-- SvenGabriel - 09-Mar-2010

Security Service Challenge level 4 (SSC_4)

Security Service Challenge (SSC4-10.03) Evaluation Form

Since SSC4 addresses the ATLAS Pilot-Job framework we, by now, have to distinguish between pilot-job-submitter and pilot-job-user. The first refers to the ID submitting and running the pilot jobs at the site and the latter to the ID of the user that submitted the job to the Pilot-Job framework, here to PANDA. One task is to find the pilot-job-user ID. This ID then has to be banned persistently, whereas the pilot-job-submitter ID has to be white-listed again, when it is assured that the pilot-job-user ID is also banned at all PANDA instances and remaining jobs of this ID are removed from the PANDA repository. This has to be coordinated with other teams.

Therefore the evaluation schema had to be modified for the SSC4-10.03 run since additional services entities are involved in this run. In particular the tasks from the category Communication / Reporting now also contain needed communication for finding the pilot-job-user. In addition the format of the reports are evaluated as well as the content. Templates for the communication can be found on: http://osct.web.cern.ch/osct/incident-reporting.html. The category Containment / Operations are extended to address the sites operations on user management, in particular banning/un-banning the pilot job submitter and ban pilot-job-user.

In addition, a discussion within OSCT showed that a binary grading schema is too coarse and partially solved tasks or insufficient reporting could not be addressed with the SSC3-9.02 schema.

The Scores are based on the following formula

 \ $ Score = Min\left( 100, DONE \times 100 \times \frac{Target\ Time}{Actual\ Time}\right)$\ \

where:

  • 100 is the max. score obtainable for full filling the objective.
  • DONE is 0 if no relevant report for the subject has been filed within the over-all deadline -168 hours (1 week).
  • DONE is 1/3, 2/3 or 1 otherwise, depending on the completeness of the activity.
  • Target Time is the time within the relevant reports should be filed after the alert to the sites CSIRT was submitted.
  • Actual Time is the elapsed time it took to file the relevant report. The counting of Actual Time starts with sending the alert mail to the site CSIRT.

Bonus Points:

Bonus Points can be achieved only if the tasks are fully completed before the Target Time is over and/or for the relevance of the reports. i.e.

Bonus for Preliminary/Intermediate status report: 1

Bonus for finding Identity String: 2

The time dependent bonus is calculated with the following formula, BF is a Bonus Factor (= 5):

 \ $ Bonus = Max\left(0, DONE \times BF \times \left(1-\frac{Actual\ Time}{Target\ Time}\right)\right)$\ \

Evaluation Template

  \begin{tabular}{|l|c|c|c|c|c|c|} %\hline %\multicolumn{7}{|c|}{}\\ %\multicolumn{7}{|l|}{{\bf ROC:} } \\ %\multicolumn{7}{|l|}{{\bf Site:} } \\ %\multicolumn{7}{|l|}{{\bf Alert Date:} } \\ %\multicolumn{7}{|c|}{}\\ \hline \multicolumn{7}{|c|}{} \\ \multicolumn{7}{|c|}{{\large\bf Reporting / Communication} } \\ \multicolumn{7}{|c|}{}\\ \hline & Done & Target & Actual & Site Score & Bonus Score & Note \\ & 0 - 1 & {\it hours} & {\it hours} & {\it Points} & {\it Points} & \\ \hline Acknowledge/Heads-up report to CSIRT list & - & 4 & - & - &  - & - \\ \hline Alert to VO Manager & - & 24 & - & - & - & - \\ \hline Verify notification of the responsible CA & - & 144 & - & - & - & - \\ \hline Final report to CSIRT list & & 144 & & & & \\ \hline \multicolumn{7}{|l|}{{\bf AVERAGE SCORE Reporting / Communication} }\\ \hline \multicolumn{7}{|l|}{{\bf Bonus Points} }\\ \hline \hline \multicolumn{7}{|c|}{}\\ \multicolumn{7}{|c|}{{\large\bf Containment / Operations} } \\ \multicolumn{7}{|c|}{}\\ \hline & Done & Target & Actual & Site Score & Bonus Score & Note \\ & 0 - 1 & {\it hours} & {\it hours} & {\it Points} & {\it Points} & \\ \hline Found pilot jobs and stopped them &  - &  4 & - & - & - & - \\ \hline Suspended the pilot job submitter at the Site & - & 8 & - & - & - & - \\ \hline Suspended the pilot job user at the Site & - & 24 & - & - & - & - \\ \hline Un-ban the pilot job submitter at the Site & - & 24 & - & - & - & - \\ \hline \multicolumn{7}{|l|}{{\bf AVERAGE SCORE Containment} }\\ \hline \multicolumn{7}{|l|}{{\bf Bonus Points} }\\ \hline \hline \multicolumn{7}{|c|}{}\\ \multicolumn{7}{|c|}{{\large\bf Forensics} } \\ \multicolumn{7}{|c|}{}\\ \hline & Done & Target & Actual & Site Score & Bonus Score & Note \\ & 0 - 1 & {\it hours} & {\it hours} & {\it Points} & {\it Points} & \\ \hline Discovery of initiating site (UI/VO-WMS)& - & 24 & - & - & - & - \\ \hline Analysis of network traffic & - & 48 & - & - & - & - \\ \hline Analysis of the submitted binaries & - & 48 & - & - & - & - \\ \hline \multicolumn{7}{|l|}{{\bf AVERAGE SCORE Forensics} }\\ \hline \multicolumn{7}{|l|}{{\bf Bonus Points} }\\ \hline \multicolumn{7}{c}{}\\ \hline \multicolumn{7}{|c|}{}\\ \multicolumn{7}{|l|}{\large\bf OVERALL TOTAL: }\\ \multicolumn{7}{|c|}{}\\ \hline \end{tabular}
Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r4 - 2010-06-07 - unknown
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback