iSGTW - International Science Grid This Week
iSGTW - International Science Grid This Week

Home > iSGTW 07 November 2007 > iSGTW Feature - Distributed security: keeping Open Science Grid closed to intruders


Feature - Distributed security: keeping Open Science Grid closed to intruders

“A feeling of false safety is much more dangerous than always being on our toes.” Head of OSG Security Mine Altunay says constant vigilance is essential.
Images courtesy of Marcos Papapopolus

One of the most essential parts of operating the Open Science Grid is keeping it closed.

Closed to malicious intruders.

And protected from inadvertent as well as malevolent attack.

Head of OSG Security, Mine Altunay, says she’d always prefer to be safe than sorry.

“A feeling of false safety is much more dangerous than always being on our toes,” Altunay says.

“So far we’ve never had an incident that has prevented us from running, but this doesn’t mean we don’t have vulnerabilities. We are constantly thinking of our response to potential incidents: Will our communications channels be open? Is our technical knowledge up to date? Will everybody know what to do?”

Aiming for automation

Altunay’s team are now placing a strong emphasis on automated authorization and trust management issues, with a focus on end-to-end security as they enter OSG’s second year.

“Currently, when user privileges need to be executed or revoked at a remote site, many sites may have little idea about what those privileges are,” Altunay says. “A lot depends on communication between virtual organizations and individual sites, and this can happen in an ad hoc fashion.”

“Automating this system will vastly improve our security protections and ability to respond quickly to incidents,” says Altunay.

“Our work mainly focuses on trust relationships between grid sites and virtual organizations. Trust is the holy grail for us,” says Mine Altunay, head of OSG Security.
Images courtesy of Alaina B

A second focus will be monitoring the health of the OSG infrastructure.

“What’s going on out there at the different sites? For us it is extremely important to be able to collect lots of data and interpret it in a meaningful way. It’s a very challenging problem because we need to monitor multiple sites; if we do detect suspicious activity, we need to contain it at affected sites.”

Knock, knock. Who’s there?

So who should grid infrastructures be protecting against?

“Given the thousands of users anticipated to use grids over the next few years, we inevitably have novices who are not up to date on the potential for inadvertently destructive activities,” says Altunay. “In addition to these innocent ‘attacks,’ we are also focused on malicious attackers who explore unrecognized vulnerabilities and try to intrude on our computers. Then there are the so-called Script Kiddies, who might attack ‘dot gov’ domains for the thrill.”

Leading examples from the “in” crowd

And although Altunay spends her days creating new ways to keep destructive activities “out,” she’s found OSG a great place to be “in.”

“It’s a fantastic environment,” she says. “We have many challenges but I think we will make the necessary progress. We have good people producing a good quality of work.”

“Working with Ruth (Pordes, head of OSG) has also been a pleasant surprise. I’ve never had a female boss before,” she says. “I was the only woman in my computer engineering graduate class; I thought it would change as a post grad, but it became even worse. It’s really important for women in science to serve as role models. It gives an important message to everyone.”

- Cristy Burne, iSGTW 



 iSGTW 22 December 2010

Feature – Army of Women allies with CaBIG for online longitudinal studies

Special Announcement - iSGTW on Holiday

Video of the Week - Learn about LiDAR


NeHC launches social media

PRACE announces third Tier-0 machine

iRODS 2011 User Group Meeting

Jobs in distributed computing


Enter your email address to subscribe to iSGTW.


 iSGTW Blog Watch

Keep up with the grid’s blogosphere

 Mark your calendar

December 2010

13-18, AGU Fall Meeting

14-16, UCC 2010

17, ICETI 2011 and ICSIT 2011

24, Abstract Submission deadline, EGI User Forum


January 2011

11, HPCS 2011 Submission Deadline

11, SPCloud 2011

22, ALENEX11

30 Jan – 3 Feb, ESCC/Internet2


February 2011

1 - 4, GlobusWorld '11

2, Lift 11

15 - 16, Cloudscape III

More calendar items . . .


FooterINFSOMEuropean CommissionDepartment of EnergyNationalĀ ScienceĀ Foundation RSSHeadlines | Site Map