290 likes | 492 Vues
Distributed Systems Fundamentals of Computer Security. DM Rasanjalee Himali CSc8320 – Advanced Operating Systems (SECTION 8.1) FALL 2009. Section I. The Basics. Introduction. Computer security and fault tolerance problems are more critical in distributed systems Reasons :
E N D
Distributed SystemsFundamentals of Computer Security DM Rasanjalee Himali CSc8320 – Advanced Operating Systems (SECTION 8.1) FALL 2009
Section I The Basics
Introduction • Computer security and fault tolerance problems are more critical in distributed systems • Reasons: • Open architecture • Need for communication across heterogeneous systems across communication links. • Solutions are closely related to many of the fundamental issues in the design of distributed system.
Introduction [contd.] • A secure (dependable) computer system: • A robust system that exhibits the characteristics of: • Secrecy • Integrity • Availability • Reliability • Safety
Introduction [contd.] • Secrecy: • Privacy / Confidentiality • Protection from unauthorized disclosure of system objects • Integrity: • System objects can be modified only by authorized users • Availability: • Authorized users should not be prevented from accessing to which he or she has legitimate right of access • Reliability & Safety: • Fault tolerance features for unintentional system and user faults • Computer security in a narrow sense : secrecy + Integrity + availability due to intentional intrusions. In a broader sense reliability & safety is desired.
Fundamentals of computer security • The world of Computer Systems can be represented by: • Subjects: • Active entities that access objects • Objects: • Passive entities that must be protected • Examples: data, hardware, software and communication links • Access Control Policy: • Describes how objects are to be accessed by subjects • Flow Control Policy: • Describes how the information flow between objects and subjects is to be regulated
Security Threats • Security threats may come from: • External intruders, • internal intruders, • unintentional system faults or user faults • Four categories : • Interruption • Ex: loss of data, denial of service • Interception • Related to security • Modification • violations of system integrity • Fabrication • violations of system integrity
Interruption • In an interruption attack, a network service is made degraded or unavailable for legitimate use. • Interruption attacks are attacks against the availability of the network. • These attacks can take the form of: • Overloading a server host so that it cannot respond. • Blocking access to a service by overloading an intermediate network or network device. • Redirecting requests to invalid destinations.
Interruption Alice Bob • Often called “Denial of Service” or “DoS” attacks. data, control messages channel data sender receiver Trudy
Interception • In an interception attack, an unauthorized individual gains access to confidential or private information. • Interception attacks are attacks against network confidentiality. • These attacks can take the form of: • Eavesdropping on communication. • Illicit copying of files or programs. • Obtaining copies of messages for later replay.
Interception Alice Bob data, control messages channel data data sender receiver data Trudy
Modification • In a modification attack, an unauthorized individual not only gains access to, but tampers with information, resources, or services. • Modification attacks are attacks against the integrity of the network. • These attacks can take the form of: • Modifying the contents of messages in the network. • Changing information stored in data files. • Altering programs so they perform differently. • Reconfiguring system hardware or network topologies. • Also called “man in the middle” attacks.
Modification Alice Bob data, control messages channel differentdata data sender receiver Trudy
Fabrication • In a fabrication attack, an individual inserts counterfeit information, resources, or services into the network. • Fabrication attacks are attacks against the authentication, access control, and authorization capabilities of the network. • These attacks can take the form of: • Inserting messages into the network using the identity of another individual. • Replaying previously intercepted messages. • Spoofing a web site or other network service. • Taking the address of another host or service, essentially becoming that host or service. • Also called “masquerading” attacks.
Fabrication Alice Trudy data sender Bob Trudy data receiver
Security Threat Prevention • Authentication & verification • Exclude external intruders • Authorization validation • Exclude internal intruders • Fault-tolerance Mechanisms • Unintentional faults • Data encryption • Prevents the exposure of information & maintain privacy • Auditing • Passive form of protection • Ex: Auditing of an active log
SECURITY THREATS PROTECTION MODELS Authentication Authorization Fault-tolerance Interruption Interception Modification SUBJECT OBJECT Data access or Information Flow EncryptionAuditing Fabrication Security Threats and protection Models
Section II Related Work
Cloud Computing [3] • Cloud Computing = Virtual Centralization • The service and data maintenance is provided by some vendor • Client/customer has no control over: • where the processes are running or • where the data is stored. • Uses the internet as the communication media • Leading vendors, including Amazon, Google, IBM and Microsoft, have all released cloud computing capabilities for end users to make use of their services • Ex: Amazon,storage services (S3), computing capacity in the elastic compute cloud (EC2) services and application services for e-commerce (AWS).
Cloud Computing Security • Vendor has to provide some assurance in service level agreements (SLA) to convince the customer on security issues. • Guaranteeing the security of corporate data in the "cloud" is difficult, as they provide different services • Ex: Software as a service (SaaS), Platform as a service (PaaS), and Infrastructure as a service (IaaS). • The SLA is the only legal agreement between the service provider and client. • The only means the provider can gain trust of client is through the SLA, so it has to be standardized.
SLA has to describe different levels of security and their complexity based on the services to make the customer understand the security policies that are being implemented. • This paper, describe security issues that have to be included in SLA.
Service Level Agreement • SLA should: • • Identify and define the customer’s needs • • Provide a framework for understanding • • Simplify complex issues • • Reduce areas of conflict • • Encourage dialog in the event of disputes • • Eliminate unrealistic expectations
How to standardize SLA’s • Privileged user access • Sensitive data processed outside the enterprise – risk • Get as much information about the people who manage our data. • Regulatory compliance • Customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider • Traditional service providers are subjected to external audits and security certifications. • Cloud computing providers who refuse to undergo this scrutiny are signaling that customers can only use them for the most trivial functions. • Recovery • Even if we don't know where your data is, a cloud provider should tell us what will happen to our data and service in case of a disaster. • Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure.
Section III Future Work
Cloud Computing Security • Security in cloud brings complexities that needs to be addressed: • Since multiple providers are involved in the cloud, SLA management is complex. • In normal systems, SLAs are arrived at between a single provider and the consumer. • In a complex cloud transaction with multiple providers, how would SLAs be managed? (2) Data privacy is another serious concern. • How would privacy concerns be addressed by enterprises which wished to store data in the cloud? • This could be further complicated by legislative compliance issues. (3) The ability to dynamically provision and de-provision security information is crucial for cloud providers, as enterprise consumers will have a constantly changing user base.
References • [1] Randy Chow, Theodore Johnson, “Distributed Operating Systems & Algorithms”, Addison Wesley, 1997 • [2] Balachandra Reddy Kandukuri, Ramakrishna Paturi V, Dr. Atanu Rakshit “Cloud Security Issues”, IEEE International Conference on Services Computing, 2009 • [3] Abhijit Belapurkar, Anirban Chakrabarti, Harigopal Ponnapalli, Niranjan Varadarajan, Srinivas Padmanabhuni, Srikanth Sundarrajan, “Distributed Systems Security” Wiley, 2009 • [4]www.csd.uwo.ca/courses/CS457a/notes/