Entries in 'security'
« Previous Page — Next Page »
Tom Scavo writes of two new GridShib technology preview releases:
The GridShib Project is pleased to announce the simultaneous release of GridShib SAML Tools v0.2.0 Technology Preview 1 and GridShib for GT v0.6.0 Technology Preview 4. These two components work together to seamlessly integrate SAML into a Globus grid environment.
To evaluate this new software technology, please refer to this Quick Start:
http://gridshib.globus.org/docs/gridshib-gt-0.6.0-tp4/quick-start.html
The Quick Start guide gives detailed instructions for installing, configuring, and using Globus Java WS Core 4.0.5, GridShib for GT v0.6.0, and GridShib SAML Tools v0.2.0.
For more information and links, see http://www.globus.org/mail_archive/gridshib-dev/2007/07/msg00047.html
Tom Scavo writes on gridshib-dev:
Technology Preview 3 of GridShib for GT v0.6.0 introduces some significant new features:
- A single comprehensive PDP, the GridShibPDP
- Implementation of a new Attribute Aggregation Algorithm (push + pull)
- Dual support for both GT4.0 and GT4.1+
- Improved logging
This is in addition to features already introduced in previous versions of GridShib for GT:
- Support for both Attribute Push (NEW) and Attribute Pull
- Blacklisting of IP addresses (NEW)
- Attribute Mapping
- Attribute-based Authorization Policy
Read the whole announcement for more details!
The Blue Pill/Subvirt approach (I addressed it earlier) has a new name apparently: hyperjacking [google query].
The GridShib project has simultaneously released new versions of the GridShib CA and the GridShib SAML tools.
You can find the latest code and documentation links (including links to demos) here:
http://gridshib.globus.org/download.html
And here are the changelogs:
GridShib CA 0.4.0
GridShib SAML Tools 0.1.4
Our paper about virtual appliance configuration and management was accepted to the TeraGrid 2007 conference and is now online: A Scalable Approach To Deploying And Managing Appliances.
This paper examines configuration and security issues that large and heterogeneous deployments of virtual appliances/workspaces will face.
From the introduction:
The goal of this paper is to develop a holistic approach that would provide scalable and sustainable ways of managing and deploying virtual workspaces implemented as VM images. We will discuss ways of leveraging existing configuration management tools, exemplified by the Bcfg2 system, for VM image lifecycle management that will allow systems staff to deploy robust virtualized resources for their users. We will also describe the process of contextualization — integration of an appliance in its deployment context — and discuss its reference implementation using Bcfg2 and the Workspace Service.
The GridShib Project is pleased to announce GridShib for GT v0.5.1, which is now available on the GridShib Downloads page:
http://gridshib.globus.org/download.html#gridshib-gt
For a detailed changelog of what is new in this release, see:
http://gridshib.globus.org/docs/gridshib-gt-0.5.1/admin-index.html#gridshib-gt-changelog
The major change in this release is support for using VOMS based authorization in conjunction with SAML attribute based authorization (authorization will be based on one or the other). If you are not interested in using VOMS, GridShib for GT will compile and run without needing to install the VOMS authorization library.
We are pleased to announce that an update of the VOMS authorization package is now available.
This library is for the GT4 Java core authorization framework. It allows VOMS certificates to be inspected and authorization decisions to be made based on the attributes.
The notable changes are:
- support for user account mappings from VOMS attributes
- compatibility with both GT4.0.x and GT4.1.0.
For information on downloads, installation, and configuration, see the VOMS page:
http://dev.globus.org/wiki/VOMS
Tom Scavo writes:
The GridShib Team is pleased to announce the availability of the
GridShib SAML Tools v0.1.3.
http://gridshib.globus.org/docs/gridshib-saml-tools-0.1.3/readme.html
Changes in this release include:
- added support for –ssoResponse command-line option
- fixed logging bug http://bugzilla.globus.org/globus/show_bug.cgi?id=4982
- fixed (UNIX) file permissions on scripts in bin/
- fixed CRLF on scripts and editable text files
- implemented web-based demo script https://computer.ncsa.uiuc.edu/gst-demo/
To see the GridShib SAML Tools in action, please try out our new demo app:
https://computer.ncsa.uiuc.edu/gst-demo/
The source code used to implement this demo is bundled with the SAML
Tools. As always, you can download the SAML Tools and other software
components from the GridShib Downloads page:
http://gridshib.globus.org/download.html
On Friday, Tom Scavo wrote:
The GridShib Team is pleased to announce GridShib SAML Tools v0.1.2.
http://gridshib.globus.org/docs/gridshib-saml-tools-0.1.2/readme.html
Changes in this release include:
- fixed incompatibility bugs with JDK 1.4
- fixed incompatibility bugs with OpenSAML 1.1
- enabled logging
- enabled debug option
- updated JGlobus CoG library
- added subjectIP address to command-line interface
Many thanks to Wonjun Lee for his extremely helpful feedback and assistance.
To try out the GridShib SAML Tools, please visit the GridShib Downloads page:
http://gridshib.globus.org/download.html#saml-tools
I ran across an interesting overview paper, Attacks on Virtual Machine Emulators by Peter Ferrie, Senior Principal Researcher, Symantec Advanced Threat Research.
Abstract - As virtual machine emulators have become commonplace in the analysis of malicious code, malicious code has started to fight back. This paper will explain known attacks against the most widely used virtual machine emulators (VMware and VirtualPC). It will also demonstrate newly discovered attacks on other virtual machine emulators (Bochs, Hydra, QEMU, and Xen), and describe how to defend against them.
A lot of the paper covers detection which I would say is different from an attack.
An interesting thing discussed is a way to use the CPUID instruction in combination with examining pages in the TLB to detect the presence of VMMs (cf. this previous entry here).
There is also a description of an authentication method that Parallels employs, a session key placed into the general registers by the guest (it also discusses a way of crashing Parallels on demand).
Slides and the paper can be downloaded from the author’s homepage.
Tom Scavo writes on gridshib-announce:
The GridShib Team is pleased to announce GridShib
SAML Tools v0.1.1.
http://gridshib.globus.org/docs/gridshib-saml-tools-0.1.1/readme.html
The most visible feature of this minor point release of the GridShib SAML Tools is its ability to use a Java KeyStore as the issuing credential. The install script now creates such a KeyStore, which reduces the startup requirements to Java and Ant, nothing more.
To try out the GridShib SAML Tools, please visit the GridShib Downloads page:
http://gridshib.globus.org/download.html#saml-tools
The GridShib SAML Tools issue or request SAML assertions and optionally bind these assertions to X.509 proxy certificates for use on the grid (or in other scenarios).
The toolbox consists of the following components:
- SAML Assertion Issuer Tool
- SAML Attribute Query Client
- SAML X.509 Binding Tool
- Globus SAML Library
For more information, read the GridShib SAML Tools 0.1.1 documentation.
« Previous Page — Next Page »
