Supporting security-oriented, inter-disciplinary research: crossing the social, clinical and geospatial domains

How many people have had a chronic disease for longer than 5-years in Scotland? How has this impacted upon their choices of employment? Are there any geographical clusters in Scotland where a high-incidence of patients with such long-term illness can be found? How does the life expectancy of such individuals compare with the national averages? Such questions are important to understand the health of nations and the best ways in which health care should be delivered and measured for their impact and success. In tackling such research questions, e-Infrastructures need to provide tailored, secure access to an extensible range of distributed resources including primary and secondary e-Health clinical data; social science data, and geospatial data sets amongst numerous others. In this paper we describe the security models underlying these e-Infrastructures and demonstrate their implementation in supporting secure, federated access to a variety of distributed and heterogeneous data sets exploiting the results of a variety of projects at the National e-Science Centre (NeSC) at the University of Glasgow

EMI Security Architecture

This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project

A Roadmap for Using NSF Cyberinfrastructure with InCommon

This document provides a Roadmap for using the InCommon identity federation to enable researchers to access NSF cyberinfrastructure (CI) via their campus authentication service. It presents benefits and challenges of using InCommon for NSF cyberinfrastructure, and guidance in overcoming the challenges.NSF OCI-1040777, IU Pervasive Technology Institut

Dynamic trust negotiation for decentralised e-health collaborations

In the Internet-age, the geographical boundaries that have previously impinged upon inter-organisational collaborations have become decreasingly important. Of more importance for such collaborations is the notion and subsequent nature of security and trust - this is especially so in open collaborative environments like the Grid where resources can be both made available, subsequently accessed and used by remote users from a multitude of institutions with a variety of different privileges spanning across the collaboration. In this context, the ability to dynamically negotiate and subsequently enforce security policies driven by various levels of inter-organisational trust is essential. Numerous access control solutions exist today to address aspects of inter-organisational security. These include the use of centralised access control lists where all collaborating partners negotiate and agree on privileges required to access shared resources. Other solutions involve delegating aspects of access right management to trusted remote individuals in assigning privileges to their (remote) users. These solutions typically entail negotiations and delegations which are constrained by organisations, people and the static rules they impose. Such constraints often result in a lack of flexibility in what has been agreed; difficulties in reaching agreement, or once established, in subsequently maintaining these agreements. Furthermore, these solutions often reduce the autonomous capacity of collaborating organisations because of the need to satisfy collaborating partners demands. This can result in increased security risks or reducing the granularity of security policies. Underpinning this is the issue of trust. Specifically trust realisation between organisations, between individuals, and/or between entities or systems that are present in multi-domain authorities. Trust negotiation is one approach that allows and supports trust realisation. The thesis introduces a novel model called dynamic trust negotiation (DTN) that supports n-tier negotiation hops for trust realisation in multi-domain collaborative environments with specific focus on e-Health environments. DTN describes how trust pathways can be discovered and subsequently how remote security credentials can be mapped to local security credentials through trust contracts, thereby bridging the gap that makes decentralised security policies difficult to define and enforce. Furthermore, DTN shows how n-tier negotiation hops can limit the disclosure of access control policies and how semantic issues that exist with security attributes in decentralised environments can be reduced. The thesis presents the results from the application of DTN to various clinical trials and the implementation of DTN to Virtual Organisation for Trials of Epidemiological Studies (VOTES). The thesis concludes that DTN can address the issue of realising and establishing trust between systems or agents within the e-Health domain, such as the clinical trials domain

