SlideShare a Scribd company logo

Vulnerability Assessment for EGI and EMI - Presentation for NATO-OTAN 2013

Manuel Brugnoli, profile picture
Manuel Brugnoli

This document discusses vulnerability assessments that have been performed on various middleware systems including: - ARGUS 1.2 authorization service with 0 vulnerabilities found in 42KLOC of Java and C code. - VOMS Core with 1 vulnerability found in 161KLOC of code written in Bourne Shell, C++, and C. - WMS workload management system with 0 vulnerabilities found after assessing 728KLOC written in several languages. - CREAM computing resource management system with 4 vulnerabilities found in 216KLOC of code.

Technology
Related topics:
Information Security Vulnerability Assessment Computer Security
1 of 26
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Vulnerability Assessment for EGI and EMIand EMI Elisa Heymanny Manuel Brugnoli Computer Architecture and Operating Systems Department Universitat Autònoma de BarcelonaUniversitat Autònoma de Barcelona Elisa.Heymann@uab.es Manuel Brugnoli@caos uab es 1 This research funded in part by Department of Homeland Security grant FA8750-10-2-0030 (funded through AFRL). Past funding has been provided by NATO grant CLG 983049, National Science Foundation grant OCI-0844219, the National Science Foundation under contract with San Diego Supercomputing Center, and National Science Foundation grants CNS-0627501 and CNS-0716460. Manuel.Brugnoli@caos.uab.es
Who we areWho we are Elisa Heymann Eduardo Cesar Bart Miller Jim Kupsch Eduardo Cesar Jairo Serrano Manuel Brugnoli Jim Kupsch Karl Mazurak Daniel Crowell Manuel BrugnoliDaniel Crowell Wenbin Fang Henry Abbeyy y Salini Kowsalya http://www cs wisc edu/mist/ 2 http://www.cs.wisc.edu/mist/
What do we do • Assess Middleware: Make cloud/grid software more secure • Train: We teach tutorials for users developersTrain: We teach tutorials for users, developers, sys admins, and managers • Research: Make in-depth assessments more automated and improve quality of automatedp q y code analysis http://www.cs.wisc.edu/mist/papers/VAshort.pdf 3
Our experience Condor, University of Wisconsin Batch queuing workload management system 15 vulnerabilities 600 KLOC of C and C++ SRB, SDSC Storage Resource Broker - data grid 5 vulnerabilities 280 KLOC of C MyProxy, NCSA Credential Management System 5 vulnerabilities 25 KLOC of C glExec, Nikhef Identity mapping service 5 vulnerabilities 48 KLOC of C Gratia Condor Probe, FNAL and Open Science Grid Feeds Condor Usage into Gratia Accounting System 3 vulnerabilities 1.7 KLOC of Perl and Bash Condor Quill, University of Wisconsin DBMS Storage of Condor Operational and Historical Data 6 vulnerabilities 7.9 KLOC of C and C++ 4
Our experience Wireshark, wireshark.org Network Protocol Analyzer 2 vulnerabilities 2400 KLOC of C2 vulnerabilities 2400 KLOC of C Condor Privilege Separation, Univ. of Wisconsin Restricted Identity Switching Module 22 vulnerabilities 21 KLOC of C and C++ VOMS Admin, INFN Web management interface to VOMS dataWeb management interface to VOMS data 4 vulnerabilities 35 KLOC of Java and PHP CrossBroker, Universitat Autònoma de Barcelona R M f P ll l & I t ti A li tiResource Mgr for Parallel & Interactive Applications 4 vulnerabilities 97 KLOC of C++ ARGUS 1.2, HIP, INFN, NIKHEF, SWITCHARGUS 1.2, HIP, INFN, NIKHEF, SWITCH gLite Authorization Service 0 vulnerabilities 42 KLOC of Java and C 5
Our experience VOMS Core INFN Virtual Organization Management System 1 vulnerability 161 KLOC of Bourne Shell, C++ and C iRODS, DICE Data-management System 9 vulnerabilities (and counting) 285 KLOC of C and C++9 vulnerabilities (and counting) 285 KLOC of C and C++ Google Chrome, Google Web browser 1 OC f C C1 vulnerability 2396 KLOC of C and C++ WMS, INFNWMS, INFN Workload Management System in progress 728 KLOC of Bourne Shell, C++, C, Python, Java, and Perl CREAM, INFN Computing Resource Execution And Management 4 vulnerabilities (and counting) 216 KLOC of Bourne Shell, Java and C++ 6 Java, and C++
