Re-designing the PhEDEx Security Model

Huang, C.-H.; Wildish, T.; Zhang, X.

doi:10.1088/1742-6596/513/4/042051

Title: Re-designing the PhEDEx Security Model

Conference · Wed Jan 01 00:00:00 EST 2014 · J.Phys.Conf.Ser.

DOI:https://doi.org/10.1088/1742-6596/513/4/042051· OSTI ID:1296588

Huang, C.-H. ^[1]; Wildish, T. ^[2]; Zhang, X. ^[3]

Fermilab
Princeton U.
Beijing, Inst. High Energy Phys.

PhEDEx, the data-placement tool used by the CMS experiment at the LHC, was conceived in a more trusting time. The security model provided a safe environment for site agents and operators, but offerred little more protection than that. Data was not sufficiently protected against loss caused by operator error or software bugs or by deliberate manipulation of the database. Operators were given high levels of access to the database, beyond what was actually needed to accomplish their tasks. This exposed them to the risk of suspicion should an incident occur. Multiple implementations of the security model led to difficulties maintaining code, which can lead to degredation of security over time. In order to meet the simultaneous goals of protecting CMS data, protecting the operators from undue exposure to risk, increasing monitoring capabilities and improving maintainability of the security model, the PhEDEx security model was redesigned and re-implemented. Security was moved from the application layer into the database itself, fine-grained access roles were established, and tools and procedures created to control the evolution of the security model over time. In this paper we describe this work, we describe the deployment of the new security model, and we show how these enhancements improve security on several fronts simultaneously.

View Conference

Cite

Export

Save

Research Organization:: Fermi National Accelerator Lab. (FNAL), Batavia, IL (United States)

Sponsoring Organization:: USDOE Office of Science (SC), High Energy Physics (HEP)

DOE Contract Number:: AC02-07CH11359

OSTI ID:: 1296588

Report Number(s):: FERMILAB-CONF-14-495-CD; 1302124

Journal Information:: J.Phys.Conf.Ser., Vol. 513; Conference: 20th International Conference on Computing in High Energy and Nuclear Physics, Amsterdam, The Netherlands, 10/14-10/18/2013

Country of Publication:: United States

Language:: English

Similar Records

The PhEDEx next-gen website

Conference · Sun Jan 01 00:00:00 EST 2012 · J.Phys.Conf.Ser. · OSTI ID:1296588

Egeland, R.; Huang, C. H.; Rossman, P.; +2 more

Request for All - A Generalized Request Framework for PhEDEx

Conference · Wed Jan 01 00:00:00 EST 2014 · J.Phys.Conf.Ser. · OSTI ID:1296588

Huang, C.-H.; Wildish, T.; Ratnikova, N.; +3 more

The 2004 knowledge base parametric grid data software suite.

Conference · Sun Aug 01 00:00:00 EDT 2004 · OSTI ID:1296588

Wilkening, Lisa K; Simons, Randall W; Ballard, Sandy; +3 more

Title: Re-designing the PhEDEx Security Model

Citation Formats

Similar Records

Related Subjects