trust and security for next generation grids, grid security requirements philippe massonet et al...
TRANSCRIPT
Trust and Security for Next Generation Grids, www.gridtrust.eu
Grid Security RequirementsGrid Security Requirements
Philippe Massonet et al
CETIC
OGF-25-Presentation
Catania, 02-06/03/2009
Trust and Security for Next Generation Grids, www.gridtrust.eu
PlanPlan
• Secure virtual organisations: need for security policies Secure virtual organisations: need for security policies Multi level policy enforcement points VO and computational level policies for secure virtual organisations Introduction to usage control Introduction to the GridTrust framework
• Introduction security requirements engineeringIntroduction security requirements engineering Requirements engineering Security requirements Security policies
• Proposed Methodology for Grid security requirementsProposed Methodology for Grid security requirements Modeliing of security requirements, VO meta model Reuse of security patterns Library of Patterns Generation of XACML and Polpa security policies
• Tool supportTool support VO editor Security pattern library and reuse process Policy generation support Open source version
Trust and Security for Next Generation Grids, www.gridtrust.eu
Trust in Dynamic Virtual Trust in Dynamic Virtual OrganisationsOrganisations
““Since VOs are based on sharing information and knowledge, Since VOs are based on sharing information and knowledge, there must be a high amount of trust among the partners. there must be a high amount of trust among the partners. Especially since each partner contribute with Especially since each partner contribute with their core their core competenciescompetencies””
Threats:• Bad service (contract not respected)• Attacks – loss of information• Attacks – disruption of service• Vulnerability to attacks (low level of security at one of the partners)• …
How do you maintain Trust and Security properties in dynamic VO?Need for Trust and security mechanisms
1 54
3
2
Services
3’
Dynamic
Dynamic
6
Collaboration
Trust and Security for Next Generation Grids, www.gridtrust.eu
Secure VO Lifecycle Secure VO Lifecycle ManagementManagement
• VO = set of users that pool resources in order to achieve VO = set of users that pool resources in order to achieve common goals - Rules governing the sharing of the common goals - Rules governing the sharing of the resourcesresources
• Trust and security policies are derived following the goals of Trust and security policies are derived following the goals of the VO and rules for sharing resourcesthe VO and rules for sharing resources
discovery of potential
trustworthy partners
establishment of security policies, following governing
rules
monitoringEnforcing policies
Maintenance of reputation
membership and policy adaptation
termination of trust relationships
maintenance of reputation
Trust and Security for Next Generation Grids, www.gridtrust.eu
Security at Different Levels in Grid Security at Different Levels in Grid
• VOVO
• ServiceService
• ComputationalComputational
GRID Service
Middleware Layer
GRID Application
Layer
GRID Foundation Middleware
Layer
Network Operating
System
NGG Architecture
Trust and Security for Next Generation Grids, www.gridtrust.eu
Trust and Security Issues in Service based Trust and Security Issues in Service based GridsGrids
Res. Res.
Service Provider
(SP)
Service Requesto
r (SR)
VO
Service Request
Shared resource
s
Infrastructure Provider (IP)
Service Instance
Can I trust the SR and SP?
Is SP using my resources with malicious
intent?
Is the selected IP secure?
Trust and Security for Next Generation Grids, www.gridtrust.eu
General ArchitectureGeneral Architecture
PPMService
SRBService
VBEService
TRSService
Globus
Service Providers
C-UCONServiceVO
Manager
Enforcer
VO
Trust and Security for Next Generation Grids, www.gridtrust.eu
From Access Control to Usage ControlFrom Access Control to Usage Control
Before usageBefore usage
Pre decisionPre decision
OngoingOngoing usageusage After usageAfter usage
Ongoing updateOngoing update Post updatePost update
Mutability of attributesMutability of attributes
Ongoing decisionOngoing decision
Continuity of decisionContinuity of decision
TimeTime
Pre updatePre update
Usage Decision still valid ?Usage Decision still valid ?
