Security Service Challenges

From GridPP Wiki
Jump to: navigation, search

Security Service Challenges SSC1

These tests are basically an auditing on job tracking in order to evaluate:

  1. Whether sites understand how to track an incident at their site.
  2. How long does it take each site to respond to questions asked and why
  3. Part of this exercise involves also comunication between sites and the use of ticketing systems to track the "incident". It is therefore a test also for the structure.

Storage Security Challenge

As LCG has no plans in this area, we plan to have a go at this ourselves (from Storage Phone conf, 19 Apr 06). The tests are split into three areas, in decreasing order of priority:

  1. Logging: a randomly selected person writes a file to a site's SE. Within the next 48 hours, we ask the site for who wrote the file, and who else accessed it.
  2. Logging: ask the opposite question: given a DN of a random person, which files has this DN created/uploaded within the last week? The DN may belong to a compromised credential, and we will want to see if it was used after it was known to be compromised.
  3. Access control: someone from one VO writes a file into an SE. A person from another VO (or the same) tries to read it, update it, delete it. This is more a functionality test, but can also depend on the site because SEs may be configured differently between sites.
  4. Blocking a user. See How to ban/blacklist user on CE and SE. This needs testing. And then, how do you find out what the user is trying to do when the user is blocked.

An interesting related problem is what happens if you need to take this data to a court of law. This is a wholly separate problem and imposes severe restrictions on how you manage the data. And there are no guarantees.