a Grid-based Operating System
10.08.2015 Views
Share Embed Flag

a Grid-based Operating System

XtreemOS: Building and Promoting a Linux-based ... - CryptoForma

XtreemOS: Building and Promoting a Linux-based ... - CryptoForma

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
cryptoforma.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Verifying a Mutual Authentication Protocol fora <strong>Grid</strong>-<strong>based</strong> <strong>Operating</strong> <strong>System</strong>Benjamin AzizE-Science CentreSTFC Rutherford Appleton LaboratoryCryptoForma 3 rd Meeting, Bristol, 8 April 2010XtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576XtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

Science and TechnologyFacilities Council (STFC)• One of the seven researchcouncils in the UK• Developing and supporting sciencefacilities for the disciplines ofparticle physics, astronomy,microelectronics, etc.And recently medical research• Provide access to large-scaleresearch facilities to UK researchers2

e-Science Centre• Provide high performance servicesand applications to support scientificresearch• Support research and developmentprogramme in areas including:• Distributed <strong>System</strong>s• Web, <strong>Grid</strong> middleware and Cloud computing• Security and trust modelling and deployment• Information Management• Semantics, vocabulary, digital preservation3

The ScientificApplications Group• Main areas of research:1. Security in large-scale distributed systemsincluding design, implementation, deploymentand test beds• E.g. security architectures, protocols, management ofsecurity and security in dynamic collaborations1. Modelling and reasoning about trust and security• E.g. Applications of formal analysis tools and methods forsecurity assurance, policy analysis and trust management2. Methods for quantifying security• E.g. risk analysis, reputation management and utilitycomputing3. Interesting case studies• Privacy and integrity of large volumes of scientific data4

The XtreemOS <strong>Operating</strong> <strong>System</strong> in aNutshell• Large European Integrated Project: 18 partners• June 2006- September 2010• Design & implement a reference open source <strong>Grid</strong> operatingsystem <strong>based</strong> on LinuxBusiness ApplicationsVO & SecurityXtreemOS API (SAGA)Data ManagementScientific ApplicationsApplicationManagementInfrastructure for Highly Available and Scalable ServicesLinux-XOS: <strong>Grid</strong>-enabled Linux <strong>Operating</strong> <strong>System</strong>Linux-XOS for PC Linux-XOS for Cluster Linux-XOS for MobileDevicesSRDS 2009,NiagaraFalls, 28-30Sep, 2009

Structure of the VO and SecurityManagement Services in XtreemOSCritical servicesmust be linkedby a trust fabricXtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

The XtreemOS Trust Model• PKI-<strong>based</strong> Model (X-509)• Trust authorities:• Root CA• CDA• RCA• Trust is delegated via X-509certificates• User andresourcetrustmanagementare separatedXtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

Broad Objectives for this Work• Use of authentication protocols for:• Authenticating XtreemOS services, users and resources• Automating trust interactions among XtreemOS VO andsecurity management services, their users and <strong>Grid</strong>resources• The protocol links critical services in XtreemOS:• Main requirement is its robustness• Unambiguous understanding of the protocol using theApplied-pi as the underlying model• Raising the assurance level <strong>based</strong> on the formal verificationusing ProVerifXtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

XtreemOS Mutual Authentication Protocol:An Overview• Based on classical Diffie-Hellman Key Agreement Protocol• Authentication of two entities• Previously unknown to each other• Belong to different administrative domains• Authentication is in the context of some VO• At the termination of the protocol, the two entities have ashared secret key and are convinced that both areparticipating in the protocol• type-3 authentication, as defined by Peter Ryan and SteveSchneider in “Modelling and Analysis of Security Protocols”(Section 3.3)XtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

XtreemOS Mutual Authentication Protocol:An Overview• Some Notation:• Encryption is { M }K pb X• Digital Signing {| M |}K pr X• [U CDA] means communication is over a privatechannel• g is the primitive root (i.e. generator) and n is a primenumber• Rx is a random number generated by x• G X = g Rx mod n• G XY = (g Rx mod n) Ry mod n• The Diffie-Hellman property is that G XY = G YXXtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

