Introduction and Motivation
Grid Computing has often been heralded as the next logical step after the World Wide Web. Instead of only accessing static content (i.e. web pages) users of Grids can access dynamic resources such as computer storage (for any sort of data) and use the computing resources (i.e. the CPU) of computers under the umbrella of a virtual organisation. Although Grid Computing is often compared to the World Wide Web, it is vastly more complex both in organisational and technical areas. This also extends into the area of security and incident response, where established academic CSIRTs face new challenges arising from Grids.
The German ministry of education and research (BMBF) has started in 2005 a strategic initiative, D-Grid, to further Grid computing and usage within the German scientific community. This initiative is similar in many ways to those of other countries around the world. Part of that initiative is the establishment of CSIRT services for Grids.
Cormack, et al. have argued in "that CSIRT activities for a Grid are not fundamentally different from those performed by a traditional CSIRT." In practice, there are many challenges to be overcome to establish a CSIRT for the specific needs of Grids and Grid users. The following two sections will give an overview about the challenges and experiences DFN-CERT has encountered while setting up a CSIRT for the D-Grid communities.
Organisational Challenges
One of the first lessons learned is, that there is not "the Grid", like "the Web" or "the Usenet". As in the case of the D-Grid project, there are, even at the beginning, no less than six Grid communities: high-energy physics, climate research, astrophysics, engineering and medicine. There is even a text-Grid for use in the humanities. Each has its own unique set of requirements that extend to the field of security. Researchers in physics for example, have few requirements about the protection of intellectual property from the participants in their Grids, contrary to that engineers place high emphasis on this particular area. Participants in a medical Grid have high requirementsabout the protection of patient data. Grids with practically no personal data, like climate research place no emphasis on this area. An academic CSIRT thus has to learn about the specific requirements of each and every Grid community within its constituency.
One could argue, that the Grid communities are already part of the CSIRTs constituency and thus, this would be a simple task of asking the CSIRT of the local organisations. In practice, the local teams are often not aware of Grid activities and vice versa. Besides that, there are sometimes teams for the whole grid, that are not directly affiliated with one site. Also, many groups use the same terminology, but with different meaning and emphasis.
A different approach is needed, that circumvents the problems of local groups. The D-Grid initiative provides an excellent forum because it establishes an exchange platform for the Grid communities in Germany. Making DFN-CERT known to the Grid communities is thus a simple matter of introducing it into these forums.
Experience with CSIRT operation has shown, that international cooperation is imperative to successful establishment of CSIRTs. In the field of Grids, this means that an international web of cooperation has to be established as well. On one side, this extends into the CSIRT community, where organisations such as FIRST and Terenas TF-CSIRT are to be engaged, on the other side the Grid communities and organisations like the Global Grid Forum (GGF). As a result of these activities, "Incident handling and security guidelines of NREN Grids" have become part of Terenas TF-CSIRT terms of reference.
Technical Challenges
To handle the technical part of Grid incidents as well as to be able to proactively help sites in securing their Grid infrastructure, a CSIRT has to develop an understanding about the software used in the Gridsm of their constituency. With this understanding, more advanced services like Grid-honeypots may be build in the future.
The underlying operating systems are common systems, like Linux, and these are well understood by CSIRTs. The next layer, the Grid middleware, is composed of big software packages like UNICORE, the Globus Toolkit or gLite, that facilitate access to storage and computing resources, as well as monitoring, directory services and authentification across virtual organisations.
These software packages are very little understood by CSIRTs. Exacerbating this problem is that there are only a few people in the academic community itself that fully understand this software. Also, setting up test installations of the huge and complex Grid middleware requires far more resources than setting up ordinary software installations, like a workstation or web server. To gain experience in this area, cooperation with existing test installations is the way to go.
Although the basic procedures of handling vulnerabilities are the same, whether for normal software or for Grid software, the concrete task of obtaining the information puts up some challenges. While Grid software is open source and developed among the same lines as standard open source packages, the standard security practices, like open mailing lists for security advisories or signed software packages, are often not followed.
