leveraging computational grid technologies for building a ... · leveraging computational grid...
TRANSCRIPT
Leveraging Computational GridTechnologies for Building a
Secure and ManageablePower Grid
Himanshu Khurana, Maifi Khan, and Von WelchNCSA, University of Illinois
HICSS 2007, Hawaii
Computational and Power Grids
• Seamless flow of computation• Advanced data and IT resource
management
Computational Grid (C-Grid) Power Grid (P-Grid)
• Seamless flow of power• Rapidly expanding IT infrastructure• Increasing data generation and
consumption• Research questions: can we
leverage C-Grid technologies– Security– Data and resource management
Outline
• Qualitative framework for gauging extent of leverage
• Case Studies– I: Protecting ICCP communications– II: Protecting connected resources from cyber attacks– III: Credentialing for emergency communications
Extent of Leverage
• Conceptual– Inspires approach to solution– E.g., architecture and system design
• System Policy– Policies that capture desirable properties are applicable– E.g., policies for access control, communication systems
• Formats, Algorithms and Protocols– Data formats, processing algorithms, standards are applicable– E.g., XML/Web Services
• Implemented Tools– Developed tools can be used as is
• Hindered in part by legacy P-Grid systems
Data and Resource Security
• Increasing data and IT resources lead to challenges in– Protection and security of data– Protection and security of resources
• Such security– Ensures sensitivity, availability, trustworthiness– Requires policies, mechanisms– Must address cyber attacks, yet provide needed functionality
• Scalable policies and mechanisms requires– Federated approach where organizations agree on
• Identity and access management systems
Case-Study I: Protecting ICCP Communications
• TASE.2/ICCP provides communication between controlcenters– IEC recommends use of TLS to provide security
• TLS requires a Public Key Infrastructure (PKI) and keymanagement– Key compromise can lead to data eavesdropping, modification,
and forging
• Similar requirement in C-Grid– Scientists access clusters from vulnerable desktops
• Solution that can be leveraged– MyProxy credential repository combined with Proxy
Certificates and SSH modifications
Solution Overview and Analysis
• Analysis– Conceptual: design for key management– System policy: policies for protecting keys, integration with communication
channels– Format: Proxy certificate profile and standards
MyProxyserver
Credentialrepository
Retrieve proxy
Store credential
Proxy delegation overprivate TLS channel
MyProxyclient
ICCPclient
ICCPclient
ICCP Traffic
(proxy keys)
Case-Study II: Security Incidence Response
• Trend: Expanding IT infrastructure for P-Grid– High-bandwidth networks, high-performance compute and storage– Spans multiple autonomous domains (ISOs/CAs)
• NERC has taken first steps towards ensuring security– Baseline requirements for intra-domain security
• Imminent future need: security coordinator and process for P-Grid widesecurity– Similar need observed and addressed in C-Grid
• Challenges– Federated nature where organizations share legal and administrative
responsibilities– Complex policy questions; e.g., who informs and responds to incidents?
C-Grid Approach
• Develop Operational SecurityArchitecture– Organizational boundaries and
security perimeters– Tools, technologies, and
mechanisms; e.g., intrusiondetection
– Risk analysis
• Develop Agreements– Baseline operational security
document– Incident handling and response
procedures document
• Develop ImplementationIntegration Plan– Budgets and estimates of staff
and training needs– Timelines– Periodic audit drills– Operational maintenance plan
• Establish a Security Coordinator– Comprises representative
individuals– Specifies the above documents
and obtain agreements– Guide and control changes
• Analysis– Conceptual: drives need and approach– System policy: policies for sharing incident data
Case-Study III: Credentialing for Emergencies
• Motivation– Emergencies can be caused by attacks and failures
• E.g., multiple component failure beyond N-1 reliability design– Timely resolution of emergencies prevents cascading failures
• E.g., August 2003 blackout– Primary requirement: access to relevant information
• Mandated by NERC/DOE report
• Challenges– Develop mechanisms for timely information dissemination– Ensure trustworthiness of information– Enable access control and audit
• Approach– Leverage P-Grid hierarchy and relationships– Leverage C-Grid PKI tools
Approach
• A Credentialing System that ensure timeliness,trustworthiness and access control
– Obtain information via hierarchical data exchange• Leverage Power Grid hierarchy• Use ISOs for information dissemination
– Certify information at ISOs• ISO validates data• ISO signs data
– Distribute information using short lived PKI credentials• Eliminates need to revocation, tools• Leverages existing authentication mechanisms• Utilizes experiences with deployed Computational Grids
Solution
• ISOs obtain “extra” information fromControl Areas on a regular basis– E.g., SCADA data
• ISOs validate, store and protect data– E.g., using state estimators,
databases
• In an “emergency” situation users obtainPKI credentials– E.g., from trusted Certificate
Authorities using passwords
• ISOs allow access to and audit use of“extra” information based on credentials
• Analysis– Formats: PKI tools and standards
Control AreaOperator
(Browser)
TCIP ISO
CertificateAuthority
Database
(Relevant Data)
Obtain credentialsand access datasecurely duringemergencies
PublicData
Web Server
CredentialProtected
Data
Questions?