0
Assurance Requirements for
e-Infrastructure Services
Martin Hamilton
Loughborough University /
HPC Midlands
Cloudy With a Chance of Rootkits
Martin Hamilton
Loughborough University /
HPC Midlands
Topics
1. What is e-Infrastructure?
2. Barriers to Adoption
3. Opening Pandora’s Box

4. Conclusions
Topics
1. What is e-Infrastructure?
2. Barriers to Adoption
3. Opening Pandora’s Box

4. Conclusions
1. What is e-Infrastructure?
—Research community
context:
HPC, SKA, LHC, DLS, NGS
and other TLAs
—Industrial context:
TSB ...
1. What is e-Infrastructure?
[http://goo.gl/fIpA7R]
1. What is e-Infrastructure?
Case Study - HPC Midlands:
—BIS/EPSRC regional centre
—3,000 core supercomputer
—Expertise fr...
1. What is e-Infrastructure?
Case Study - HPC Midlands:
—BIS/EPSRC regional centre
—3,000 core supercomputer
—Expertise fr...
1. What is e-Infrastructure?
1. What is e-Infrastructure?
1. What is e-Infrastructure?
Not just HPC:
- Bioinformatics
- Diamond Light
Source, SKA etc
- Major capital kit at
Institu...
Topics
1. What is e-Infrastructure?
2. Barriers to Adoption
3. Opening Pandora’s Box

4. Conclusions
2. Barriers to Adoption

Picture credits: CC-BY-NC by Flickr user ladybeames; Peter Strutton, HPC Midlands
2. Barriers to Adoption - Awareness
equipment.data.ac.uk
Kit Catalogue™ – kitcatalogue.com

Key question:
What are the bou...
2. Barriers to Adoption - Awareness
2. Barriers to Adoption - Awareness
2. Barriers to Adoption - Awareness
2. Barriers to Adoption - Training
2. Barriers to Adoption - Training
- Typically supply led
- Inflexible timing
- Prohibitively
expensive for SMEs
- Ad-hoc ...
2. Barriers to Adoption - Assurance
Challenging
preconceptions:
—“Supercomputing is just for
rocket scientists”
—“Academic...
2. Barriers to Adoption - Assurance
Challenging preconceptions:
—Common off-the-shelf packages
have HPC solver capability,...
2. Barriers to Adoption - Assurance
Challenging preconceptions:
—Common off-the-shelf packages
have HPC solver capability,...
Topics
1. What is e-Infrastructure?
2. Barriers to Adoption
3. Opening Pandora’s Box

4. Conclusions
3. Opening Pandora’s Box
3. Opening Pandora’s Box
—Who makes the agreement?
—Dedicated special purpose vehicle, spin-out
company, cost sharing grou...
3. Opening Pandora’s Box
—Who makes the agreement?
—Dedicated special purpose vehicle, spin-out
company, cost sharing grou...
3. Opening Pandora’s Box

Sample security audit tool output from http://benchmarks.cisecurity.org/
3. Opening Pandora’s Box
—Relationship with customer networks
—Firewall traversal, double NAT, outbound access to
service,...
Topics
1. What is e-Infrastructure?
2. Barriers to Adoption
3. Opening Pandora’s Box

4. Conclusions
4. Conclusions

Photo credit CC-BY-NC Flickr user brianklug
4. Conclusions

Photo credit CC-BY-NC Flickr user brianklug
4. Conclusions
—More disciplined approach to contractual
relations, technical aspects of service provision
—Requirement fo...
Cloudy With a Chance of Rootkits
Martin Hamilton
@martin_hamilton
m.t.hamilton@lboro.ac.uk
Upcoming SlideShare
Loading in...5
×

Cloudy with a Chance of Rootkits - Assurance Requirements for e-Infrastructure Services

411

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
411
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Cloudy with a Chance of Rootkits - Assurance Requirements for e-Infrastructure Services"

