REVIEW-49: XCI-185 Analyze SSO Hub usage - Design/Security Review

Overview

General design and security risk review for new SSO hub usage collection and analysis

Review Summary

  1. Using Globus Usage stats for GSISSH Servers to determine the number of logins from the SSO hub was found not to be possible because the server stats don't include client info.
  2. A suggestion for compiling the number of unique IP addresses for each user to determine potentially compromised accounts was found to be out of scope and also redundant since SSO Hub has other security measures in place for that kind of scenarios.
  3. A suggestion to determine how many logged in users are sitting idle (and for how long) on the SSOHub was determined to be out of scope.
  4. A suggestion for a metric on the total number of gsissh connections over the specified period was accepted.
  5. A suggestion to specify that filtered raw data would be generated on a daily basis and sent to a central repository being designed as part of XCI-187 was accepted and the design doc updated.

Review Input Documents

https://software.xsede.org/viewvc/xsede/xci/activities/xci-185/trunk/Deliverables/XCI-185-SSOHubUsage-Design.pdf?revision=3985&view=co

Review Criteria

Please focus on these questions:

  1. Does the proposed design gather the most useful usage information?
  2. Are the methods proposed to gather capture usage information appropriate?
  3. Are the methods proposed to analyze usage appropriate?
  4. Are relevant XSEDE security policies and best practices followed?
  5. Is the proposed usage information data access and privacy reasonable?

and the following solution support scenarios:

  1. XSEDE has recent and historical SSO hub usage information (as a service and as a client to other SSH services)

Schedule

Current Date: 2025-04-28
Current Status: Closed (Design and Security Review)
Target Date Actual Date Activity Milestone
  2017-11-21 Review launch date
2017-12-01 2017-12-18 Written feedback due (Reviewers)
2017-12-08 2017-12-19 Written response date (Review Material Developers)
2017-12-19 Final approval due and completion date (Reviewers)
Review Created: 2017-11-21 3:27 pm
Review Last Updated: 2018-02-16 9:33 am

 

Reviewers

If you are a reviewer, please login to sign or withdraw from this review.

Required

  • John-Paul Navarro
    SIGNED: 2017-12-18 14:34

Optional

  • Victor Hazlewood
  • Jim Marsteller
  • Derek Simmel
    SIGNED: 2017-12-01 18:09
  • Adam Slagell
  • Shava Smallen
    SIGNED: 2017-11-29 14:25

Review Material Developers

Venkatesh Yekkirala
Jim Basney

Review Facilitator

 

Please post your comments using the "New topic" or "Post reply" buttons in the forum below.