Vulnerability Assessment for EGIand EMIand EMIElisa HeymannyManuel BrugnoliComputer Architecture andOperating Systems Depa...
Who we areWho we areElisa HeymannEduardo CesarBart MillerJim Kupsch Eduardo CesarJairo SerranoManuel BrugnoliJim KupschKar...
What do we do• Assess Middleware: Make cloud/grid softwaremore secure• Train: We teach tutorials for users developersTrain...
Our experienceCondor, University of WisconsinBatch queuing workload management system15 vulnerabilities 600 KLOC of C and ...
Our experienceWireshark, wireshark.orgNetwork Protocol Analyzer2 vulnerabilities 2400 KLOC of C2 vulnerabilities 2400 KLOC...
Our experienceVOMS Core INFNVirtual Organization Management System1 vulnerability 161 KLOC of Bourne Shell, C++ and CiRODS...
gLite ArchitectureAuthenticationRB HostUser Host authZ Service HostSubmit job & receive outputSubmit job & receive outputA...
ARGUS 1 2 HIP INFN NIKHEFARGUS 1.2, HIP, INFN, NIKHEF,SWITCHgLite Authorization Service42 KLOC f J d C42 KLOC of Java and ...
authZ service HostU (UI)1bArgus 1.2 ArchitectureAdmin data‐flowauthZ service HostWN HostPAP Admin Tool (Edit Policy)User (...
User: X’ = Optional  stepsXt Periodic stepsArgus 1.2 ArchitectureXt = Periodic steps1. User  submits a job described as a ...
authZ service Host (PAP Component)Argus 1.2 ResourcesPAPconf lib logsTRUSTED_CA etc/grid_securitybin repository sbinpappap...
authZ service Host (PDP Component)Argus 1.2 Resources( p )PDP                          Repositorypolicyconf lib logsTRUSTE...
authZ service Host (PEP Server Component)Argus 1.2 Resources( p )PEP Server                           CachedPoliciesconf l...
VOMS INFNVOMS, INFNVOMS Core 2.0.2, Virtual Organization ManagementSystem161 KLOC f B Sh ll C d C161 KLOC of Bourne Shell,...
VOMS 2.0.2 ArchitectureVOMS Server HostVOMSUser HostGSI ConnectionVOMSdaemonVOMSClientAncillaryGSI ConnectionCommand LineC...
VOMS Client‐Server InteractionVOMS Server HostUser HostVOMS daemonnt3. Wait for Connection2.  Connect to PortOMSClienvoms‐...
VOMS Core 2.0.2 ResourcesVOMS Server HostVOMSdaemon/ /$CONFIG_DIRVO_NAMElogsTRUSTED_CA /etc/grid_securityDBhosthostcert.pe...
VOMS Core 2.0.2 ResourcesUser HostUser HostVOMS Client$HOME/ /tmp/ /TRUSTED_CA /etc//opt/x509up_u<user_id>/user/.globus/ g...
WMS 3 3 5 INFNWMS 3.3.5, INFNWorkload Management System728 KLOC of Bourne Shell, C++, C,Python Java and PerlPython,Java, a...
WMS HostWorkload Manager System (WMS) 3.3.5 ArchitectureCREAMUser Host CE HostWM Proxy LBGridFTPLRMSUserInterfaceApacheWM ...
WMS 3.3.4 ResourcesWMS HostWMSWMS/etc/glite-wmslogsTRUSTED_CA /etc/grid_securityLBDataBaseJob SandBoxgDataBasehosthostcert...
CREAM 1 14 0 INFNCREAM 1.14.0, INFNComputing Resource Execution AndManagement216 KLOC of Bourne Shell Java C++ C and216 KL...
CREAM 1.14.0 ArchitectureCE Host WN HostWN jobUser HostGridFTPWN jobUserCREAM‐CESOAP/HTTPSCREAMDataBaseJobInterface Tomcat...
CREAM‐CE 1.14.0 ResourcesCREAM CE h tCREAM‐CE hostCElogs/etc/CREAMDataBase/etc//var/ logsgrid_securityDataBasehosth k/etc/...
CREAM‐CE Client 1.14.0 ResourcesCli t H tClient HostClientClient/tmp//home/user /etc/grid_securityproxy client logs Job in...
Questions?http://www.cs.wisc.edu/mist27
Upcoming SlideShare
Loading in …5
×

Vulnerability Assessment for EGI and EMI - Presentation for NATO-OTAN 2013

233 views

Published on

Vulnerability Assessment for EGI and EMI - Presentation for NATO-OTAN 2013

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
233
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Vulnerability Assessment for EGI and EMI - Presentation for NATO-OTAN 2013

