ARC e-Research

[Print-friendly version]

security on the grid

"Mechanisms for Ultra-secure Access to Large Repositories of Sensitive Data over the Grid"

Prof Peter Croll, Information Security Institute, QUT
Prof Bill Caelli, Information Security Institute, QUT
Prof Lakshmi Narasimhan, Newcastle University
Dr Anthony Maeder, e-Health Research Centre, Brisbane
Leon Ho, Red Hat Asia-Pacific and Red Hat Global

This project will build a demonstrator to provide ultra-secure and sanitized access to sensitive data, assuming that: the large repositories of data are geographically distributed; access is via a network grid; varying degrees of legal and ethical constraints apply and any data will need securing by advanced cryptographic technologies based on trusted computing platforms.

The Framework:

The basic architecture for a secure mandatory access control system is shown in figure 1. The heart of the system is a Trusted Computing Base (TCB) that ensures all data access is regulated by a set of policies enforced by the MAC based Policy Enforcement Server (PES). The PES will make use of existing tools that can enforce rule based access control that reside in a secure operating systems environment, e.g., Red Hat Enterprise Linux (SE Linux). The rules will be initiated by the organization, e.g., the company CIO, who has the rule update rights. They will be specified in a high level language based on the legislation and regulations that apply to the organization. Some of these may be national laws and regulations, while some may be local to the particular regional sector or division.

The enhanced security of this system comes from the fact that the systems managers or maintenance staff cannot change the access rights on-the-fly (and cover their tracks). Note that this is relatively straightforward with current systems for both staff and adversaries who have good technical knowledge. To facilitate extraordinary circumstances arising from external factors, e.g. loss of network connectivity, hacker attacks or at times of state or federal emergencies, the TCB can switch to an alternate set of rules. In other words, a Risk Assessment Unit (RAU) would determine that the risks imposed by the environmental factors had changed and provide input to the PES. If the PES has been programmed to operate in different modes, it would change modes and the access control would be relaxed or enhanced accordingly. Despite the mode change, all underlying activities would continue to be monitored and audited.


Figure 1. Overview of the Proposed Trusted Node Architecture

The shared virtual machine refers to the computing nodes that support the Grid Layered Architecture. This includes the Collective, Resource, Connectivity, and Fabrication layers (not shown) that support a small set of core abstractions and protocols (e.g., TCP and HTTP in the Internet). The Resource and Connectivity protocols facilitate the sharing of resources and are designed so that they can be implemented on top of a diverse range of resource types, defined at the Fabric layer. As a consequence, a wide range of global services can be constructed through the coordinated use of multiple resources by applications at the Collective layer. This architecture differs from the standard Grid since the protected data sets can only be accessed via encrypted channels connecting the trusted computing nodes. As to which applications can decrypt this data will depend on the access policies set by the Policy Enforcement Server. For example, permitted sanitized data could be decrypted by shared applications on the open access grid while highly classified data would only be available for access and processing on other trusted computing nodes.

We will also be collaboratively exploring research currently being pursued by organizations such as the National Security Agency (NSA) and Mitre Corp., USA, on multi-level security (MLS) architectures, which support alternative scenarios, whereby during extraordinary circumstances, the security clearance of the RAU could be elevated providing the systems administrators with the necessary privileges.

Related Publications:

POSTER (184k) - e-research - security on the grid

Publicity – e-research project (63k)