XtreemOS Mutual AuthenticationProtocol: An Overview• The protocol consists of the following steps between a user U,a credential distribution authority, CDA, a resource certificationauthority and a resource node, N:1. [U CDA]: U id , VO id , g, n, G U2. [CDA U]: {|U id , VO id , g, n, G U , T VOM |}K pr CDA3. [N RCA]: N id , VO id4. [RCA N]: {|N id , VO id |}K pr RCA5. U N: { {|U id , VO id , g, n, G U , T VOM |}K pr CDA, Msg U , T U }K pb N6. N U: G N , { {|N id , VO id |}K pr RCA }K pb U, {Msg U , T U }G UN , {Msg N ,T N }G UN7. U N: {Msg N , T N }G NUXtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

The Mutual Authentication Property• One-way Authentication of B by A agreeing on M:• M : (commit A (M) running B (M)) (M = M)• Mutual Authentication of A and B• (A authenticates B agreeing on M) (B authenticates Aagreeing on M)• The above property was asserted by ProVerif• The occurrence of “running” signals preceded that of the“commit” signals. This was checked using the fact queries:query ev:commit N (G UN ) ==> ev:running U (G NU )query ev:commit U (G NU ) ==> ev:running N (G UN )XtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

Data Leakage Analysis• The DL analysis is carried in a context expressing Dolev-Yao’smost general attacker• Attacker not able to construct the session key G UN = G NU• attacker(G NU ) is false• Some of the terms that were leaked were:Term Notes CausepkN Public key of the Node Advertised to the attackerpkCDA Public key of the CDA Advertised to the attackerg, n Primitive root and prime number Public namesG N g RN mod n Sent over the user’s public channel,u…XtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

Some Technical Comments• The choice of applied-pi calculus as the modelling languagefor the XtreemOS authentication protocol was intuitive• Message-passing and the expressivity of functions• The choice of public versus private channels makes adifference to whether a property holds or not• Example: G N is leaked but not G U as the latter was sent on a privatechannel to the CDA in the first message• Private channels are mostly used to model offline privatecommunications• Channels with richer semantics need to be modelled:• SSL is used as the underlying security protocol on which higher-orderprotocols (e.g. the real credential distribution protocols) are defined• This requires the standardisation of equational theories modelling baseprotocols (e.g. (SSL) (f 1 =M 1 ,f 2 =M 2 , … f n =M n ))XtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

Usability Discussion• Usability of process algebraic analysis tools, such asProVerif, still has a high entry point• Even for people educated in formal methods!• More transparency needs to be achieved to embedsuch tools in the wider design environments• (e.g. integrated within an Eclipse environment, similar toRodin or ATL)• Meaningful feedback to non-formal system designersand managers is an important research directionXtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

Other (Ongoing) Formal Work in XtreemOS• Use of Rodin and Event-B to model some of the securityrequirements in XtreemOS• Alvaro Arenas, Benjamin Aziz, Juan Bicarregui, Brian Matthews, EricaY. Yang: Modelling Security Properties in a <strong>Grid</strong>-<strong>based</strong> <strong>Operating</strong><strong>System</strong> with Anti-Goals. SREIS(ARES) 2008: 1429-1436• Use of applied-pi calculus to model and analyse adelegation protocol in XtreemOS• Discovered a couple of bugs including the lack of ability todeterministically form delegation chains for the case of (4) participantsXtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

Thank you• The XtreemOS Formal Analysis Report, known asDeliverable 3.5.6, can be downloaded at:http://www.xtreemos.eu/publications• Any questions?XtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

Verifying a Mutual Authentication Protocol fora <strong>Grid</strong>-<strong>based</strong> <strong>Operating</strong> <strong>System</strong>Benjamin AzizE-Science CentreSTFC Rutherford Appleton LaboratoryCryptoForma 3 rd Meeting, Bristol, 8 April 2010XtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576XtreemOS IP projectis funded by the European Commission under contract IST-FP6-033576

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!