Can you revoke access ?Can you revoke access ?
Trust and Security for Next Generation Grids, www.gridtrust.eu
Usage Control ServicesUsage Control Services
• Monitor the actions executed on behalf of the grid Monitor the actions executed on behalf of the grid users and enforce a UCON security policyusers and enforce a UCON security policy Computational level (C-UCON)
The policy consists of a highly detailed description of the correct behaviour of the application being executed
Only the applications whose behaviour is consistent with the security policy are executed on the computational resource
VO level (Enforcer) Policy evaluation point that support UCON
policies
• The usage control service will be integrated into The usage control service will be integrated into the Globus middlewarethe Globus middleware
GRID Service
Middleware Layer
GRID Foundation Middleware
Layer
WP3/WP4
Trust and Security for Next Generation Grids, www.gridtrust.eu
Secure Resource Broker ServiceSecure Resource Broker Service
• Integrate access control with Integrate access control with resource/service schedulingresource/service scheduling
• Both resource owners and VO define their Both resource owners and VO define their resource access and usage policiesresource access and usage policies
The resource broker schedules a user request only within the set of resources whose policies match the user credentials (and vice-versa)
• Scalability and efficiencyScalability and efficiency
• It will be integrated into the Globus It will be integrated into the Globus middlewaremiddleware
GRID Service
Middleware Layer
GRID Foundation Middleware
Layer
WP3/WP4
Trust and Security for Next Generation Grids, www.gridtrust.eu
Trust and Reputation ServiceTrust and Reputation Service
• Collect, distribute and aggregate feedbacks about Collect, distribute and aggregate feedbacks about entities' behaviour in a particular context in order entities' behaviour in a particular context in order to produce a rating about the entitiesto produce a rating about the entities
Entities could be either users, resources/ services, service providers or VOs
• The reputation service is based on ideas of utility The reputation service is based on ideas of utility computingcomputing
• Can be used in both centralised and distributed Can be used in both centralised and distributed settings settings
• The reputation service will be also integrated into The reputation service will be also integrated into the Globus middlewarethe Globus middleware
GRID Service
Middleware Layer
WP2/WP4
Trust and Security for Next Generation Grids, www.gridtrust.eu
VBE: Virtual Breeding Environment ServiceVBE: Virtual Breeding Environment Service
• It manages the Virtual Breeding It manages the Virtual Breeding Environment composed of users and Environment composed of users and service providers (user, service provider service providers (user, service provider registration, certificate management, registration, certificate management, etc.)etc.)
Trust and Security for Next Generation Grids, www.gridtrust.eu
PPM: Profile and Policy Management ServicePPM: Profile and Policy Management Service
• The policy and profile management The policy and profile management service is a database service that keeps service is a database service that keeps information about security policies of all information about security policies of all the entities of the system.the entities of the system.
• Support several types of querySupport several types of queryService ID, Type, Name, attribute (OS,
Memory, CPU type, Library, Certificate)
Trust and Security for Next Generation Grids, www.gridtrust.eu
VO LibraryVO Library
• To be used by the VO Manager to use and interface To be used by the VO Manager to use and interface with GridTrust serviceswith GridTrust services
• Offers a full set of functionalities to manage VO life Offers a full set of functionalities to manage VO life cycle (Creation, Termination,…)cycle (Creation, Termination,…)
• Manage access at communication and Manage access at communication and authentication level from applications to GridTrust authentication level from applications to GridTrust Services.Services.