gLite Architecture Authentication RB HostUser Host authZ Service Host Submit job &  receive output Submit job &  receive output Authentication WMS User Argus receive output receive output StatusInf. Reference Data Transfer User Interface LB Host LB Server IS Host Information Services (i e BDII) SE Host Authorizat Inf. Reference r CE Host Services (i.e. BDII) StoRM Submit job & Sta Status Au OMS  proxy tion CREAM VOMS Host WN Host Submit job &  receive output atus uthorization Create  VO LRMS VOMS Host VOMS  Server WN job Jobs Authentication 7
ARGUS 1 2 HIP INFN NIKHEFARGUS 1.2, HIP, INFN, NIKHEF, SWITCH gLite Authorization Service 42 KLOC f J d C42 KLOC of Java and C 0 vulnerabilities 9
authZ service HostU (UI) 1b Argus 1.2 Architecture Admin data‐flow authZ service Host WN HostPAP Admin  Tool (Edit Policy) User (UI) 1a RB Host A User data‐flow CLI Tool (Edit Policy) Administrator WMS PAP B C’ CLI Run job Exit gLExec CE Host PDP 2 9 10a CREAM D’ E’ C Dt PEP Client (Lib) Et /etc/init.d/pdp  10b PEP Server gLExec 3 5 6 LRMS 7 8F’ HTTPS reloadpolicy /etc/init.d/pepd  PEP Server WN job clearcache Ft 4 PAP (Policy Administration Point)  → Manage Policies. PDP (Policy Decision Point) → Evaluate Authorization Requests. PEP (Policy Enforcement Point) → Process Client Requests and Responses. OS privileges  user batch user External ComponentrootPEP (Policy Enforcement Point) → Process Client Requests and Responses. Administrator & root
User: X’ = Optional  steps Xt Periodic steps Argus 1.2 Architecture Xt = Periodic steps 1. User  submits a job described as a JDL expression. 2. CREAM receives a job execution request from WMS (1a) or the User (1b) directly. 3. CREAM sends the job execution request to the LRMS. 4 LRMS sends the job to the WN for its execution4. LRMS sends the job to the WN for its execution.  5. WN sends an authorization request to gLExec, and gLExec interacts with PEP Server  using an LCMAPS plug‐in which  uses the PEP Client library to check if the mapping request can be satisfied. 6. PEP Client sends the request to the PEP Server. 7 PEP Server sends the authorization request (XACML) to PDP for evaluation7. PEP Server sends the authorization request (XACML) to PDP for evaluation. 8. PDP evaluates the authorization request and sends the response to PEP Server. 9. PEP Server sends to PEP Client the authorization response which can be allowed (10a) or denied (10b). 10. gLExec runs job using local identity only if the authorization response is allowed. Admin: A. Administrator edits policies using the command line interface (CLI). B. PAP Admin Tool writes policies and policy sets and make them available at PAP.B. PAP Admin Tool writes policies and policy sets and make them available at PAP. C’. Administrator forces reload of policies since Argus updates the policies in regular intervals. D’. PDP  sends a retrieve policies request to PAP. E’. PAP sends policies (XACML) to PDP. ’ d d l h f l h hF’. Administrator sends a clear cache request to PEP Server for clearing the response cache. Dt. PDP connects periodically to the remote PAP to refresh the repository policy. Et. PAP sends the policies (XACML) to PDP. Ft. PEP Server clears periodically its cache, since PEP Server keeps a short response cache.Ft. PEP Server clears periodically its cache, since PEP Server keeps a short response cache.
authZ service Host (PAP Component) Argus 1.2 Resources PAP conf lib logsTRUSTED_CA etc/ grid_security bin repository sbin pappap host has key signed, certificatesloggingd i pap_ configuration.ini pap_ authorization.ini hostcert .pem hostkey .pem certificatesloggingpap-admin pap- standalone.sh pap- deploy.sh XACML Policy files Readable OS privileges  b t h Owner World user batch user External Component Administrator & root root
authZ service Host (PDP Component) Argus 1.2 Resources ( p ) PDP                           Repository policy conf lib logsTRUSTED_CA etc/ grid_security sbin d i i h t t host has key signed, h tktifi th l i ld tl h pdp.ini hostcert.pem hostkey.pemcertificatesenv.sh logging.xml Readable pdpctl.sh OS privileges  b t h Owner World user batch user External Component Administrator & root root