  1. 1. Vulnerability Assessment for EGIand EMIand EMIElisa HeymannyManuel BrugnoliComputer Architecture andOperating Systems DepartmentUniversitat Autònoma de BarcelonaUniversitat Autònoma de BarcelonaElisa.Heymann@uab.esManuel Brugnoli@caos uab es1This research funded in part by Department of Homeland Security grant FA8750-10-2-0030 (funded through AFRL).Past funding has been provided by NATO grant CLG 983049, National Science Foundation grant OCI-0844219, theNational Science Foundation under contract with San Diego Supercomputing Center, and National ScienceFoundation grants CNS-0627501 and CNS-0716460.Manuel.Brugnoli@caos.uab.es
  2. 2. Who we areWho we areElisa HeymannEduardo CesarBart MillerJim Kupsch Eduardo CesarJairo SerranoManuel BrugnoliJim KupschKarl MazurakDaniel Crowell Manuel BrugnoliDaniel CrowellWenbin FangHenry Abbeyy ySalini Kowsalyahttp://www cs wisc edu/mist/2http://www.cs.wisc.edu/mist/
  3. 3. What do we do• Assess Middleware: Make cloud/grid softwaremore secure• Train: We teach tutorials for users developersTrain: We teach tutorials for users, developers,sys admins, and managers• Research: Make in-depth assessments moreautomated and improve quality of automatedp q ycode analysishttp://www.cs.wisc.edu/mist/papers/VAshort.pdf3
  4. 4. Our experienceCondor, University of WisconsinBatch queuing workload management system15 vulnerabilities 600 KLOC of C and C++SRB, SDSCStorage Resource Broker - data grid5 vulnerabilities 280 KLOC of CMyProxy, NCSACredential Management System5 vulnerabilities 25 KLOC of CglExec, NikhefIdentity mapping service5 vulnerabilities 48 KLOC of CGratia Condor Probe, FNAL and Open Science GridFeeds Condor Usage into Gratia Accounting System3 vulnerabilities 1.7 KLOC of Perl and BashCondor Quill, University of WisconsinDBMS Storage of Condor Operational and Historical Data6 vulnerabilities 7.9 KLOC of C and C++4
  5. 5. Our experienceWireshark, wireshark.orgNetwork Protocol Analyzer2 vulnerabilities 2400 KLOC of C2 vulnerabilities 2400 KLOC of CCondor Privilege Separation, Univ. of WisconsinRestricted Identity Switching Module22 vulnerabilities 21 KLOC of C and C++VOMS Admin, INFNWeb management interface to VOMS dataWeb management interface to VOMS data4 vulnerabilities 35 KLOC of Java and PHPCrossBroker, Universitat Autònoma de BarcelonaR M f P ll l & I t ti A li tiResource Mgr for Parallel & Interactive Applications4 vulnerabilities 97 KLOC of C++ARGUS 1.2, HIP, INFN, NIKHEF, SWITCHARGUS 1.2, HIP, INFN, NIKHEF, SWITCHgLite Authorization Service0 vulnerabilities 42 KLOC of Java and C5
  6. 6. Our experienceVOMS Core INFNVirtual Organization Management System1 vulnerability 161 KLOC of Bourne Shell, C++ and CiRODS, DICEData-management System9 vulnerabilities (and counting) 285 KLOC of C and C++9 vulnerabilities (and counting) 285 KLOC of C and C++Google Chrome, GoogleWeb browser1 OC f C C1 vulnerability 2396 KLOC of C and C++WMS, INFNWMS, INFNWorkload Management Systemin progress 728 KLOC of Bourne Shell, C++,C, Python, Java, and PerlCREAM, INFNComputing Resource Execution And Management4 vulnerabilities (and counting) 216 KLOC of Bourne Shell,Java and C++6Java, and C++
  7. 7. gLite ArchitectureAuthenticationRB HostUser Host authZ Service HostSubmit job & receive outputSubmit job & receive outputAuthenticationWMSUserArgusreceive output receive outputStatusInf. ReferenceData TransferUserInterface LB HostLB ServerIS HostInformationServices (i e BDII)SE HostAuthorizatInf. ReferencerCE HostServices (i.e. BDII)StoRMSubmit job &StaStatusAuOMS  proxytionCREAMVOMS HostWN HostSubmit job & receive outputatusuthorizationCreate  VOLRMSVOMS HostVOMS ServerWN jobJobsAuthentication7
  8. 8. ARGUS 1 2 HIP INFN NIKHEFARGUS 1.2, HIP, INFN, NIKHEF,SWITCHgLite Authorization Service42 KLOC f J d C42 KLOC of Java and C0 vulnerabilities9
