iSGTW Feature - Distributed security: keeping Open Science Grid closed to intruders


Feature - Distributed security: keeping Open Science Grid closed to intruders


"A feeling of false safety is much more dangerous than always being on our toes." Head of OSG Security Mine Altunay says constant vigilance is essential.
Images courtesy of Marcos Papapopolus

One of the most essential parts of operating the Open Science Grid is keeping it closed.

Closed to malicious intruders.

And protected from inadvertent as well as malevolent attack.

Head of OSG Security, Mine Altunay, says she'd always prefer to be safe than sorry.

"A feeling of false safety is much more dangerous than always being on our toes," Altunay says.

"So far we've never had an incident that has prevented us from running, but this doesn't mean we don't have vulnerabilities. We are constantly thinking of our response to potential incidents: Will our communications channels be open? Is our technical knowledge up to date? Will everybody know what to do?"

Aiming for automation

Altunay's team are now placing a strong emphasis on automated authorization and trust management issues, with a focus on end-to-end security as they enter OSG's second year.

"Currently, when user privileges need to be executed or revoked at a remote site, many sites may have little idea about what those privileges are," Altunay says. "A lot depends on communication between virtual organizations and individual sites, and this can happen in an ad hoc fashion."

"Automating this system will vastly improve our security protections and ability to respond quickly to incidents," says Altunay.

"Our work mainly focuses on trust relationships between grid sites and virtual organizations. Trust is the holy grail for us," says Mine Altunay, head of OSG Security.
Images courtesy of Alaina B

A second focus will be monitoring the health of the OSG infrastructure.

"What's going on out there at the different sites? For us it is extremely important to be able to collect lots of data and interpret it in a meaningful way. It's a very challenging problem because we need to monitor multiple sites; if we do detect suspicious activity, we need to contain it at affected sites."

Knock, knock. Who's there?

So who should grid infrastructures be protecting against?

"Given the thousands of users anticipated to use grids over the next few years, we inevitably have novices who are not up to date on the potential for inadvertently destructive activities," says Altunay. "In addition to these innocent 'attacks,' we are also focused on malicious attackers who explore unrecognized vulnerabilities and try to intrude on our computers. Then there are the so-called Script Kiddies, who might attack 'dot gov' domains for the thrill."

Leading examples from the "in" crowd

And although Altunay spends her days creating new ways to keep destructive activities "out," she's found OSG a great place to be "in."

"It's a fantastic environment," she says. "We have many challenges but I think we will make the necessary progress. We have good people producing a good quality of work."

"Working with Ruth (Pordes, head of OSG) has also been a pleasant surprise. I've never had a female boss before," she says. "I was the only woman in my computer engineering graduate class; I thought it would change as a post grad, but it became even worse. It's really important for women in science to serve as role models. It gives an important message to everyone."

- Cristy Burne, iSGTW

Authors