A Dynamic Validation Infrastructure for Interoperable Grid Services

Los encargados de recursos Grid pueden autorizar el acceso a sus elementos de cómputo por medio de procedimientos bien establecidos para los clientes, regularmente a través del uso de credenciales criptográficas que en su mayoría tienen un tiempo de vida definido.A pesar que la adopción de Autoridades de Certificación -AC- ha parcialmente resuelto el problema de identificación y autenticación entre entidades y, la tecnología PKI (Infraestructuras de Clave Pública) es bastante madura, no es posible hacer los mismos supuestos cuando existen dominios que no confían entre si. En los últimos años han proliferado las Organizaciones Virtuales -VOs- dentro del Grid, cada una instalando su propia Autoridad de Certificación y dando lugar a un gran número de diferentes dominios de seguridad, que efectivamente no confían entre si. Esto da lugar a un complejo escenario de interoperabilidad en Grid, que requiere mecanismos capaces de determinar si una credencial cliente puede ser confiada en un momento dado. Este proceso (llamado "validacion") ha sido tradicionalmente tratado via Listas de Revocación de Certificados (CRLs). Sin embargo, esta solución es ineficiente tanto para la ACs como para las aplicaciones Grid. En consecuencia son requeridos mecanismos mas eficientes que permitan conocer el estado de un certificado en tiempo real. Entre estas soluciones, el Online Certificate Status Protocol (OCSP) sobresale para los Grids. A pesar de su importancia para la seguridad, OCSP conlleva considerables retos para el Grid y de momento es incapaz para garantizar un grado seguro de interoperabilidad entre las ACs que participan en dicho ambiente.De momento la comunidad Grid ha resuelto el problema de interoperabilidad mediante el uso de "Policy Management Authorities" (PMAs), las cuales representan "Federaciones de Grid-PKIs" cuyas ACs miembros cumplen con niveles mínimos de seguridad. Estos requisitos mínimos forman el llamado "Perfil de Autenticación de la PMA". Actualmente el cumplimiento con el perfil de una cierta PMA se lleva a cabo a través de un proceso bien definido, pero manual, que se realiza una sola ocasión cuando una AC desea ser parte de dicha PMA. Esto se denomina "Proceso de Acreditación".Cualquier cliente invocando una operación de un servicio Grid, activa un proceso de autenticación que valida su certificado digital de acuerdo a un proceso llamado "Path Validation".Cuando las ACs participantes interoperan gracias a acuerdos explícitos de confianza, solamente se require un "Path Validation Básico": verificación criptográfica y chequeo del estado del certificado. Software Grid como el Globus Toolkit, provee mecanismos estáticos para dicho proceso. Esto sin embargo resulta inapropiado para VOs actuales.Asi pues, a pesar de la importancia que un proceso automático y "Extendido" de "Path Validation" tendría para construir relaciones de confianza dinámicamente en Grid-PKIs, a la fecha no existe ningún mecanismo para hacerlo.Esta tesis presenta una arquitectura novedosa para llevar a cabo el proceso "Extendido de Path Validation" en ambientes Grid para ACs que pertenecen a la misma PMA, gracias al uso de una Infraestructura de Validación basada en el Grid-OCSP y, una metodología de evaluación de políticas que compara las Políticas de Certificación de las ACs involucradas para asegurarse que cumplen con un Perfil de Autenticación y, que por lo tanto pueden interoperar entre ellas. La metodología de evaluación de políticas está basada en una propuesta de investigación de la "Universidad de Nápoles, Federico II" y la "Segunda Universidad de Nápoles". Un prototipo de la Infraestructura de Validación ha sido desarrollado durante nuestra investigación, y es ampliamente explicado en esta tesis.Grid Resource owners can authorize access to their computing elements by means of well established Authentication and Authorization processes for End-entities, through the use of cryptographic credentials that in most of the cases have a defined lifetime. Nevertheless, despite the fact that the adoption of Certification Authorities -CAs- has partially solved the problem of identification and authentication between the involved parties, and that Public Key Infrastructure -PKI- technologies are mature enough, we cannot make the same assumptions when untrusted domains are involved. In the last years a lot of Grid Virtual Organizations -VOs- have been proliferating, each one usually installing its own Certificate Authority and thus giving birth to a large set of different and possibly untrusted security domains. This brings a quite complex Grid interoperability scenario requiring mechanisms able to determine whether a particular end-entity's credential can be trusted at a given moment. This process is commonly named validation and traditionally it is performed via Certificate Revocation Lists (CRL). However this solution tends to be cumbersome for both, the CA and the application. In consequence, more efficient mechanisms to allow for the provision of real time certificate status information are required. Among these solutions, the Online Certificate Status Protocol (OCSP) stands out in the Grid community. Despite its importance for security, OCSP not only faces considerable challenges in the computational Grid but also, in its current form, this protocol is unable to guarantee a secure degree of interoperability among all the involved Grid-Certification Authorities. At the state of the art, the Grid community is circumventing the interoperability problem with the "Policy Management Authorities (PMAs)", which represent "Federations of Grid PKIs" whose CA members accomplish minimum levels of security. These minimum requirements comprise the PMA's Authentication Profile. In the case of the existing Grid PMAs, compliance with their respective authentication profile is given through a well-defined, but manual process involving a careful analysis of the applicant PKI's Certification Policy -CP-, performed just once, when a new CA wishes to be part of an existing PMA. This is known as the PMA's accreditation process.Any end-entity invoking a Grid Service's operation from the server, activates an authentication process that validates the end-entity's digital certificate according to the traditional path validation procedure.When involved CAs interoperate thanks to explicit trust agreements, only basic path validation is required: cryptographic verifications and status' checks over the involved certificates. State of the art Grid software like the Globus Toolkit, provides static mechanisms for the basic path validation. This is a cumbersome process in nowadays Virtual Organizations.Therefore, despite the importance that an automated and extended path validation process has got in order to build dynamic trust relationships among Grid PKI's, to date there is no mechanism to automatically obtain this information.This thesis presents a novel architecture for enabling extended path validation in Grid environments for CAs that are part of the same PMA, thanks to the use of a Validation Infrastructure based on a Grid-enabled Online Certificate Status Protocol and, a policy evaluation methodology that compares the involved CAs' Certificate Policies to assert that they fulfil with a particular Authentication Profile and that they can therefore interoperate among them. The policy evaluation technique is based on a formal methodology originally proposed by researchers of the "Università di Napoli, Federico II" and the "Seconda Università di Napoli". A working prototype of the proposed Validation Infrastructure was also developed during our research, and is widely explained along this thesis