authZ service Host (PEP Server Component) Argus 1.2 Resources ( p ) PEP Server                           Cached Policies conf lib logsTRUSTED_CA etc/ grid_security sbin pepd.inienv.sh logging.xmlpepdctl.sh host has key signed, Readable hostcert .pem hostkey .pem certificates grid-mapfile groupmap file gridmapdir vomsdir OS privileges Readable Owner World user batch user External Component Administrator & root root
VOMS INFNVOMS, INFN VOMS Core 2.0.2, Virtual Organization Management System 161 KLOC f B Sh ll C d C161 KLOC of Bourne Shell, C++ and C 1 vulnerability VOMS Admin 2.0.15 Web management interfaceVOMS Admin 2.0.15, Web management interface 35 KLOC of Java and PHP 4 l biliti4 vulnerabilities 15
VOMS 2.0.2 Architecture VOMS Server Host VOMS User Host GSI Connection VOMS daemon VOMS Client Ancillary GSI Connection Command Line Command Line DB Utilities DB Web Browser HTTPS Web VOMS Admin (Tomcat) VOMS Admin Client HTTPS SOAP over SSL Command Line OS privileges DB privileges p g user daemon root VO_Server
VOMS Client‐Server Interaction VOMS Server HostUser Host VOMS daemon nt 3. Wait for Connection 2.  Connect to Port OMSClien voms‐proxy‐init  4.  Accept Connection 1.  Send Request 5 Fork 6. Mutual Auth.  & Create Secure Communication Channel via GSI VO VOMS daemon  child process 5. Fork child process 8. Query the database to verify the assertion against User DN 7. Request AC with  attributes X, Y, Z 13. Create a proxy  certificate with  embedded AC VOMS pseudo certificate 12 End Child Process 10. Send the  Attribute Certificate 11. Close Connection 9. Create Attribute Certificate, Sign with VOMS certificate 12. End Child Process DB
VOMS Core 2.0.2 Resources VOMS Server Host VOMS daemon / /$CONFIG_DIR VO_NAME logsTRUSTED_CA /etc/ grid_security DB host hostcert .pem host has key signed, hostkey .pem certificates voms.conf voms.pass vomsdir Readable p p OS privileges DB privileges  Owner World OS p eges daemon root p eges VO_Server
VOMS Core 2.0.2 Resources User HostUser Host VOMS  Client $HOME/ /tmp/ /TRUSTED_CA /etc//opt/ x509up_u<user_id>/user/.globus/ grid_security/ vomses/glite/etc/vomses certificatesusercert.pem userkey.pem vomsdir Readable OS privileges DB privileges  Owner World OS p eges daemon root p eges VO_Server
WMS 3 3 5 INFNWMS 3.3.5, INFN Workload Management System 728 KLOC of Bourne Shell, C++, C, Python Java and PerlPython,Java, and Perl 0 vulnerabilities 20
WMS Host Workload Manager System (WMS) 3.3.5 Architecture CREAM User Host CE Host WM Proxy LB GridFTP LRMSUser Interface Apache WM Proxy Server SOAP/ HTTPS LB Proxy LB DataBase WN HostWorkload Manager Logger (InterLogd) LB Proxy VOMS Host VOMS WN job IS Host Job Controller – Condor G VOMS  Server CE Host OS privileges  user E t l Information Service Log Monitor ICE user External  Componentroot LB Host LB Server DB privileges Proxy Renewal LB Server LB_Admin
WMS 3.3.4 Resources WMS Host WMSWMS /etc/ glite-wms logsTRUSTED_CA /etc/ grid_security LB DataBase Job SandBox g DataBase host hostcert .pem has key signed, hostkey .pem certificatesglite_wms.conf glite_wms_ wmproxy.gacl glite_wms_wmproxy _httpd.conf wmproxy_ logrotate.conf Readable O OS privileges daemon DB privileges LB AdminOwner World daemon root LB_Admin
CREAM 1 14 0 INFNCREAM 1.14.0, INFN Computing Resource Execution And Management 216 KLOC of Bourne Shell Java C++ C and216 KLOC of Bourne Shell, Java, C++, C, and Perl 4 vulnerabilities 23
CREAM 1.14.0 Architecture CE Host WN Host WN job User Host GridFTP WN job User CREAM‐CE SOAP/ HTTPS CREAM DataBase Job Interface Tomcat BLAH VOMS Host LRMS VOMS Host VOMS  Server DB privileges DB Admin OS privileges  user External Component DB_Adminuser External  Component root Tomcat Batch user
CREAM‐CE 1.14.0 Resources CREAM CE h tCREAM‐CE host CE logs/etc/ CREAM DataBase/etc//var/ logs grid_security DataBase host h k /etc/ glite-ce-cream /var/ Cream_sandbox hostcert.pem has key signed, hostkey.pemcertificatesCream-config.xmlUser 1 User N vomsdir DB privilegesOS privileges Owner File ownership CREAM adminTomcat root Batch users Owner World
CREAM‐CE Client 1.14.0 Resources Cli t H tClient Host ClientClient /tmp/ /home/user /etc/ grid_security proxy client logs Job input files JDL file Job output files Certificates OS privileges Tomcat p y g p p O File ownership Tomcat root user World Owner
Questions? http://www.cs.wisc.edu/mist 27