• Hides complexity of certificates management Hides complexity of certificates management between users and GridTrust CAbetween users and GridTrust CA
Trust and Security for Next Generation Grids, www.gridtrust.eu
GridTrust Framework - ComponentsGridTrust Framework - Components
service providers
users
PKI
GridTrust Services• TRS• VBE• SRB• PPM
C-UCON
ENFORCER VO Library
Trust and Security for Next Generation Grids, www.gridtrust.eu
Secure VO Lifecycle: FormationSecure VO Lifecycle: Formation
VBE Manager
PKI
TRS
PPM
SRB
C-UCON
VO
VO Manager
Trust and Security for Next Generation Grids, www.gridtrust.eu
Secure VO Lifecycle: Secure VO Lifecycle: VO OperationVO Operation
Application
VO
ENFORCER
Virtual BreedingVirtual BreedingEnvironmentEnvironment
TRS
Policy: Service1 ; Service2
VO user
Service1
Service3
Service2Service2
Denied
Service1
Done
Service2
Trust and Security for Next Generation Grids, www.gridtrust.eu
What is RE about? What is RE about?
goalsgoalsWHY?WHY?
WHAT?WHAT?
operationalizationoperationalization
requirements,requirements,assumptionsassumptions
domaindomainknowledgeknowledge
Trust and Security for Next Generation Grids, www.gridtrust.eu
What is RE about? What is RE about?
goalsgoalsWHY?WHY?
WHAT?WHAT?
WHO?WHO?
operationalizationoperationalization
responsibilityresponsibilityassignmentassignment
requirements,requirements,assumptionsassumptions
domaindomainknowledgeknowledge
Trust and Security for Next Generation Grids, www.gridtrust.eu
WHAT are goals ?WHAT are goals ?
• objectivesobjectives to be achieved by to be achieved by systemsystem
statements of intent
system":
software + environment
current system, system-to-be
Trust and Security for Next Generation Grids, www.gridtrust.eu
WHAT are goals ?WHAT are goals ?
• different types of concerndifferent types of concern
functional goals
non-functional goalssecurity, safety, accuracy, performance, cost usability, adaptability, ...
Trust and Security for Next Generation Grids, www.gridtrust.eu
Modeling goals: types Modeling goals: types && taxonomies taxonomies
goals
functional
satisfaction information security
non-functional
accuracy
confidentiality
... performance
integrity
usability
time space... ...
... ...
Functional vs. non-functional goals
Trust and Security for Next Generation Grids, www.gridtrust.eu
Modeling goals: types Modeling goals: types && taxonomies taxonomies
Soft Soft vs.vs. hard goals hard goals
• soft goals: achievement cannot be established in clear-cut sensesoft goals: achievement cannot be established in clear-cut sense
goal satisficing, qualitative reasoninggoal satisficing, qualitative reasoning
• (hard) goals: achievement can be verified(hard) goals: achievement can be verified
goal satisfaction, formal reasoning goal satisfaction, formal reasoning
Trust and Security for Next Generation Grids, www.gridtrust.eu
Modeling goals: types Modeling goals: types && taxonomies taxonomies
Types of behavior prescribed Types of behavior prescribed
• AchieveAchieve goals: goals: generategenerate behaviors behaviors C T
e.g. Achieve [DataTransferredSecurily]
• MaintainMaintain / Avoid goals: / Avoid goals: restrictrestrict behaviors behaviors
C T , C ¬ T
e.g. Avoid [DataReadWithoutAuthorization]
Maintain [ConfidentialDataEncrypted]
• OptimizeOptimize goals: goals: comparecompare behaviors behaviors
Trust and Security for Next Generation Grids, www.gridtrust.eu
Modeling goals: goal attributesModeling goals: goal attributes
• capture intrinsic goal featurescapture intrinsic goal features
name DataAccessibleToAuthorizedUsers
Definition data must only be accessible to users who have been authorized
priority mandatory, very high, high , …, low ...
