[glue-wg] Security considerations
Maarten Litmaath
Maarten.Litmaath at cern.ch
Tue Nov 4 13:00:04 CST 2008
Hi Paul,
> As promised, here's a few words on security, following from RFC-3552's
> suggestions:
Nice job! Some suggestions inline.
> 9. Security Considerations
>
> [...]
>
> When deploying a information system conforming to GLUE 2.0 conceptual
| ^
| an
> [...]
>
> 9.2 Non-repudiation
>
> [...]
> specific to the concrete data model or it may be provided outwith of
| ^^^^^^^
| outside
Nobody outside (!) Scotland uses that word... :-)
> the GLUE conceptual model.
>
> [...]
>
> 9.3.2 Inappropriate Usage
>
> [...]
>
> Individual grids may describe what they consider appropriate usage of
> GLUE information and implement appropriate procedure to ensure this
| ^^^^^^^^^
| procedures
> policy is enacted.
>
> [...]
>
> 9.4.2 Replay
>
> Grid operations may depend on information provided in GLUE conceptual
> model. A replay attack would revert part (possible all) information
| ^
| of the
> [...]
>
> Underlying concrete models and implementing software should prevent
| ^^^^^^^^^^^^^^^^^^^^^
| software implementations
> replay attacks.
>
>
> 9.4.3 Message insertion
>
> The ability to insert information is key to providing accurate
> information. However, inserting incorrect information may have a
> detrimental effect to the running systems; for example, there are
> attributes in the conceptual model accept multiple values. If
| ^
| that
> incorrect values are included, the systems may suffer.
>
> Many aspects of GLUE provide service discovery. Inserting false
> information would allow unauthorised services to publish their
> presence and attract activity. This may be used as a basis for
> further attacks.
>
> Underlying concrete models and implementing software should ensure
| ^^^^^^^^^^^^^^^^^^^^^
| software implementations
> that agent's ability to insert information is limited and appropriate.
| ^
| an
> [...]
>
> 9.4.5 Modification
>
> The ability to modify information is key to providing accurate
> information. However, concrete data models and implementing software
| ^^^^^^^^^^^^^^^^^^^^^
| software implementations
> should limit agents so their ability to modify information is limited
> and appropriate.
>
>
> 9.4.6 Man-in-the-middle.
>
> Man-in-the-middle attacks may allow arbitrary modification of data
> within the GLUE conceptual model. This may have severe influence on
> the systems based on GLUE information.
>
> Underlying concrete models and implementing software should understand
| ^^^^^^^^^^^^^^^^^^^^^
| software implementations
> the risk from man-in-the-middle attacks and provide appropriate
> security against them.
>
>
> 9.4.7 Denial of service attacks
>
> A Denial of Service attack is one that attempts to prevent normal
> operation of systems. Perhaps, the most obvious is to prevent or
> corrupt the flow of information.
>
> Systems using GLUE conceptual model should understand the risk from
> lack of information. Appropriate measures should be taken to ensure
> the systems continue to run whenever possible.
| ^^^^^^^^
| to the extent
Thanks,
Maarten
More information about the glue-wg
mailing list