More Related Content

PPTX
Red Teaming and Energy Grid Security
EnergySec
 
PDF
Thisworldofours
jennyevans555
 
PDF
Vulnerability Assessment of Middleware Packages Supplied by EMI: VOMS Core Case
Manuel Brugnoli
 
PDF
First Principles Vulnerability Assessment
Manuel Brugnoli
 
PDF
Vulnerability Assessment Report
Harshit Singh Bhatia
 
PPTX
Vulnerability Intelligence and Assessment with vulners.com
Alexander Leonov
 
PDF
Unity Makes Strength
Xavier Mertens
 
PDF
Unity Makes Strength SOURCE Dublin 2013
Xavier Mertens
 
Red Teaming and Energy Grid Security
EnergySec
 
Thisworldofours
jennyevans555
 
Vulnerability Assessment of Middleware Packages Supplied by EMI: VOMS Core Case
Manuel Brugnoli
 
First Principles Vulnerability Assessment
Manuel Brugnoli
 
Vulnerability Assessment Report
Harshit Singh Bhatia
 
Vulnerability Intelligence and Assessment with vulners.com
Alexander Leonov
 
Unity Makes Strength
Xavier Mertens
 
Unity Makes Strength SOURCE Dublin 2013
Xavier Mertens
 

Similar to Vulnerability Assessment for EGI and EMI - Presentation for NATO-OTAN 2013 (20)

PPTX
PACE-IT: Common Network Vulnerabilities
Pace IT at Edmonds Community College
 