Role-Based Access Control for the Open Grid Services Architecture - Data Access and Integration (OGSA-DAI)

Grid has emerged recently as an integration infrastructure for the sharing and coordinated use of diverse resources in dynamic, distributed virtual organizations (VOs). A Data Grid is an architecture for the access, exchange, and sharing of data in the Grid environment. In this dissertation, role-based access control (RBAC) systems for heterogeneous data resources in Data Grid systems are proposed. The Open Grid Services Architecture - Data Access and Integration (OGSA-DAI) is a widely used framework for the integration of heterogeneous data resources in Grid systems. However, in the OGSA-DAI system, access control causes substantial administration overhead for resource providers in VOs because each of them has to manage the authorization information for individual Grid users. Its identity-based access control mechanisms are severely inefficient and too complicated to manage because the direct mapping between users and privileges is transitory. To solve this problem, (1) the Community Authorization Service (CAS), provided by the Globus toolkit, and (2) the Shibboleth, an attribute authorization service, are used to support RBAC in the OGSA-DAI system. The Globus Toolkit is widely used software for building Grid systems. Access control policies need to be specified and managed across multiple VOs. For this purpose, the Core and Hierarchical RBAC profile of the eXtensible Access Control Markup Language (XACML) is used; and for distributed administration of those policies, the Object, Metadata and Artifacts Registry (OMAR) is used. OMAR is based on the e-business eXtensible Markup Language (ebXML) registry specifications developed to achieve interoperable registries and repositories. The RBAC systems allow quick and easy deployments, privacy protection, and the centralized and distributed management of privileges. They support scalable, interoperable and fine-grain access control services; dynamic delegation of rights; and user-role assignments. They also reduce the administration overheads for resource providers because they need to maintain only the mapping information from VO roles to local database roles. Resource providers maintain the ultimate authority over their resources. Moreover, unnecessary mapping and connections can be avoided by denying invalid requests at the VO level. Performance analysis shows that our RBAC systems add only a small overhead to the existing security infrastructure of OGSA-DAI