A conversation with Dr. Mine Altunay, Security Officer at Open Science Grid (OSG)
Dr. Mine (pronounced Meené) Altunay is the OSG''s (Open Science Grid) Security Officer.
In most people's mind, a "security officer" is a tough man or woman with a uniform. This is one image Google shows when searching these words:
Fermilab is one of the premier Nuclear Research and High Energy Physics institutions in the world. This is where Leon Lederman won the Nobel Prize and coined the name of God Particle for Higgs boson. Since 2000 until 2009 Fermilab's Tevatron collider - the largest in the world at that time - led the search for Higgs boson. Fermilab and OSG managements both entrusted Dr. Mine Altunay's team to defend their strategic digital assets for the last seven years.
Q: What is most important "To-do" for the safest grid possible?
A: I will start by asking myself: "What is the usage of your most precious assets? What do you want to protect? What are the things that you are NOT going to tolerate?" I start from here, because it is impossible to completely eliminate the risks of every possible attacks, - you will waste your time doing that. Which are the assets we select for maximum security and place various security layers to protect? This is part of our core activity. It stretches us to discover novel ideas all the time.
Q: What about users' reactions?
A: The certificates for mainstream OSG users are not popular, because they are difficult to learn and manage. No one uses certificates for Google, Facebook, and so on, so why should they use them in OSG? We want to make the certificate process completely transparent to the user. One way to achieve this - and we are working at this now - is the OSG portal may authenticate users based on users name passwords, and then automatically produce the certificates for the user. Most VOs have their own front-end and they can run this sort of software once we have it ready.
Q: Does it mean the new sign-on will unburden the users from certificate headaches?
A: Yes. We developed a single sign-on solution using certificates for access. In addition, each VO still has its local access restrictions in place. This will be a win-win solution.
Q:: If you had a magic wand, what would you like it to do?
A: I will use it to make the certificates go away! :-) We are getting there, but each front end has its own restriction and is evaluating the certificate-less solution. We also evaluate it in OSG itself. It is a big change that affects our entire security principles. For example user trace-ability If you don't give any certificate, how I am going to trace that user? If we don't have the certificate, then what can we put as a token to achieve this important trace-ability?
Q: Is this a new research topic?
A: Our research focuses on what happens when we take away the certificates - as an experiment - . I think the technology is there, and this is what I am working at right now. The secret is to get rid of certificate in a secure manner, for the end users. We will be using certificates for other things like service certificates, between the machines, but our main focus is to make user certificates transparent
Q; This is a leading edge...
A: It is research, as opposed operational day to day security assurance. We get a lot of encouragement and support from OSG's top management.
Post Scriptum
Last year, Mine was interviewed at Cloud Connect Chicago where she delivered a keynote address.
A two minute video is better than a thousand words and I embedded it here for our readers
In most people's mind, a "security officer" is a tough man or woman with a uniform. This is one image Google shows when searching these words:
I retried to google with the words "OSG security officer" and Google had an "Aha" moment:
Mine and I met at the Open Science Grid All Hands meeting in Indianapolis in March this year. She holds a PhD from North Carolina State University in Computer Engineering. She preserves an adolescent youth; she talks with that rare competence of the people who know what they are doing. She is both modest and professional. Yet, she makes everyone feels the knowledge comes from them. This is a key ingredient to make the men and women in her team be on her side and collaborate willingly.
Mine Altunay, Ph.D. |
Q: Mine, how would you describe your job at Fermilab?
A: I am an employee of Fermilab, where I head CSR (Collaborative Security Research) group, reporting directly to the CIO, Irwin Gaines
Q:: And at OSG?
A: I am also "on loan", so to speak, to be the Security Officer of the Open Science Grid. Fermilab is both a Site and VO (Virtual Organization) within Open Science Grid.
