CTSC and Globus recently completed an engagement in which CTSC took a close look at the Globus data sharing feature. As many in the NSF community already know, Globus provides both services and applications that try to make it easier for scientists to focus on their science. One key Globus service is data management, especially the movement of files between two endpoints, e.g. between two users’ personal computers, between a user’s computer and a large institutional storage site, or between two other endpoints. In addition to an explicit data copy between endpoints, Globus also has a data sharing feature in which a user can make an entire folder accessible (read/write) to other Globus users. CTSC performed an assessment of this particular feature of Globus. The assessment covered a review of the design, architecture, and high-level implementation of the sharing feature. It was not a code review; however, the CTSC team did perform a source code installation of a Globus Connect Server, with the sharing feature enabled, and analyzed how credentials were being handled and how log files were being generated. While the assessment did not reveal any high security risks for the data sharing feature, CTSC did make a number of recommendations to address low-to-medium risks. These recommendations included improving the documentation, for both system administrators and users, and improving the logging and monitoring of sharing activity.
An ongoing challenge in such assessments of software features is the lack of clear process for doing the assessment, as the question is more one of “is this doing the right thing” without clear definition of what “the right thing” is (a challenge we also tackled in our engagement with Pegasus WMS). For this engagement we utilized a modified set of principles originally put forth by Saltzer and Schroeder in 1975 on the protection of information systems, to help guide our assessment. We think utilizing the principles helped significantly and plan to continue exploring their use in future engagements.
For more information, please see the Globus-CTSC Engagement final report, available at http://hdl.handle.net/2022/19165.
We want to thank the Globus team, especially Rachana Ananthakrishnan, Mike Link, and Steve Tuecke, for their helpful collaboration on this engagement.
See how CTSC might engage with you and your NSF project at http://trustedci.org/howwehelp/.
