GSI Credential Management with MyProxy
Download
Report
Transcript GSI Credential Management with MyProxy
Emerging NCSA Security
R&D
NSF CyberSecurity Summit
September 28th, 2004
Von Welch
[email protected]
About this presentation
• Overview of a number of technologies
being developed by a number of groups
at NCSA
• Seeking to find consumers, foster
communication and collaboration
• Purpose is to give quick overview of
each project to spur interest
• Please contact myself or project lead/PI
listed for a given project for more
information
Sep 27, 2004
NCSA Emerging Security R&D
2
• National Center for Advanced Secure
Systems Research
• ONR-funded multi-organization security R&D
center led by NCSA
• Partners include University of Illinois at
Urbana-Champaign, Battelle Pacific
Northwest Division, InfoAssure Inc., the
University of Tennessee, and the Naval
Postgraduate School
• http://www.ncassr.org
Sep 27, 2004
NCSA Emerging Security R&D
3
Security R&D Projects
• ONR-funded
Technology
Research Education
Commercialization
Center
• http://www.trecc.org
Sep 27, 2004
• NSF Middleware
Initiative
• http://www.nsfmiddleware.org/
NCSA Emerging Security R&D
4
MAIDS: Mining Alarming Incidents in Data
Streams
Datamining applied to streams
MAIDS is aimed to:
•
•
•
Discover changes, trends and
evolution characteristics in data
streams
Construct clusters and classification
models from data streams
Explore frequent patterns and
similarities among data streams
MAIDS is being applied to NCSA’s
network flow data in order to
be trained to automatically
detect incidents
Contact: Michael Welge
[email protected]
Sep 27, 2004
NCSA Emerging Security R&D
5
SIFT
• Security Incident Fusion Tool
(SIFT)
• Framework and tools for
combination of flow and log data
from multiple sources and
coherent visualization
• Software available from:
http://www.ncassr.org/projects/sift/
• Contact: Bill Yurcik
([email protected])
Sep 27, 2004
NCSA Emerging Security R&D
6
SELS: A Secure Email List Service
Contact: Himanshu Khurana [email protected]
• Mail List Security
– Confidentiality: Solution using proxy encryption techniques
whereby the plaintext is not exposed at list server; instead, list
server simply transforms encrypted messages
– Integrity and authentication: Solution using digital signatures
where certificate validation is provided by list server
– Anti-spamming: Solution using digital signatures and HMACs
where list server discards any message not sent by a valid
subscriber
• Prototype (Java)
– Email client plugins for JavaMail and Eudora currently being
developed
– Evaluating available list server software for plugin development
Sep 27, 2004
NCSA Emerging Security R&D
7
Himanshu Khurana
MyProxy: Grid Credential Management
• Stores Grid X.509
credentials
• Retrieval through
SASL/PAM allows for
authentication via OTP,
password, Kerberos
• Allows bridging between
authentication domains
• Contact: Jim Basney
MyProxy
OTP, Krb5,
Password
X.509 Grid
Credential
([email protected])
Sep 27, 2004
NCSA Emerging Security R&D
8
Grid-Shib: Grid-Shibboleth Integration
• Integration of Internet2’s Shibboleth with
Globus Toolkit
• Funded by NSF NMI program
• Allow for use of Shibboleth-served attributes in
Grid authorization
– Allow leveraging of Shibboleth software and
deployments to support Grids
– Utilizing Web Services security standards (SAML)
• Contact: Von Welch ([email protected])
Sep 27, 2004
NCSA Emerging Security R&D
9
Other activities
• Software-defined radio policy
enforcement
– Von Welch ([email protected])
• Security Middleware for sensors
– Himanshu Khurana
([email protected])
• Secure Grid Laboratory
– Testbed for deployment and testing
– Randy Butler ([email protected])
Sep 27, 2004
NCSA Emerging Security R&D
10
For more information
• http://www.ncassr.org
• Or contact me for routing
– [email protected]
Sep 27, 2004
NCSA Emerging Security R&D
11