Abstract
Multi-domain network monitoring systems based on active measurements are being widely deployed in high-performance computing and other communities that support large-scale data transfers. Security mechanisms such as policy-driven access to related federated Network Performance Monitoring (NPM) services are important to protect measurement resources and data. In this paper, we present a novel, secure middleware framework viz., “OnTimeSecure” that enables ‘user-to-service’ and ‘service-to-service’ authentication, and enforces federated authorization entitlement policies for timely orchestration of NPM services. OnTimeSecure is built using RESTful APIs and features a hierarchical policy-engine that interfaces with a meta-scheduler for prioritization of measurement requests when there is contention of users concurrently attempting to utilize measurement resources. We validate OnTimeSecure in a federated multi-domain NPM infrastructure by performing threat modeling and security risk assessments based on overall attack likelihood and impact factors.