1 / 22

--Distributed computer security

Summary For Chapter 8. --Distributed computer security. Student: Zhibo Wang Professor: Yanqing Zhang. Why there are problems in the Distributed System[1].

russell-ryan
Télécharger la présentation

--Distributed computer security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Summary For Chapter 8 --Distributed computer security Student: Zhibo Wang Professor: Yanqing Zhang

  2. Why there are problems in the Distributed System[1] In the most abstract sense, we can describe a distributed system as a collection of clients and servers communicating by exchange of messages. Reason: • System is under an open environment • Need to communicate with other heterogeneous systems

  3. How to build a “strong” System • Secrecy : protection from unauthorized disclosure • Integrity: only authorized user can modify the system • Availability :Authorized users are not prevented from accessing respective objects (Like DoS) • Reliability: fault tolerance • Safety: tolerance of user faults

  4. Security Threats[2][3] • They may come from • external intruder • internal intruder • unintentional system faults or user faults

  5. Cont’d Four categories • Interruption (attack against the availability of the network) • Interception (attack against the confidentiality) • Modification (attack against integrity of the network) • Fabrication (attacks against the authentication, access control, and authorization capabilities of the network)

  6. Security Threat Prevention • Authentication & verification • Exclude external intruders • Authorization validation • Exclude internal intruders • Fault-tolerance Mechanisms • Unintentional faults • Data encryption • Prevents the exposure of information & maintain privacy • Auditing • Passive form of protection

  7. Discretionary Access Control Models Concept of the Access Control Matrix (ACM) • The Access Control Matrix (ACM) is the most fundamental and widely used discretionary access control model for simple security policies. • Access control is a function that given a subject and object pair, (s, o) and a requested operation, r from s to o, return true if the request is permitted.

  8. Cont’d Utility Of ACM [4] • Because it does not define the granularity of protection mechanisms, the Access Control Matrix can be used as a model of the static access permissions in any type of access control system. It does not model the rules by which permissions can change in any particular system, and therefore only gives an incomplete description of the system's access control security policy

  9. Cont’d • Why is it necessary since we have discretionary security model? With the advances in networks and distributed systems, it is necessary to broaden the scope to include the control of information flow between distributed nodes on a system wide basis rather than only individual basis like discretionary control.

  10. Mandatory Flow Control Models What is Mandatory Flow Control Model Mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject to access or generally perform some sort of operation on an object or target.

  11. Information Flow Control What is Information Flow Control • Information Flow control is concerned with how information is disseminated or propagated from one object to another. • The security classes of all entities must be specified explicitly and the class of an entity seldom changes after it has been created

  12. Why we have Cryptography Security Requirements • Confidentiality Protection from disclosure to unauthorized persons • Integrity Maintaining data consistency • Authentication Assurance of identity of person or originator of data • Availability Legitimate users have access when they need it • Access control Unauthorized users are kept out

  13. What is Authentication ? • Authentication is the process of verifying the identity of an object entity. • Password verification: one-way verification • Two way authentication: both communicating entities verify each other’s identity This type of mutual authenticationis important for communication between autonomous principals under different administrative authorities in a client/server or peer-to-peer distributed environment.

  14. Authentication Protocols • Authentication protocols are all about distribution and management of secret keys. • Key distribution in a distributed environment is an implementation of distributed authentication protocols.

  15. Design of Authentication Protocols Many authentication protocols have been proposed • All protocols assume that some secret information is held initially by each principal. • Authentication is achieved by one principal demonstrating the other that it holds that secret information. • All protocols assume that system environment is very insecure and is open for attack. So any message received by a principal must have its origin authenticity, integrity and freshness verified.

  16. University Network [10]

  17. Disadvantage of the network

  18. Proposed network

  19. Reference [1] Randy Chow, Theodore Jognson. “Distributed Operating Systems and Algorithms”, Addison-Wesley 1997 [2]Samarati, P.; Bertino, E.; Ciampichetti, A.; Jajodia, S.; “Information flow control in object-oriented systems”. Knowledge and Data Engineering, IEEE Transactions on Volume 9,  Issue 4,  July-Aug. 1997 Page(s):524 - 538 [3]Izaki, K.; Tanaka, K.; Takizawa, M.;“Access control model in object-oriented systems” Parallel and Distributed Systems: Workshops, Seventh International Conference on, 2000 4-7 July 2000 Page(s):69 - 74 [4] http://en.wikipedia.org/wiki/ [5]Lin, Tsau Young (T. Y.); “Managing Information Flows on Discretionary Access Control Models” Systems, Man and Cybernetics, 2006. ICSMC '06. IEEE International Conference on Volume 6,  8-11 Oct. 2006 Page(s):4759 - 4762

  20. Cont’s [6]Solworth, J.A.; Sloan, R.H.;“A layered design of discretionary access controls with decidable safety properties” Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on 9-12 May 2004 Page(s):56 - 67 [7] Robles, R.J.; Min-KyuChoi; Sang-SooYeo; Tai-hoon Kim, "Application of Role-Based Access Control for Web Environment”, Ubiquitous Multimedia Computing, 2008. UMC '08. International Symposium on , vol., no., pp.171-174, 13-15 Oct. 2008 [8] Ravi Sandhu, The PEI Framework for Application-Centric Security, 2009

  21. Cont’d [9] Krishnan, Ram and Sandhu, Ravi and anganathan, Kumar, ”PEI models towards scalable, usable and high-assurance information sharing”, Proceedings of the 12th ACM symposium on Access control models and technologies [10] Al-Akhras, M.A, “Wireless Network Security Implementation in Universities”, information and Communication Technologies, 2006. ICTTA '06. 2nd , Volume 2,  0-0 0 Page(s):3192 - 3197 

  22. Q& A? Thanks!

More Related