PDF
NSA and PT
Rahmat Suhatman
 
PDF
Broken by design (Danny Fullerton)
Hackfest Communication
 
PPTX
Continuous security testing - sharing responsibility
VodqaBLR
 
PDF
unit 2 confinement techniques.pdf
RohitGautam261127
 
PPTX
Securing Underprotected APIs - Deja vu Security
Deja vu Security
 
PDF
Automated defense from rootkit attacks
UltraUploader
 
PPTX
Ask me anything: A Conversational Interface to Augment Information Security w...
Matthew Park
 
PPT
Vulnerability Chaining; it’s all connected
Toby Kohlenberg
 
PDF
Linux Kernel Security Overview - KCA 2009
James Morris
 
PPTX
Vulnerability, exploit to metasploit
Tiago Henriques
 
PDF
I got 99 trends and a # is all of them
Roberto Suggi Liverani
 
PDF
Application Security Guide for Beginners
Checkmarx
 
PPTX
The-Vulnerabldde-Algorithm-Hit-List.pptx
AhmedTk1
 
PPTX
tas-s6-software-engineering-slide-deck-secure-software-architecture.pptx
Mostafa Taghizade
 
PPTX
Why vulners? Short story about reinventing a wheel
Kirill Ermakov
 
PDF
WIRELESS COMPUTING AND IT ECOSYSTEMS
cscpconf
 
PDF
Bsides Tampa Blue Team’s tool dump.
Alexander Kot
 
PDF
l_02sec.pdf
someyamohsen2
 
PDF
Real World Application Threat Modelling By Example
NCC Group
 
PACE-IT: Common Network Vulnerabilities
Pace IT at Edmonds Community College
 
NSA and PT
Rahmat Suhatman
 
Broken by design (Danny Fullerton)
Hackfest Communication
 
Continuous security testing - sharing responsibility
VodqaBLR
 
unit 2 confinement techniques.pdf
RohitGautam261127
 
Securing Underprotected APIs - Deja vu Security
Deja vu Security
 
Automated defense from rootkit attacks
UltraUploader
 
Ask me anything: A Conversational Interface to Augment Information Security w...
Matthew Park
 
Vulnerability Chaining; it’s all connected
Toby Kohlenberg
 
Linux Kernel Security Overview - KCA 2009
James Morris
 
Vulnerability, exploit to metasploit
Tiago Henriques
 
I got 99 trends and a # is all of them
Roberto Suggi Liverani
 
Application Security Guide for Beginners
Checkmarx
 
The-Vulnerabldde-Algorithm-Hit-List.pptx
AhmedTk1
 
tas-s6-software-engineering-slide-deck-secure-software-architecture.pptx
Mostafa Taghizade
 
Why vulners? Short story about reinventing a wheel
Kirill Ermakov
 
WIRELESS COMPUTING AND IT ECOSYSTEMS
cscpconf
 
Bsides Tampa Blue Team’s tool dump.
Alexander Kot
 
l_02sec.pdf
someyamohsen2
 
Real World Application Threat Modelling By Example
NCC Group
 
Ad

Recently uploaded (20)

PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
KodekX | Application Modernization Development
KodekX
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
A Presentation on Artificial Intelligence
memembruh336
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Cloud computing and distributed systems.
kkkkkhan
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
KodekX | Application Modernization Development
KodekX
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Ad