  9. 9. authZ service HostU (UI)1bArgus 1.2 ArchitectureAdmin data‐flowauthZ service HostWN HostPAP Admin Tool (Edit Policy)User (UI)1aRB HostAUser data‐flowCLI Tool (Edit Policy)AdministratorWMSPAPBC’CLIRun job Exit gLExecCE HostPDP2910aCREAMD’ E’CDtPEP Client (Lib)Et/etc/init.d/pdp 10bPEP ServergLExec356LRMS7 8F’HTTPSreloadpolicy/etc/init.d/pepd  PEP ServerWN jobclearcacheFt4PAP (Policy Administration Point)  → Manage Policies.PDP (Policy Decision Point) → Evaluate Authorization Requests.PEP (Policy Enforcement Point) → Process Client Requests and Responses.OS privileges user batch userExternal ComponentrootPEP (Policy Enforcement Point) → Process Client Requests and Responses.Administrator & root
  10. 10. User: X’ = Optional  stepsXt Periodic stepsArgus 1.2 ArchitectureXt = Periodic steps1. User  submits a job described as a JDL expression.2. CREAM receives a job execution request from WMS (1a) or the User (1b) directly.3. CREAM sends the job execution request to the LRMS.4 LRMS sends the job to the WN for its execution4. LRMS sends the job to the WN for its execution. 5. WN sends an authorization request to gLExec, and gLExec interacts with PEP Server  using an LCMAPS plug‐in which uses the PEP Client library to check if the mapping request can be satisfied.6. PEP Client sends the request to the PEP Server.7 PEP Server sends the authorization request (XACML) to PDP for evaluation7. PEP Server sends the authorization request (XACML) to PDP for evaluation.8. PDP evaluates the authorization request and sends the response to PEP Server.9. PEP Server sends to PEP Client the authorization response which can be allowed (10a) or denied (10b).10. gLExec runs job using local identity only if the authorization response is allowed.Admin:A. Administrator edits policies using the command line interface (CLI).B. PAP Admin Tool writes policies and policy sets and make them available at PAP.B. PAP Admin Tool writes policies and policy sets and make them available at PAP.C’. Administrator forces reload of policies since Argus updates the policies in regular intervals.D’. PDP  sends a retrieve policies request to PAP.E’. PAP sends policies (XACML) to PDP.’ d d l h f l h hF’. Administrator sends a clear cache request to PEP Server for clearing the response cache.Dt. PDP connects periodically to the remote PAP to refresh the repository policy.Et. PAP sends the policies (XACML) to PDP.Ft. PEP Server clears periodically its cache, since PEP Server keeps a short response cache.Ft. PEP Server clears periodically its cache, since PEP Server keeps a short response cache.
  11. 11. authZ service Host (PAP Component)Argus 1.2 ResourcesPAPconf lib logsTRUSTED_CA etc/grid_securitybin repository sbinpappaphosthas keysigned,certificatesloggingd i pap_configuration.inipap_authorization.inihostcert.pemhostkey.pemcertificatesloggingpap-admin pap-standalone.shpap-deploy.shXACML PolicyfilesReadable OS privileges b t hOwnerWorlduser batch userExternal ComponentAdministrator & rootroot
  12. 12. authZ service Host (PDP Component)Argus 1.2 Resources( p )PDP                          Repositorypolicyconf lib logsTRUSTED_CA etc/grid_securitysbind i i h t thosthas keysigned,h tktifi th l i ld tl h pdp.ini hostcert.pem hostkey.pemcertificatesenv.sh logging.xmlReadablepdpctl.shOS privileges b t hOwnerWorlduser batch userExternal ComponentAdministrator & rootroot
  13. 13. authZ service Host (PEP Server Component)Argus 1.2 Resources( p )PEP Server                           CachedPoliciesconf lib logsTRUSTED_CA etc/grid_securitysbinpepd.inienv.sh logging.xmlpepdctl.shhosthas keysigned,Readablehostcert.pemhostkey.pemcertificates grid-mapfile groupmapfilegridmapdir vomsdirOS privileges ReadableOwnerWorlduser batch userExternal ComponentAdministrator & rootroot