Trust and Security for Next Generation Grids, www.gridtrust.eu
Main Objectives of Trust and Security Main Objectives of Trust and Security Policy EngineeringPolicy Engineering
• Help analysts/users express security Help analysts/users express security requirements for their Grid applicationsrequirements for their Grid applicationsBased on library of verified security
requirement patterns• Help users/analysts derive high-level trust Help users/analysts derive high-level trust
and security policiesand security policiesIn UCON/PolpaIn XACMLIn event-B
• Help users/analysts refine policies into Help users/analysts refine policies into operational policies that can be deployedoperational policies that can be deployed
Trust and Security for Next Generation Grids, www.gridtrust.eu
Refinement of Trust and Security Refinement of Trust and Security Goals into Requirements and PoliciesGoals into Requirements and Policies
Trust and Security Patterns
Usage Control Patterns
Abstract Policies
Refinement
Trust and Security for Next Generation Grids, www.gridtrust.eu
Library of PatternsLibrary of Patterns
• From Business Requirements to abstract policiesFrom Business Requirements to abstract policiesCovering Different property classes: Confidentiality,
Integrity, Availability, Delegation but also others such as Usage limitation, Accounting, …
Ex: confidentiality and authorizations dynamic chineese wall
• Patterns Expressed in terms of VO meta-modelPatterns Expressed in terms of VO meta-modelGoals, Goal refinements, Services, Service
compositions, Subjects, Objects
Trust and Security for Next Generation Grids, www.gridtrust.eu
Main Objectives of LibraryMain Objectives of Library
• Help users express security requirements for their Grid Help users express security requirements for their Grid applicationsapplications Confidentiality, Authorization, Privacy, Availability, Usage
limitation, Delegation but also others such as Integrity, Usage limitation,
Accounting, …• Help users express self-organisation and self-protection Help users express self-organisation and self-protection
(not done yet)(not done yet)• Covering the GridTrust ServicesCovering the GridTrust Services
Computational UCON, Service UCON, Secure Broker, Reputation
• Patterns Expressed in terms of VO meta-modelPatterns Expressed in terms of VO meta-model Goals, Goal refinements, Services, Service compositions,
Subjects, Objects • Library is embedded in requirements/policy tool Library is embedded in requirements/policy tool
Trust and Security for Next Generation Grids, www.gridtrust.eu
Patterns for Trust and SecurityPatterns for Trust and Security
Authorization
Confidentiality
Privacy
Confidentiality of the content of a communication
Confidentiality of communication occurrence
Confidentiality of identity of sender and receiver
Integrity
Availability
Trust
Delegation
ChineseWall
(( ))
Trust and Security for Next Generation Grids, www.gridtrust.eu
Usage Control PatternsUsage Control Patterns
Object/Subject Mutable Attribute Update
Pre-update
Ongoing-update
Post-update
Authorization
Pre-authorization
Ongoing-authorization
