Publication and Protection of Sensitive Site Information in a Grid Infrastructure

Publication and Protection of Sensitive Site Information in a Grid Infrastructure

Shreyas Cholia (Lawrence Berkeley National Laboratory, USA) and R. Jefferson Porter (Lawrence Berkeley National Laboratory, USA)
Copyright: © 2011 |Pages: 10
DOI: 10.4018/978-1-60960-603-9.ch010
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

In order to create a successful grid infrastructure, sites and resource providers must be able to publish information about their underlying resources and services. This information enables users and virtual organizations to make intelligent decisions about resource selection and scheduling, and facilitates accounting and troubleshooting services within the grid. However, such an outbound stream may include data deemed sensitive by a resource-providing site, exposing potential security vulnerabilities or private user information. This study analyzes the various vectors of information being published from sites to grid infrastructures. In particular, it examines the data being published and collected in the Open Science Grid, including resource selection, monitoring, accounting, troubleshooting, logging and site verification data. We analyze the risks and potential threat models posed by the publication and collection of such data. We also offer some recommendations and best practices for sites and grid infrastructures to manage and protect sensitive data.
Chapter Preview
Top

The Open Science Grid

The OSG offers a shared infrastructure of distributed computing and storage resources, independently owned and managed by its members. OSG members provide a virtual facility available to individual research communities, who can add services according to their scientists’ needs.

It includes a wide selection of resource providers, ranging from small universities to large national laboratories. This broad range of sites results in a diverse set of security requirements. Reconciling these diverse security priorities is a challenge, and requires close interaction between the sites and the OSG managers. One approach to addressing this issue is to provide the necessary tools in the grid middleware stack, so that sites can configure security policies directly into the software. The OSG provides a software distribution called the Virtual Data Toolkit (VDT) (“Virtual Data Toolkit,”). This includes a packaged, tested and supported collection of middleware for participating compute and storage nodes, as well as a client package for end-user researchers.

The OSG also provides support and infrastructure services to collect and publish information from participating sites, and to monitor their resources. These services are provided by the OSG Grid Operations Center (GOC) (“OSG Grid Operations Center,”). The GOC provides a single point of operational support for the OSG. The GOC performs real time grid monitoring and problem tracking, offers support to users, developers and systems administrators, maintains grid services, and provides security incident responses. It manages information repositories for Virtual Organizations (VOs) and grid resources.

Complete Chapter List

Search this Book:
Reset