IRODS Security Wayne Schroeder Data Intensive Cyber Environments - - PowerPoint PPT Presentation

irods security
SMART_READER_LITE
LIVE PREVIEW

IRODS Security Wayne Schroeder Data Intensive Cyber Environments - - PowerPoint PPT Presentation

Sep 17, 2022 102 likes •210 views

IRODS Security Wayne Schroeder Data Intensive Cyber Environments Team (DICE) Institute for Neural Computation (INC), University of California San Diego irods.org, dice.unc.edu, diceresearch.org Outline General Comments What Guarding

slide-1
SLIDE 1

Wayne Schroeder Data Intensive Cyber Environments Team (DICE) Institute for Neural Computation (INC), University of California San Diego irods.org, dice.unc.edu, diceresearch.org

IRODS Security

slide-2
SLIDE 2

Outline

 General Comments  What Guarding Against  Authentication  Trust Model  IRODS Counter-Measures  Administrator Responsibilities  Future

slide-3
SLIDE 3

Overview

 Computer Software Never Completely Secure

  • Ease-of-use vs. security
  • Ease-of-Implementation, cost/benefit
  • Encryption time
  • Attacks/Counter-Measures

 Open Source Tends to be More Secure

  • Vulnerabilities must be Handled Responsibly
  • Needs to be Collaborative
slide-4
SLIDE 4

What We Are Guarding Against

 IRODS Does What It Should

  • Users Are Who They Say
  • Access Controls Enforced (Read/Write)
  • Resist Denial-Of-Service Attacks
  • Resist SQL Injection Attacks

 Host OS Remains Secure

slide-5
SLIDE 5

Protect OS

 Running as non-root helps  Buffer Overflows Avoided

 Rstrcpy, etc

 Open Source

slide-6
SLIDE 6

Authentication

 IRODS Password/GSI/Kerberos Network Secure

 Have to be

 Keys Can Be Stolen and Used

 Host/NFS Needs to be Secure  GSI Credentials Time-Limited

 IRODS Credentials

 Not Plain-text Credential (iinit)  But Source to Unscramble Is Open  NFS May Expose on Network

slide-7
SLIDE 7

Trust

 Client Code Not Trusted

 Can't be (Network Often Not Secure)

 Server Code Is Trusted

 Has To Be

 Micro-Service Is Server Code  IRODS Admins Are Trusted  ICAT DB/Admins Are Trusted  Client Code Not Trusted

 Can't be (Network Often Not Secure)

 Server Code Is Trusted

 Has To Be

 Micro-Service Is Server Code  IRODS Admins Are Trusted  ICAT DB/Admins Are Trusted  Client Code Not Trusted

 Can't be (Network Often Not Secure)

 Server Code Is Trusted

 Has To Be

 Micro-Service Is Server Code  IRODS Admins Are Trusted  ICAT DB/Admins Are Trusted

slide-8
SLIDE 8

Some iRODS Counter-Measures

 Buffer Overflow Checks Throughout – OSX 10.6 Noticed Some Inconsistencies; – Fixed in 2.3  Client/Server Call (rc/rs) Privilege Levels

 Some Admin-only (e.g. chlSimpleQuery)

 Server/Agent Fork/Exec Mechanism

 Planned Addition of Multi-Threading

 Use of Bind-Variables

 DB Treats as Name; avoid SQL injection

slide-9
SLIDE 9

IRODS Admin Responsibilities

 Keep Server Access Secure

– Good passwords, OS Patches, etc  Keep IRODS source code secure

 Proper user-level access control

 Check Added Micro-Services  Keep Passwords Secure  Optionally: – Configure remoteZoneSID (man-in-middle) – User irodsServerDN if using GSI

slide-10
SLIDE 10

Future Work

 Ongoing Security Analysis (UNC, Simon Spero)  University Analysis U of Wisconsin (Barton Miller/ James Kupsch) – Collaborative Project as done with SRB; Highly Effective  Bug Fixes  Continue On-Going; Balanced with Other Needs/ Requirements – Enough For Most Instances – Without Placing Too Much Burden on Users/ Admins/Developers