Vulnerability Assessment for EGI and EMI - Presentation for NATO-OTAN 2013

  • 1. Vulnerability Assessment for EGI and EMIand EMI Elisa Heymanny Manuel Brugnoli Computer Architecture and Operating Systems Department Universitat Autònoma de BarcelonaUniversitat Autònoma de Barcelona Elisa.Heymann@uab.es Manuel Brugnoli@caos uab es 1 This research funded in part by Department of Homeland Security grant FA8750-10-2-0030 (funded through AFRL). Past funding has been provided by NATO grant CLG 983049, National Science Foundation grant OCI-0844219, the National Science Foundation under contract with San Diego Supercomputing Center, and National Science Foundation grants CNS-0627501 and CNS-0716460. Manuel.Brugnoli@caos.uab.es
  • 2. Who we areWho we are Elisa Heymann Eduardo Cesar Bart Miller Jim Kupsch Eduardo Cesar Jairo Serrano Manuel Brugnoli Jim Kupsch Karl Mazurak Daniel Crowell Manuel BrugnoliDaniel Crowell Wenbin Fang Henry Abbeyy y Salini Kowsalya http://www cs wisc edu/mist/ 2 http://www.cs.wisc.edu/mist/
  • 3. What do we do • Assess Middleware: Make cloud/grid software more secure • Train: We teach tutorials for users developersTrain: We teach tutorials for users, developers, sys admins, and managers • Research: Make in-depth assessments more automated and improve quality of automatedp q y code analysis http://www.cs.wisc.edu/mist/papers/VAshort.pdf 3
  • 4. Our experience Condor, University of Wisconsin Batch queuing workload management system 15 vulnerabilities 600 KLOC of C and C++ SRB, SDSC Storage Resource Broker - data grid 5 vulnerabilities 280 KLOC of C MyProxy, NCSA Credential Management System 5 vulnerabilities 25 KLOC of C glExec, Nikhef Identity mapping service 5 vulnerabilities 48 KLOC of C Gratia Condor Probe, FNAL and Open Science Grid Feeds Condor Usage into Gratia Accounting System 3 vulnerabilities 1.7 KLOC of Perl and Bash Condor Quill, University of Wisconsin DBMS Storage of Condor Operational and Historical Data 6 vulnerabilities 7.9 KLOC of C and C++ 4
  • 5. Our experience Wireshark, wireshark.org Network Protocol Analyzer 2 vulnerabilities 2400 KLOC of C2 vulnerabilities 2400 KLOC of C Condor Privilege Separation, Univ. of Wisconsin Restricted Identity Switching Module 22 vulnerabilities 21 KLOC of C and C++ VOMS Admin, INFN Web management interface to VOMS dataWeb management interface to VOMS data 4 vulnerabilities 35 KLOC of Java and PHP CrossBroker, Universitat Autònoma de Barcelona R M f P ll l & I t ti A li tiResource Mgr for Parallel & Interactive Applications 4 vulnerabilities 97 KLOC of C++ ARGUS 1.2, HIP, INFN, NIKHEF, SWITCHARGUS 1.2, HIP, INFN, NIKHEF, SWITCH gLite Authorization Service 0 vulnerabilities 42 KLOC of Java and C 5
  • 6. Our experience VOMS Core INFN Virtual Organization Management System 1 vulnerability 161 KLOC of Bourne Shell, C++ and C iRODS, DICE Data-management System 9 vulnerabilities (and counting) 285 KLOC of C and C++9 vulnerabilities (and counting) 285 KLOC of C and C++ Google Chrome, Google Web browser 1 OC f C C1 vulnerability 2396 KLOC of C and C++ WMS, INFNWMS, INFN Workload Management System in progress 728 KLOC of Bourne Shell, C++, C, Python, Java, and Perl CREAM, INFN Computing Resource Execution And Management 4 vulnerabilities (and counting) 216 KLOC of Bourne Shell, Java and C++ 6 Java, and C++
