2nd lecture for chapter 8.1 (fall 09)
TRANSCRIPT
Distributed SystemsFundamentals of Computer Security
DM Rasanjalee Himali
CSc8320 – Advanced Operating Systems (SECTION 8.1)
FALL 2009
Introduction Computer security and fault tolerance
problems are more critical in distributed systems◦ Reasons:
Open architecture Need for communication across heterogeneous
systems across communication links.
Solutions are closely related to many of the fundamental issues in the design of distributed system.
Introduction [contd.] A secure (dependable) computer system:
◦ A robust system that exhibits the characteristics of: Secrecy Integrity Availability Reliability Safety
Introduction [contd.] Secrecy:
Privacy / Confidentiality Protection from unauthorized disclosure of system objects
Integrity: System objects can be modified only by authorized users
Availability: Authorized users should not be prevented from accessing to which
he or she has legitimate right of access
Reliability & Safety: Fault tolerance features for unintentional system and user faults
Computer security in a narrow sense : secrecy + Integrity + availability due to intentional intrusions. In a broader sense reliability & safety is desired.
Fundamentals of computer security The world of Computer Systems can be represented by:
Subjects: Active entities that access objects
Objects: Passive entities that must be protected Examples: data, hardware, software and communication links
◦ Access Control Policy: Describes how objects are to be accessed by subjects
◦ Flow Control Policy: Describes how the information flow between objects and
subjects is to be regulated
Security Threats Security threats may come from:
◦ External intruders, ◦ internal intruders, ◦ unintentional system faults or user faults
Four categories :◦ Interruption
Ex: loss of data, denial of service◦ Interception
Related to security◦ Modification
violations of system integrity◦ Fabrication
violations of system integrity
Interruption In an interruption attack, a network service is made
degraded or unavailable for legitimate use.
Interruption attacks are attacks against the availability of the network.
These attacks can take the form of:◦ Overloading a server host so that it cannot respond.◦ Blocking access to a service by overloading an
intermediate network or network device.◦ Redirecting requests to invalid destinations.
Interruption
Often called “Denial of Service” or “DoS” attacks.
sender receiver
channel data, control messages
data
Alice Bob
Trudy
Interception
In an interception attack, an unauthorized individual gains access to confidential or private information.
Interception attacks are attacks against network confidentiality.
These attacks can take the form of:◦ Eavesdropping on communication.◦ Illicit copying of files or programs.◦ Obtaining copies of messages for later replay.
Modification In a modification attack, an unauthorized individual
not only gains access to, but tampers with information, resources, or services.
Modification attacks are attacks against the integrity of the network.
These attacks can take the form of:◦ Modifying the contents of messages in the network.◦ Changing information stored in data files.◦ Altering programs so they perform differently.◦ Reconfiguring system hardware or network topologies.
Also called “man in the middle” attacks.
Fabrication In a fabrication attack, an individual inserts counterfeit
information, resources, or services into the network.
Fabrication attacks are attacks against the authentication, access control, and authorization capabilities of the network.
These attacks can take the form of:◦ Inserting messages into the network using the identity of another
individual.◦ Replaying previously intercepted messages.◦ Spoofing a web site or other network service.◦ Taking the address of another host or service, essentially
becoming that host or service.
Also called “masquerading” attacks.
Security Threat Prevention Authentication & verification
◦ Exclude external intruders
Authorization validation◦ Exclude internal intruders
Fault-tolerance Mechanisms◦ Unintentional faults
Data encryption◦ Prevents the exposure of information & maintain privacy
Auditing◦ Passive form of protection◦ Ex: Auditing of an active log
Security Threats and protection Models
SUBJECT OBJECTData access or Information Flow
SECURITY THREATS PROTECTION MODELS
InterruptionInterceptionModification
AuthenticationAuthorizationFault-tolerance
Fabrication EncryptionAuditing
Cloud Computing [3] Cloud Computing = Virtual Centralization
The service and data maintenance is provided by some vendor
Client/customer has no control over:◦ where the processes are running or ◦ where the data is stored.
Uses the internet as the communication media
Leading vendors, including Amazon, Google, IBM and Microsoft, have all released cloud computing capabilities for end users to make use of their services
◦ Ex: Amazon,storage services (S3), computing capacity in the elastic compute cloud (EC2) services and application services for e-commerce (AWS).
Cloud Computing Security Vendor has to provide some assurance in service
level agreements (SLA) to convince the customer on security issues.
Guaranteeing the security of corporate data in the "cloud" is difficult, as they provide different services ◦ Ex: Software as a service (SaaS), Platform as a service
(PaaS), and Infrastructure as a service (IaaS).
The SLA is the only legal agreement between the service provider and client.
The only means the provider can gain trust of client is through the SLA, so it has to be standardized.
SLA has to describe different levels of security and their complexity based on the services to make the customer understand the security policies that are being implemented.
This paper, describe security issues that have to be included in SLA.
Service Level Agreement SLA should: • Identify and define the customer’s needs • Provide a framework for understanding • Simplify complex issues • Reduce areas of conflict • Encourage dialog in the event of disputes • Eliminate unrealistic expectations
How to standardize SLA’s1. Privileged user access
Sensitive data processed outside the enterprise – risk Get as much information about the people who manage our data.
2. Regulatory compliance Customers are ultimately responsible for the security and integrity
of their own data, even when it is held by a service provider Traditional service providers are subjected to external audits and
security certifications. Cloud computing providers who refuse to undergo this scrutiny
are signaling that customers can only use them for the most trivial functions.
3. Recovery Even if we don't know where your data is, a cloud provider should
tell us what will happen to our data and service in case of a disaster.
Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure.
Cloud Computing Security Security in cloud brings complexities that needs to be
addressed:
(1) Since multiple providers are involved in the cloud, SLA management is complex.
In normal systems, SLAs are arrived at between a single provider and the consumer.
In a complex cloud transaction with multiple providers, how would SLAs be managed?
(2) Data privacy is another serious concern. ◦ How would privacy concerns be addressed by enterprises which
wished to store data in the cloud? ◦ This could be further complicated by legislative compliance issues.
(3) The ability to dynamically provision and de-provision security information is crucial for cloud providers, as enterprise consumers will have a constantly changing user base.
References [1] Randy Chow, Theodore Johnson, “Distributed
Operating Systems & Algorithms”, Addison Wesley, 1997
[2] Balachandra Reddy Kandukuri, Ramakrishna Paturi V, Dr. Atanu Rakshit “Cloud Security Issues”, IEEE International Conference on Services Computing, 2009
[3] Abhijit Belapurkar, Anirban Chakrabarti, Harigopal Ponnapalli, Niranjan Varadarajan, Srinivas Padmanabhuni, Srikanth Sundarrajan, “Distributed Systems Security” Wiley, 2009
[4]www.csd.uwo.ca/courses/CS457a/notes/