  1. 1. Assurance Requirements for e-Infrastructure Services Martin Hamilton Loughborough University / HPC Midlands
  2. 2. Cloudy With a Chance of Rootkits Martin Hamilton Loughborough University / HPC Midlands
  3. 3. Topics 1. What is e-Infrastructure? 2. Barriers to Adoption 3. Opening Pandora’s Box 4. Conclusions
  4. 4. Topics 1. What is e-Infrastructure? 2. Barriers to Adoption 3. Opening Pandora’s Box 4. Conclusions
  5. 5. 1. What is e-Infrastructure? —Research community context: HPC, SKA, LHC, DLS, NGS and other TLAs —Industrial context: TSB Catapults, BIS/EPSRC supercomputer centres, “on ramps” for SMEs
  6. 6. 1. What is e-Infrastructure? [http://goo.gl/fIpA7R]
  7. 7. 1. What is e-Infrastructure? Case Study - HPC Midlands: —BIS/EPSRC regional centre —3,000 core supercomputer —Expertise from Loughborough University & University of Leicester —Software from leading ISVs —Flexible usage model for use by research and industry
  8. 8. 1. What is e-Infrastructure? Case Study - HPC Midlands: —BIS/EPSRC regional centre —3,000 core supercomputer —Expertise from Loughborough University & University of Leicester —Software from leading ISVs —Flexible usage model for use by research and industry
  9. 9. 1. What is e-Infrastructure?
  10. 10. 1. What is e-Infrastructure?
  11. 11. 1. What is e-Infrastructure? Not just HPC: - Bioinformatics - Diamond Light Source, SKA etc - Major capital kit at Institutions - But not just kit? - Open Access Pubs - Open Data - Software
  12. 12. Topics 1. What is e-Infrastructure? 2. Barriers to Adoption 3. Opening Pandora’s Box 4. Conclusions
  13. 13. 2. Barriers to Adoption Picture credits: CC-BY-NC by Flickr user ladybeames; Peter Strutton, HPC Midlands
  14. 14. 2. Barriers to Adoption - Awareness equipment.data.ac.uk Kit Catalogue™ – kitcatalogue.com Key question: What are the boundaries of e-Infrastructure?
  15. 15. 2. Barriers to Adoption - Awareness
  16. 16. 2. Barriers to Adoption - Awareness
  17. 17. 2. Barriers to Adoption - Awareness
  18. 18. 2. Barriers to Adoption - Training
  19. 19. 2. Barriers to Adoption - Training - Typically supply led - Inflexible timing - Prohibitively expensive for SMEs - Ad-hoc engagement with ISVs - Where is the MOOC?
  20. 20. 2. Barriers to Adoption - Assurance Challenging preconceptions: —“Supercomputing is just for rocket scientists” —“Academic services are inherently insecure” —“Legal would never sign off on anything like this” —“It’s just too hard to satisfy assurance requirements” Photo credit: CC-BY-NC by Flickr user justin_case
  21. 21. 2. Barriers to Adoption - Assurance Challenging preconceptions: —Common off-the-shelf packages have HPC solver capability, e.g. FLUENT, NASTRAN, MATLAB —Pen testing / audit tools don’t care if you are an academic site —Locking systems down is hard work – get over it —FTSE100 firms’ have similar requirements to research and education organizations Photo credit: CC-BY-NC by Flickr user justin_case
  22. 22. 2. Barriers to Adoption - Assurance Challenging preconceptions: —Common off-the-shelf packages have HPC solver capability, e.g. FLUENT, NASTRAN, MATLAB —Pen testing / audit tools don’t care if you are an academic site —Locking systems down is hard work – get over it —FTSE100 firms’ have similar requirements to research and education organizations Photo credit: CC-BY-NC by Flickr user justin_case
  23. 23. Topics 1. What is e-Infrastructure? 2. Barriers to Adoption 3. Opening Pandora’s Box 4. Conclusions
  24. 24. 3. Opening Pandora’s Box
  25. 25. 3. Opening Pandora’s Box —Who makes the agreement? —Dedicated special purpose vehicle, spin-out company, cost sharing groups, VAT exemption etc —What does it look like? —Guaranteed turnaround time? —Reducing the friction —Compliance challenges —ISO 27002, CESG InfoSec, physical security (e.g. LPS 1175), CIS audit tool, pen testing / auditing
  26. 26. 3. Opening Pandora’s Box —Who makes the agreement? —Dedicated special purpose vehicle, spin-out company, cost sharing groups, VAT exemption etc —What does it look like? —Guaranteed turnaround time? —Reducing the friction —Compliance challenges —ISO 27002, CESG InfoSec, physical security (e.g. LPS 1175), CIS audit tool, pen testing / auditing
  27. 27. 3. Opening Pandora’s Box Sample security audit tool output from http://benchmarks.cisecurity.org/
  28. 28. 3. Opening Pandora’s Box —Relationship with customer networks —Firewall traversal, double NAT, outbound access to service, inbound access to license servers, double encryption? (VPN + ssh) —What would root do? —Remove unnecessary permissions, turn off unused services, is command line access even necessary? —Connectivity —Online access vs. sneakernet, remote visualization requirement, JANET connectivity + AAA support through Moonshot
  29. 29. Topics 1. What is e-Infrastructure? 2. Barriers to Adoption 3. Opening Pandora’s Box 4. Conclusions
  30. 30. 4. Conclusions Photo credit CC-BY-NC Flickr user brianklug
  31. 31. 4. Conclusions Photo credit CC-BY-NC Flickr user brianklug
  32. 32. 4. Conclusions —More disciplined approach to contractual relations, technical aspects of service provision —Requirement for certain public sector data, e.g. NHS patient records —Similar considerations around regional shared services as for generic “cloud” providers —Opportunity to set common expectations around levels and types of service —Migration between service providers and marketplace for e-Infrastructure services
  33. 33. Cloudy With a Chance of Rootkits Martin Hamilton @martin_hamilton m.t.hamilton@lboro.ac.uk
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×