  14. 14. VOMS INFNVOMS, INFNVOMS Core 2.0.2, Virtual Organization ManagementSystem161 KLOC f B Sh ll C d C161 KLOC of Bourne Shell, C++ and C1 vulnerabilityVOMS Admin 2.0.15 Web management interfaceVOMS Admin 2.0.15, Web management interface35 KLOC of Java and PHP4 l biliti4 vulnerabilities15
  15. 15. VOMS 2.0.2 ArchitectureVOMS Server HostVOMSUser HostGSI ConnectionVOMSdaemonVOMSClientAncillaryGSI ConnectionCommand LineCommand LineDBUtilitiesDBWebBrowserHTTPSWebVOMS Admin(Tomcat)VOMS AdminClientHTTPSSOAP over SSLCommand LineOS privileges DB privileges p guser daemonrootVO_Server
  16. 16. VOMS Client‐Server InteractionVOMS Server HostUser HostVOMS daemonnt3. Wait for Connection2.  Connect to PortOMSClienvoms‐proxy‐init 4.  Accept Connection1.  Send Request5 Fork6. Mutual Auth.  & Create SecureCommunication Channel via GSIVOVOMS daemon child process5. Forkchild process8. Query the database toverify the assertion against User DN7. Request AC with attributes X, Y, Z13. Create a proxy certificate with embedded ACVOMSpseudocertificate12 End Child Process10. Send the Attribute Certificate11. Close Connection9. Create Attribute Certificate,Sign with VOMS certificate12. End Child ProcessDB
  17. 17. VOMS Core 2.0.2 ResourcesVOMS Server HostVOMSdaemon/ /$CONFIG_DIRVO_NAMElogsTRUSTED_CA /etc/grid_securityDBhosthostcert.pemhosthas keysigned,hostkey.pemcertificatesvoms.conf voms.passvomsdirReadablep pOS privileges DB privileges OwnerWorldOS p egesdaemonrootp egesVO_Server
  18. 18. VOMS Core 2.0.2 ResourcesUser HostUser HostVOMS Client$HOME/ /tmp/ /TRUSTED_CA /etc//opt/x509up_u<user_id>/user/.globus/ grid_security/ vomses/glite/etc/vomsescertificatesusercert.pem userkey.pem vomsdirReadable OS privileges DB privileges OwnerWorldOS p egesdaemonrootp egesVO_Server
  19. 19. WMS 3 3 5 INFNWMS 3.3.5, INFNWorkload Management System728 KLOC of Bourne Shell, C++, C,Python Java and PerlPython,Java, and Perl0 vulnerabilities20
  20. 20. WMS HostWorkload Manager System (WMS) 3.3.5 ArchitectureCREAMUser Host CE HostWM Proxy LBGridFTPLRMSUserInterfaceApacheWM ProxyServerSOAP/HTTPSLB ProxyLBDataBaseWN HostWorkloadManagerLogger(InterLogd)LB ProxyVOMS HostVOMSWN jobIS HostJob Controller –Condor GVOMS ServerCE HostOS privileges user E t lInformationServiceLog MonitorICEuser External ComponentrootLB HostLB ServerDB privilegesProxy RenewalLB ServerLB_Admin
  21. 21. WMS 3.3.4 ResourcesWMS HostWMSWMS/etc/glite-wmslogsTRUSTED_CA /etc/grid_securityLBDataBaseJob SandBoxgDataBasehosthostcert.pemhas keysigned,hostkey.pemcertificatesglite_wms.conf glite_wms_wmproxy.gaclglite_wms_wmproxy_httpd.confwmproxy_logrotate.confReadableOOS privilegesdaemonDB privilegesLB AdminOwnerWorlddaemonrootLB_Admin
  22. 22. CREAM 1 14 0 INFNCREAM 1.14.0, INFNComputing Resource Execution AndManagement216 KLOC of Bourne Shell Java C++ C and216 KLOC of Bourne Shell, Java, C++, C, andPerl4 vulnerabilities23
  23. 23. CREAM 1.14.0 ArchitectureCE Host WN HostWN jobUser HostGridFTPWN jobUserCREAM‐CESOAP/HTTPSCREAMDataBaseJobInterface TomcatBLAHVOMS HostLRMSVOMS HostVOMS ServerDB privilegesDB AdminOS privileges user External Component DB_Adminuser External  Componentroot Tomcat Batch user
  24. 24. CREAM‐CE 1.14.0 ResourcesCREAM CE h tCREAM‐CE hostCElogs/etc/CREAMDataBase/etc//var/ logsgrid_securityDataBasehosth k/etc/glite-ce-cream/var/Cream_sandboxhostcert.pemhas keysigned,hostkey.pemcertificatesCream-config.xmlUser 1 User N vomsdirDB privilegesOS privilegesOwnerFile ownershipCREAM adminTomcatrootBatch usersOwnerWorld
  25. 25. CREAM‐CE Client 1.14.0 ResourcesCli t H tClient HostClientClient/tmp//home/user /etc/grid_securityproxy client logs Job input files JDL file Job output files CertificatesOS privilegesTomcatp y g p pOFile ownershipTomcatrootuserWorldOwner
  26. 26. Questions?http://www.cs.wisc.edu/mist27

×