1 / 56

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN Chapter 9 Security

Tanenbaum

fedora
Télécharger la présentation

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN Chapter 9 Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S. TANENBAUM MAARTEN VAN STEEN Chapter 9 Security

    2. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Security Threats, Policies, and Mechanisms Security implies dependability, confidentiality, and integrity. Types of security threats to consider: Interception – an unauthorized party gains access to data or service Interruption – situation where data or service becomes unavailable Modification – unauthorized changig of data or tampering with a service so that it no longer adheres to its spec. Fabrication – situation where data or activity generated that normally would not exist.

    3. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Security Threats, Policies, and Mechanisms Security policy – describes which actions the entities in a system are allowed to take (and which are prohibited) Security mechanism – way to enforce policy Encryption – data confidentiality, data integrity Authentication – verify the claims of a user, client, server or host Authorization – see if an authenticated client is allowed to perform the requested action Auditing – logging access

    4. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Example: The Globus Security Architecture (1) Globus is a system supporting large scale distributed computations ? computational grid The Globus security policy consists of rules: The environment consists of multiple administrative domains. Local operations are subject to a local domain security policy only. Global operations require the initiator to be known in each domain where the operation is carried out.

    5. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Example: The Globus Security Architecture (2) Operations between entities in different domains require mutual authentication. Global authentication replaces local authentication. Controlling access to resources is subject to local security only. Users can delegate rights to processes. A group of processes in the same domain can share credentials.

    6. Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 Example: The Globus Security Architecture (3)

More Related