  • 7. gLite Architecture Authentication RB HostUser Host authZ Service Host Submit job &  receive output Submit job &  receive output Authentication WMS User Argus receive output receive output StatusInf. Reference Data Transfer User Interface LB Host LB Server IS Host Information Services (i e BDII) SE Host Authorizat Inf. Reference r CE Host Services (i.e. BDII) StoRM Submit job & Sta Status Au OMS  proxy tion CREAM VOMS Host WN Host Submit job &  receive output atus uthorization Create  VO LRMS VOMS Host VOMS  Server WN job Jobs Authentication 7
  • 8. ARGUS 1 2 HIP INFN NIKHEFARGUS 1.2, HIP, INFN, NIKHEF, SWITCH gLite Authorization Service 42 KLOC f J d C42 KLOC of Java and C 0 vulnerabilities 9
  • 9. authZ service HostU (UI) 1b Argus 1.2 Architecture Admin data‐flow authZ service Host WN HostPAP Admin  Tool (Edit Policy) User (UI) 1a RB Host A User data‐flow CLI Tool (Edit Policy) Administrator WMS PAP B C’ CLI Run job Exit gLExec CE Host PDP 2 9 10a CREAM D’ E’ C Dt PEP Client (Lib) Et /etc/init.d/pdp  10b PEP Server gLExec 3 5 6 LRMS 7 8F’ HTTPS reloadpolicy /etc/init.d/pepd  PEP Server WN job clearcache Ft 4 PAP (Policy Administration Point)  → Manage Policies. PDP (Policy Decision Point) → Evaluate Authorization Requests. PEP (Policy Enforcement Point) → Process Client Requests and Responses. OS privileges  user batch user External ComponentrootPEP (Policy Enforcement Point) → Process Client Requests and Responses. Administrator & root
  • 10. User: X’ = Optional  steps Xt Periodic steps Argus 1.2 Architecture Xt = Periodic steps 1. User  submits a job described as a JDL expression. 2. CREAM receives a job execution request from WMS (1a) or the User (1b) directly. 3. CREAM sends the job execution request to the LRMS. 4 LRMS sends the job to the WN for its execution4. LRMS sends the job to the WN for its execution.  5. WN sends an authorization request to gLExec, and gLExec interacts with PEP Server  using an LCMAPS plug‐in which  uses the PEP Client library to check if the mapping request can be satisfied. 6. PEP Client sends the request to the PEP Server. 7 PEP Server sends the authorization request (XACML) to PDP for evaluation7. PEP Server sends the authorization request (XACML) to PDP for evaluation. 8. PDP evaluates the authorization request and sends the response to PEP Server. 9. PEP Server sends to PEP Client the authorization response which can be allowed (10a) or denied (10b). 10. gLExec runs job using local identity only if the authorization response is allowed. Admin: A. Administrator edits policies using the command line interface (CLI). B. PAP Admin Tool writes policies and policy sets and make them available at PAP.B. PAP Admin Tool writes policies and policy sets and make them available at PAP. C’. Administrator forces reload of policies since Argus updates the policies in regular intervals. D’. PDP  sends a retrieve policies request to PAP. E’. PAP sends policies (XACML) to PDP. ’ d d l h f l h hF’. Administrator sends a clear cache request to PEP Server for clearing the response cache. Dt. PDP connects periodically to the remote PAP to refresh the repository policy. Et. PAP sends the policies (XACML) to PDP. Ft. PEP Server clears periodically its cache, since PEP Server keeps a short response cache.Ft. PEP Server clears periodically its cache, since PEP Server keeps a short response cache.
  • 11. authZ service Host (PAP Component) Argus 1.2 Resources PAP conf lib logsTRUSTED_CA etc/ grid_security bin repository sbin pappap host has key signed, certificatesloggingd i pap_ configuration.ini pap_ authorization.ini hostcert .pem hostkey .pem certificatesloggingpap-admin pap- standalone.sh pap- deploy.sh XACML Policy files Readable OS privileges  b t h Owner World user batch user External Component Administrator & root root
