[glue-wg] Security considerations

Maarten Litmaath Maarten.Litmaath at cern.ch
Tue Nov 4 13:00:04 CST 2008 

Hi Paul,

> As promised, here's a few words on security, following from RFC-3552's 
> suggestions:

Nice job!  Some suggestions inline.

> 9. Security Considerations
> 
> [...]
> 
> When deploying a information system conforming to GLUE 2.0 conceptual
|                ^
|                an

> [...]
> 
> 9.2  Non-repudiation
> 
> [...]
> specific to the concrete data model or it may be provided outwith of
|                                                           ^^^^^^^
|                                                           outside

Nobody outside (!) Scotland uses that word...  :-)

> the GLUE conceptual model.
> 
> [...]
> 
> 9.3.2 Inappropriate Usage
> 
> [...]
> 
> Individual grids may describe what they consider appropriate usage of
> GLUE information and implement appropriate procedure to ensure this
|                                            ^^^^^^^^^
|                                            procedures

> policy is enacted.
> 
> [...]
> 
> 9.4.2 Replay
> 
> Grid operations may depend on information provided in GLUE conceptual
> model.  A replay attack would revert part (possible all) information
|                                                         ^
|                                                         of the

> [...]
 >
 > Underlying concrete models and implementing software should prevent
|                                ^^^^^^^^^^^^^^^^^^^^^
|                                software implementations

 > replay attacks.
>
> 
> 9.4.3 Message insertion
> 
> The ability to insert information is key to providing accurate
> information.  However, inserting incorrect information may have a
> detrimental effect to the running systems; for example, there are
> attributes in the conceptual model accept multiple values.  If
|                                   ^
|                                   that

> incorrect values are included, the systems may suffer.
> 
> Many aspects of GLUE provide service discovery.  Inserting false
> information would allow unauthorised services to publish their
> presence and attract activity.  This may be used as a basis for
> further attacks.
> 
> Underlying concrete models and implementing software should ensure
|                                ^^^^^^^^^^^^^^^^^^^^^
|                                software implementations

> that agent's ability to insert information is limited and appropriate.
|     ^
|     an

> [...]
> 
> 9.4.5 Modification
> 
> The ability to modify information is key to providing accurate
> information.  However, concrete data models and implementing software
|                                                 ^^^^^^^^^^^^^^^^^^^^^
|                                                 software implementations

> should limit agents so their ability to modify information is limited
> and appropriate.
> 
> 
> 9.4.6 Man-in-the-middle.
> 
> Man-in-the-middle attacks may allow arbitrary modification of data
> within the GLUE conceptual model.  This may have severe influence on
> the systems based on GLUE information.
> 
> Underlying concrete models and implementing software should understand
|                                ^^^^^^^^^^^^^^^^^^^^^
|                                software implementations

> the risk from man-in-the-middle attacks and provide appropriate
> security against them.
> 
> 
> 9.4.7 Denial of service attacks
> 
> A Denial of Service attack is one that attempts to prevent normal
> operation of systems.  Perhaps, the most obvious is to prevent or
> corrupt the flow of information.
> 
> Systems using GLUE conceptual model should understand the risk from
> lack of information.  Appropriate measures should be taken to ensure
> the systems continue to run whenever possible.
|                             ^^^^^^^^
|                             to the extent

Thanks,
	Maarten

More information about the glue-wg mailing list