Lawrence Berkeley National Laboratory

In order to create a successful grid infrastructure, sites and resource providers must be able to publish information about their underlying resources and services. This information makes it easier for users and virtual organizations to make intelligent decisions about resource selection and scheduling, and can be used by the grid infrastructure for accounting and troubleshooting services. However, such an outbound stream may include data deemed sensitive by a resource-providing site, exposing potential security vulnerabilities or private user information to the world at large, including malicious entities. This study analyzes the various vectors of information being published from sites to grid infrastructures. In particular, it examines the data being published to, and collected by the Open Science Grid, including resource selection, monitoring, accounting, troubleshooting, logging and site verification data. We analyze the risks and potential threat models posed by the publication and collection of such data. We also offer some recommendations and best practices for sites and grid infrastructures to manage and protect sensitive data.