Post-authorization
Conditions
Pre-condition
Ongoing-condition
Obligations
Pre-obligation
Ongoing-obligation
Actions
Actions
Trust and Security for Next Generation Grids, www.gridtrust.eu
Example: Managing Conflicts of Example: Managing Conflicts of Interest in Interest in
Virtual OrganisationsVirtual Organisations
Conflict of Interest
Collaborates on
Collaborates onAllo
cate
d t
o
Ow
ned B
y
Trust and Security for Next Generation Grids, www.gridtrust.eu
Example: The Chinese WallExample: The Chinese Wall
• Based on the notion of conflict of interest classBased on the notion of conflict of interest class
• Need a historyNeed a history
Client 1
Resource 1Resource 2
Client 2
Resource 3Resource 4
Conflict of interest class
access
Trust and Security for Next Generation Grids, www.gridtrust.eu
Chinese Wall Goal Ref. PatternChinese Wall Goal Ref. Pattern
Avoid Conflict Of Interest
Chinese WallAutorized Cases
Access Autorized Whithin Other Conflict Set
Access Autorized Whithin Same Company
Access
PolicyPreAuth: hasAccessed(u,r)
differentConflictSet (r,r’) PolicyPreAuth: hasAccessed(u,r) sameOrganisation(r,r’)
Post-condition: hasAccessed(u,r’)
( r : Resource; u : User, r’ : Resource) hasAccessed(u,r) sameOrganisation(r,r’) (hasAccessed(u,r’)
(r : Resource; u : User, r’ : Resource) hasAccessed(u,r) differentConflictSet (r,r’) (hasAccessed(u,r’)
(u : User; r,r’ : Resource) hasAccessed(u,r) sameOrganisation(r,r’)
differentConflictSet (r,r’)
( u:User; r,r’ :Resource)
hasAccessed(u,r) hasAccessed(u,r’) (sameOrganisation(r,r’) differentConflictSet(r,r’))
Trust and Security for Next Generation Grids, www.gridtrust.eu
Chinese Wall Requirements PatternChinese Wall Requirements Pattern
•The pattern has been The pattern has been checked using alloy toolchecked using alloy tool
•It is complete and It is complete and consistent consistent
Increase the confidence Increase the confidence in this patternin this pattern
Trust and Security for Next Generation Grids, www.gridtrust.eu
own
differentConflictSet
Specialisation/instatiation of the Specialisation/instatiation of the patternpattern
Organisation Resource
ServiceUser
Access
PolicyPreAuth: hasAccessed(u,r)
differentConflictSet (r,r’) PolicyPreAuth: hasAccessed(u,r) sameOrganisation(r,r’)
PolicyPreAuth: hasAccessed(pe,dci)
NotInCompetition (dci,dci’) PolicyPreAuth: hasAccessed(pe,dci) aboutSameProject(dci,dci’)
NotInCompetition
PublisherEmployee
ClientCompany DigitalContentInfo
Publishing
Domain
Final Chinese Wall Security Policy Final Chinese Wall Security Policy in Polpain Polpa
gvar[1]:=0. gvar[2]:=0.gvar[1]:=0. gvar[2]:=0.
([eq(gvar[2],0),eq(x1,”/home/paolo/SetA/*”),eq(x2,READ)].open(x1,x2,x3).lvar[1]:= ([eq(gvar[2],0),eq(x1,”/home/paolo/SetA/*”),eq(x2,READ)].open(x1,x2,x3).lvar[1]:= x3.gvar[1]:= 1.x3.gvar[1]:= 1.
i([eq(x1,lvar[1])].i([eq(x1,lvar[1])].readread(x1,x2,x3)).(x1,x2,x3)).[eq(x1,lvar[1])].close(x1,x2)[eq(x1,lvar[1])].close(x1,x2)))
ParPar
([eq(gvar[1],0),eq(x1,”/home/paolo/SetB/*”),eq(x1,READ)].open(x1,x2,x3).lvar[1]:= ([eq(gvar[1],0),eq(x1,”/home/paolo/SetB/*”),eq(x1,READ)].open(x1,x2,x3).lvar[1]:= x3.gvar[2]:=1.x3.gvar[2]:=1.
i([eq(x1,lvar[1])].i([eq(x1,lvar[1])].readread(x1,x2,x3)).(x1,x2,x3)).[eq(x1,lvar[1])].close(x1,x2)[eq(x1,lvar[1])].close(x1,x2)))
Usage Control Policy Language
History of System Calls
Trust and Security for Next Generation Grids, www.gridtrust.eu
Reuse MethodologyReuse Methodology
Security patternsSecurity patterns
Trust patternsTrust patterns
Usage controlUsage control Patterns Patterns
SpecialiseSpecialise InstantiateInstantiate
ProblemProblem
SpecificationSpecification
SubjectSubjectTaxonomyTaxonomy
ResourceResourceTaxonomyTaxonomy
Trust and Security for Next Generation Grids, www.gridtrust.eu
Policy Engineering: From Security Policy Engineering: From Security and Trust Requirements to Policiesand Trust Requirements to Policies
• Target Policy languages SelectedTarget Policy languages SelectedUCON/Polpa (powerful usage control policy
language)XACML (OASIS standard)Event-B (formal policy refinement)
• Two derivation approaches investigatedTwo derivation approaches investigatedPattern instantiation
Instantiate pattern (not general translation) composition of patterns is open issue
Full (or partial) translation Sometimes difficult because of underlying semantics
Trust and Security for Next Generation Grids, www.gridtrust.eu
UCON/Polpa: Pattern Instantiation UCON/Polpa: Pattern Instantiation ApproachApproach
Example: PreA0 UCON Model (Pre-Auth without update)Example: PreA0 UCON Model (Pre-Auth without update)
Requirement patternRequirement pattern
permitaccesspermitaccess((ss, , oo, , rr) → ) → ( (tryaccesstryaccess((ss, , oo, , rr) ∧) ∧((pp1 ∧1 ∧ ・・・・ ・・∧ ∧ pipi))))
UCON/Polpa policy patternUCON/Polpa policy patterntryaccess(s, o, r).tryaccess(s, o, r).pA(s, o, r).pA(s, o, r).permitaccess(s, o, r).permitaccess(s, o, r).endaccess(s, o, r)endaccess(s, o, r)
Instantiated requirementInstantiated requirement
permitaccesspermitaccess((editoreditor, , contentcontent, , writewrite) → ) → ( (tryaccesstryaccess((editoreditor, , contentcontent, , writewrite) ∧) ∧currentState=“edition”currentState=“edition” ) )
Instantiated Instantiated
by analystby analyst
Instantiated UCON/PolpaInstantiated UCON/Polpatryaccess(tryaccess(editoreditor, , contentcontent, , writewrite).).[eq([eq(currentStatecurrentState, “, “editionedition”)].”)].permitaccess(permitaccess(editoreditor, , contentcontent, , writewrite).).endaccess(endaccess(editoreditor, , contentcontent, , writerwriter))
Instantiated by Instantiated by substitutionsubstitution
(s=editor), … (s=editor), …
SatifiesSatifies
LibraryLibrary
Trust and Security for Next Generation Grids, www.gridtrust.eu
Event-B: Partial Translation ApproachEvent-B: Partial Translation Approach
• Semantic issue Between KAOS and Event-BSemantic issue Between KAOS and Event-B Requirements have progress properties (temporal logic) B is safety oriented, no notion of obligations (no notion of time)
• ApproachApproach We have developed syntactic extension to Event-B to model
the notion of obligation throughout the use of triggers The obligation imposed by a trigger is interpreted as a
constraint on when other events can be permitted• Our motivation is to link KAOS requirements with Event-B Our motivation is to link KAOS requirements with Event-B
specificationsspecifications Triggered events as presented here are suitable for modelling
the KAOS achieve pattern We are investigating the representation of other modalities as
events, so that we can model other KAOS patterns such as maintain and cease
PaperPaper: : Towards Modelling Obligations in Event-Towards Modelling Obligations in Event-B, LNCS, Abstract State Machines, B and Z, B, LNCS, Abstract State Machines, B and Z, First International Conference, ABZ 2008, First International Conference, ABZ 2008, London, UK, September 16-18, 2008. London, UK, September 16-18, 2008. Proceedings Proceedings
Trust and Security for Next Generation Grids, www.gridtrust.eu
Current Status of Tool SupportCurrent Status of Tool Support
RequirementsRequirements
PoliciesPolicies
• AchievementsAchievementsVO requirements editor
