1 / 11

Towards a Taxonomy of Security for Distributed Computing

This research aims to develop a taxonomy of security issues in distributed computing and test it using the Chirp Distributed File System. It explores programming-related problems like buffer overflows and race conditions, as well as user behavior and trust schemes. The findings highlight the need for improved security measures in distributed systems.

vivianpeterson
Télécharger la présentation

Towards a Taxonomy of Security for Distributed Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Developing a General Taxonomy of Security Problems for Future Work Timothy Brick and Jarett DeAngelis University of Notre Dame Department of Computer Science and Engineering Towards a Taxonomy of Security for Distributed Computing

  2. Problem? How Do You Know If Your Distributed System Is Secure? (You don't, but we try.)

  3. Solution • Aims: • To develop a taxonomy of distributed security issues • To test the taxonomy by analysis of the CC Tools

  4. The Chirp Distributed File System • Chirp: Designed to support distributed applications, focus on research apps • Creates a userspace abstraction over existing filesystem • Permissions system allows authentication via Globus certificates, Kerberos, UNIX auth, hostnames

  5. Programming-Related • Buffer Overflows • Easy to detect statically • Detection tools have a lotof false positives (~400) • Race Conditions • Difficult to pin down • NP-Complete to find statically • Dynamically detect stat() - open() syscall pairs • Doesn't work on user-level file systems!

  6. Demonstration • Discovered an exploit of alteration of absolute namespace in Chirp filesystem. • Dynamic race condition detection tool finds user-level ACL check - open pairs. • (Based on rules given in Tsyrklevich & Yee 2003)

  7. User Wrangling Users behave badly. Especially if they don't know they're doing it.

  8. Trust • What schemes do you trust? • Reliability • Appropriateness • Who does that mean you're trusting?

  9. Evaluation • Completeness • Adds to existing work • Still not entirely complete • Usefulness • Example: Chirp • Buffer overflow found in chirp client • Relative namespace exploit in server • ACL klobbering exploit in server • Some user interaction problems • Potential for abuse of trust systems

  10. Conclusion • Useful practical results from analysis of Chirp • Useful taxonomy structure suitable for the future analysis of distributed systems • Try it! CCTools available at http://www.cctools.org/

More Related