * [[MilestoneDate(SECARCH: S2.c Produce draft detailed outline of revised Spiral 2 Security Design Report)]] * [[MilestoneDate(SECARCH: S2.d Release revised Spiral 2 Security Design Report)]] * [[MilestoneDate(SECARCH: S2.e Review GMOC design documents and contribute to security designs for GMOC Spiral 2)]] '''Project Technical Documents''' [http://groups.geni.net/geni/attachment/wiki/GENISecurity/GDD-06-23.pdf A useful GENI Planning Group Security document] (for reference only). [http://groups.geni.net/geni/attachment/wiki/GENISecurity/GENI-SEC-ARCH-0.4.pdf Spiral 1 Draft Security Design Report] Comments and feedback eagerly solicited. Please send comments to stephen.schwab@sparta.com. [http://groups.geni.net/geni/attachment/wiki/GENISecurity/GENI-SEC-ARCH-Draft-spiral2-0.9.doc Spiral 2 Draft Security Design Report] Comments and feedback eagerly solicited. Please send comments to stephen.schwab@sparta.com. [http://groups.geni.net/geni/attachment/wiki/GENISecurity/GENI-Spiral3-Security-Design-Report.doc Spiral 3 Draft Security Design Report] [attachment:"Security-BestPractices-DRAFT-0.2-1.doc" DRAFT Security Best Practices. To be reviewed by the community] [attachment:"experimenters-code-of-ethics-draft-0.9.pdf" DRAFT Experimenters Code of Ethics] === Spiral 3 === [[MilestoneDate(SECARCH: S3.a Draft Spiral 3 Security Design Reports)]] [[BR]] [[MilestoneDate(SECARCH: S3.b Release Spiral 3 Security Design Report (GEC9 based))]] [[BR]] [[MilestoneDate(SECARCH: S3.c Draft Spiral 3 Security Design Reports (GEC10 based))]] [[BR]] [[MilestoneDate(SECARCH: S3.d Release Spiral 3 Security Design Report (GEC11 based))]] [[BR]] [[MilestoneDate(SECARCH: S3.e Review GMOC design documents and contribute to security designs for GMOC Spiral 3)]] [[BR]] = Quarterly Status Reports = * [wiki:GENISecurity-4Q08-status 4Q08 Status Report] * [wiki:GENISecurity-1Q09-status 1Q09 Status Report] * [wiki:GENISecurity-2Q09-status 2Q09 Status Report] * [wiki:GENISecurity-4Q09-status 4Q09 Status Report] * [wiki:GENISecurity-1Q10-status 1Q10 Status Report] * [wiki:GENISecurity-2Q10-status 2Q10 Status Report] * [wiki:GENISecurity-GEC9-status GEC9 2010 Status Report] * [wiki:GENISecurity-GEC10-status GEC10 2010 Status Report] '''Spiral 1 Connectivity''' There are no special connectivity requirements for this project. The PI already has sufficient IP access to all projects from his office (Rosslyn, VA) and home. The security staff on this project will need accounts with all control frameworks and the GMOC in order to familiiarize themselves with details of using these frameworks. The PI may also need access to the virtual ethernet configuration/control interfaces, if they are not controlled directly by the clearinghouses in the first prototypes. The PI already has access to Emulab and PlanetLab. '''GPO Liaison System Engineer''' Heidi Picher Dempsey hdempsey@geni.net '''Related Projects''' none listed currently