  • 12. authZ service Host (PDP Component) Argus 1.2 Resources ( p ) PDP                           Repository policy conf lib logsTRUSTED_CA etc/ grid_security sbin d i i h t t host has key signed, h tktifi th l i ld tl h pdp.ini hostcert.pem hostkey.pemcertificatesenv.sh logging.xml Readable pdpctl.sh OS privileges  b t h Owner World user batch user External Component Administrator & root root
  • 13. authZ service Host (PEP Server Component) Argus 1.2 Resources ( p ) PEP Server                           Cached Policies conf lib logsTRUSTED_CA etc/ grid_security sbin pepd.inienv.sh logging.xmlpepdctl.sh host has key signed, Readable hostcert .pem hostkey .pem certificates grid-mapfile groupmap file gridmapdir vomsdir OS privileges Readable Owner World user batch user External Component Administrator & root root
  • 14. VOMS INFNVOMS, INFN VOMS Core 2.0.2, Virtual Organization Management System 161 KLOC f B Sh ll C d C161 KLOC of Bourne Shell, C++ and C 1 vulnerability VOMS Admin 2.0.15 Web management interfaceVOMS Admin 2.0.15, Web management interface 35 KLOC of Java and PHP 4 l biliti4 vulnerabilities 15
  • 18. VOMS Core 2.0.2 Resources User HostUser Host VOMS  Client $HOME/ /tmp/ /TRUSTED_CA /etc//opt/ x509up_u<user_id>/user/.globus/ grid_security/ vomses/glite/etc/vomses certificatesusercert.pem userkey.pem vomsdir Readable OS privileges DB privileges  Owner World OS p eges daemon root p eges VO_Server
  • 19. WMS 3 3 5 INFNWMS 3.3.5, INFN Workload Management System 728 KLOC of Bourne Shell, C++, C, Python Java and PerlPython,Java, and Perl 0 vulnerabilities 20
  • 20. WMS Host Workload Manager System (WMS) 3.3.5 Architecture CREAM User Host CE Host WM Proxy LB GridFTP LRMSUser Interface Apache WM Proxy Server SOAP/ HTTPS LB Proxy LB DataBase WN HostWorkload Manager Logger (InterLogd) LB Proxy VOMS Host VOMS WN job IS Host Job Controller – Condor G VOMS  Server CE Host OS privileges  user E t l Information Service Log Monitor ICE user External  Componentroot LB Host LB Server DB privileges Proxy Renewal LB Server LB_Admin
  • 21. WMS 3.3.4 Resources WMS Host WMSWMS /etc/ glite-wms logsTRUSTED_CA /etc/ grid_security LB DataBase Job SandBox g DataBase host hostcert .pem has key signed, hostkey .pem certificatesglite_wms.conf glite_wms_ wmproxy.gacl glite_wms_wmproxy _httpd.conf wmproxy_ logrotate.conf Readable O OS privileges daemon DB privileges LB AdminOwner World daemon root LB_Admin
  • 22. CREAM 1 14 0 INFNCREAM 1.14.0, INFN Computing Resource Execution And Management 216 KLOC of Bourne Shell Java C++ C and216 KLOC of Bourne Shell, Java, C++, C, and Perl 4 vulnerabilities 23
  • 23. CREAM 1.14.0 Architecture CE Host WN Host WN job User Host GridFTP WN job User CREAM‐CE SOAP/ HTTPS CREAM DataBase Job Interface Tomcat BLAH VOMS Host LRMS VOMS Host VOMS  Server DB privileges DB Admin OS privileges  user External Component DB_Adminuser External  Component root Tomcat Batch user
  • 24. CREAM‐CE 1.14.0 Resources CREAM CE h tCREAM‐CE host CE logs/etc/ CREAM DataBase/etc//var/ logs grid_security DataBase host h k /etc/ glite-ce-cream /var/ Cream_sandbox hostcert.pem has key signed, hostkey.pemcertificatesCream-config.xmlUser 1 User N vomsdir DB privilegesOS privileges Owner File ownership CREAM adminTomcat root Batch users Owner World
  • 25. CREAM‐CE Client 1.14.0 Resources Cli t H tClient Host ClientClient /tmp/ /home/user /etc/ grid_security proxy client logs Job input files JDL file Job output files Certificates OS privileges Tomcat p y g p p O File ownership Tomcat root user World Owner