wiki:SecurityMatrix
Last modified 11 years ago Last modified on 05/01/2008 08:27:20 AM

LSST Security Realms

This page is part of Security.

LSST infrastructure has three major levels, from a security point of view:

  1. Observatory & base station
  2. Archive center & internal processing
  3. Data access interfaces for the public and scientific applications

As you go down the list, each level, in comparison to the one before it:

  • Is less critical to real-time science operation
  • Is more visible to the scientific community and public
  • Has more users and greater exposure to security risks
Realm Downstream Endurance Users
Mountaintop Base Facility
via dedicated network
??? Days
  • mountaintop admins: administration
  • base facility admins: infrastructure diagnostics
  • staff scientists: science diagnostics
Base Facility Archive Center
via Internet (high-bandwidth, specially provisioned link)
??? Days
  • base facility admins: administration
  • mountaintop admins: diagnostics
  • archive center admins: diagnostics
  • staff scientists: science diagnostics
Archive Center Data Access Centers
via Internet (high-bandwidth) or local network
unlimited
  • archive center admins: administration
  • data access center admins: diagnostics
  • staff scientists: science diagnostics
Data Access Center Public & Science Access
via Internet
unlimited
  • admins: administration
  • public users: data query, implicit computation
  • science users: data query, personal workspace, explicit computation
  • applications: data query, partitioned workspace, explicit computation

Definitions

Realm
A logical or physical site, with its own security requirements.
Downstream
The realms that connect to this realm; this realm must be protected from "backwash" of problems and attacks in the downstream realm.
Endurance
How long can this realm function without support from the downstream realms? For example, how soon will the mountaintop buffers fill up without export to the base station?
Users
Roles that have access to this realm. In practice, individuals may fill multiple roles, such as both base station administrator and archive center admin, but we must make sure that if their account in one role is compromised, it does not affect upstream roles (and preferably not downstream roles either).

Questions

  1. Mountaintop & base facility: Are admins for the two facilities the same people? Do the facilities share user accounts? Is there a firewall between them?
  2. Should Archive Center and Primary Processing be a single security realm?