Goal meta-model
VO meta-model
Library of trust and security patterns
Add / Reuse pattern
Taxonomy
• In progressIn progressFrom requirements to
Policies
Trust and Security for Next Generation Grids, www.gridtrust.eu
Goal and VO Metamodel : brief Goal and VO Metamodel : brief overviewoverview
• Two main partsTwo main partsGoals and Requirements
Objectives : Goals, Requirement, Expectation, Softgoal,…
Their relations : refinement, operationalization, …
Obstacles and threats
VO VO, Organization, Resources, services, …
Their relations : owns, aims, …
Trust and Security for Next Generation Grids, www.gridtrust.eu
Goal-oriented VO meta-modelGoal-oriented VO meta-model
Objective ObstacleObstruction
Threat
Virtual OrganisationOrganisation
Service Workflow
Resource
User
Aims
Member
Manage
Manage
Provide/Use
Uses
Uses
Manage
Refine
Goal and ThreatMeta-Model
VO Meta- Model
Policy
Refine
Trust and Security for Next Generation Grids, www.gridtrust.eu
Eclipse platformEclipse platform
General Tool ArchitectureGeneral Tool Architecture
EMFTEMFTGMFGMF
EMFEMFOCLOCL ……GEFGEF
GridTrust Plug-inGridTrust Plug-in
MetamodelMetamodel
GoalGoal
MappingMapping
Graphical definitionGraphical definition
Pattern libraryPattern library
Trust and Security for Next Generation Grids, www.gridtrust.eu
Architecture motivationArchitecture motivation
• Based on eclipseBased on eclipseEasy to integrate with other toolsLot of reusable APIVery popular in private companiesEasy to integrate with other framework (g-
eclipse)
• Based on an EMF metamodelBased on an EMF metamodelOCL for queryModel transformationStandard framework
Trust and Security for Next Generation Grids, www.gridtrust.eu
Translation Technology: Model based Translation Technology: Model based TransformationTransformation
• Translation technology selectedTranslation technology selectedM2M/ATL (ATLAS Transformation Language)
is a model transformation language: produce a set of target models from a set of source models
Uses OCL to define transformation rules• WhyWhy
Supports (formal) model transformation (Model+assertions)
Based on meta-model approachCan be integrated with Eclipse
Trust and Security for Next Generation Grids, www.gridtrust.eu
M2M general pictureM2M general picture
Source metamodel
conformsTo
Target metamodel
conformsTo
Source model Target model
Metametamodel (ECORE)
conformsTo
conformsTo
conformsTo
Source2Target
Trust and Security for Next Generation Grids, www.gridtrust.eu
Tool Support for PolpaTool Support for Polpa
GridTrust Editor GridTrust Editor (Eclipse/GMF, EMF, GEF)(Eclipse/GMF, EMF, GEF)
Req MMReq MM Polpa MMPolpa MM
Req2PolpaReq2Polpa
Temporal Logic Syntax Editor Temporal Logic Syntax Editor (Eclipse/TEF)(Eclipse/TEF)
Polpa Syntax Editor Polpa Syntax Editor (Eclipse/TEF)(Eclipse/TEF)
Trust and Security for Next Generation Grids, www.gridtrust.eu
GridTrust Framework: Tools and Policy-based Services
GRID Service
Middleware Layer
NGG Architecture
GRID Application
Layer
GRID Foundation Middleware
Layer
Network Operating
System
Trust and SecurityGoals Self-* …
Dynamic VO
…
Reputation Mgtservice
VO Mngt
…Resources
VO Members
Services
Computational usage control +TM Fine grained
Continuous
OGSAcompliant
Secure res. broker
Usage Cont. service
Secure VO Req Editor
UsageControl Policies
VO-level Policies
VO Model and Refinement
Tool
2. Local
Policies
1. Global Policies
Trust and Security for Next Generation Grids, www.gridtrust.eu
ConclusionsConclusions
• Security Requiments MethodologySecurity Requiments MethodologyFrom objectives to requirements via refinementFrom security requirements to security policies
Pattern based translation
XACML and Polpa (usage control policy language)
• Eclipse-based Tool Support Eclipse-based Tool Support Editor Generation of partial security policies
• Linked to the GridTrust frameworkLinked to the GridTrust framework
• Open source will be available on Source Forge: Open source will be available on Source Forge: http://sourceforge.net/projects/gridtrust/http://sourceforge.net/projects/gridtrust/