In an article earlier this year, Computing Bits describes the CMS (one the detectors from the Large Hadron Collider at CERN) security drill - pointing out the key function Mine has:
In a bank, for example, high financial stakes form an attraction for professional hackers; conversely, the highly valuable scientific data here is too complex to be subject to a simple heist for a quick buck. So, why all this effort? First, it is important that scientific data remains secret before collaborations decide to announce their results in order to protect the integrity and validity of the analysis and the reputation of the collaboration. Secondly, amateur hackers, third-party software and leaks pose security risks. Moreover, says Altunay, “Our biggest concern is losing production time, losing effective use of our resources,” as well as a potential detrimental impact on the collaboration’s reputation.
Q: You mentioned Sites and VOs. What is the difference?
A: A Site is a collection of resources. A VO is super-set of the site; it can include users, science projects, and experiments, collections and other sites. OSG provides security services for all the VOs and Sites, yet each VO has its own local security with their policies. We take care of the security of Open Science Grid software and policies. But there are common infrastructure needs, like the identity management for all VO as each has its' own policies of who can access their data. We can help providing operational security: compliance, oversight, and assessment. We recommend, not impose. We make sure all risks are lower than threshold tolerable in all OSG's policies.
Fig. 1 The essential scientific paper about "A Science Driven Production Infrastructure at OSG," published in 2011. Mine is among the authors. |
Q: You said risks lower than... lower than what?
A: It is not an exact scientific formula. We have a security team deciding how much is good enough
Five years ago, in the article Distributed security: keeping Open Science Grid closed to intruders we read
Digital Preservation Management Workshops and Tutorial is an IT security 101 course on line. Quote:“A feeling of false safety is much more dangerous than always being on our toes,” Altunay says.“So far we’ve never had an incident that has prevented us from running, but this doesn’t mean we don’t have vulnerabilities. We are constantly thinking of our response to potential incidents: Will our communications channels be open? Is our technical knowledge up to date? Will everybody know what to do?”
Devise a “what if” scenario based on a worst-case situation and evaluate your institution's capabilities to protect digital assets
Q: What is most important "To-do" for the safest grid possible?
A: I will start by asking myself: "What is the usage of your most precious assets? What do you want to protect? What are the things that you are NOT going to tolerate?" I start from here, because it is impossible to completely eliminate the risks of every possible attacks, - you will waste your time doing that. Which are the assets we select for maximum security and place various security layers to protect? This is part of our core activity. It stretches us to discover novel ideas all the time.
A: The certificates for mainstream OSG users are not popular, because they are difficult to learn and manage. No one uses certificates for Google, Facebook, and so on, so why should they use them in OSG? We want to make the certificate process completely transparent to the user. One way to achieve this - and we are working at this now - is the OSG portal may authenticate users based on users name passwords, and then automatically produce the certificates for the user. Most VOs have their own front-end and they can run this sort of software once we have it ready.
Q: Does it mean the new sign-on will unburden the users from certificate headaches?
A: Yes. We developed a single sign-on solution using certificates for access. In addition, each VO still has its local access restrictions in place. This will be a win-win solution.
Q:: If you had a magic wand, what would you like it to do?
A: I will use it to make the certificates go away! :-) We are getting there, but each front end has its own restriction and is evaluating the certificate-less solution. We also evaluate it in OSG itself. It is a big change that affects our entire security principles. For example user trace-ability If you don't give any certificate, how I am going to trace that user? If we don't have the certificate, then what can we put as a token to achieve this important trace-ability?
Q: Is this a new research topic?
A: Our research focuses on what happens when we take away the certificates - as an experiment - . I think the technology is there, and this is what I am working at right now. The secret is to get rid of certificate in a secure manner, for the end users. We will be using certificates for other things like service certificates, between the machines, but our main focus is to make user certificates transparent
Q; This is a leading edge...
A: It is research, as opposed operational day to day security assurance. We get a lot of encouragement and support from OSG's top management.
Last year, Mine was interviewed at Cloud Connect Chicago where she delivered a keynote address.
A two minute video is better than a thousand words and I embedded it here for our readers
Comments