Post on 05-Jan-2016
WOOYOUNG KIMFALL 2009
8.1 Fundamentals of Computer Security
Outline
1. Fundamentals of Computer Security
2. Recent Study
3. Future work
Randy Chow, Theodore Johnson, “Distributed Operating Systems &
Algorithms”, 1997
Fundamental of Computer Security [1]
Contents
1. Goal
2. Security Policies, Models, and Mechanisms
3. Security Issues in Distributed Systems
1.Goal
Secrecy : protection from unauthorized disclosure
Integrity: protection from unauthorized modification
Availability : protection from denial of service (DoS)
Reliability: fault-tolerance
Safety: tolerance of user faults
2.Security Policies, Models, Mechanisms
Four categories of common security threats
Interruption, interception, modification, fabrication.
Fundamental approach
Authentication. Authorization. Fault-tolerance.
Policy – user requirements
Model – formal representation of policies
1. Discretionary : separation of users and data under on a individual basis.
2. Mandatory : requires access control of all subject and objects under its
control on a system-wide basis.
Mechanism – enforce protection
3.Security Issues in Distributed Systems
Additional Goal
Interoperability – effective information exchange.
Transparency – uniform view of a system.
Approaches
Additional layer of software
Redesign the system
Issues
Structure: Client/server paradigm
Where to put security services.
Naqvi, S.; Riguidel, M., "Security architecture for
heterogeneous distributed computing systems,"
Security Technology, 2004. 38th Annual 2004 International
Carnahan Conference on , vol., no., pp. 34-41, 2004
Recent Study [2]
Contents
1. Introduction
2. Grid Computing
3. Challenges (of Integrating Heterogeneous
Devices and Networks in the Grid)
4. Proposed Security Architecture
5. Conclusions
1. Introduction
Grid Computing Security problem:
heterogeneity involves different administrative domains.
Security requires specialized Grid-enabled tools.
Mobile Computing Harvesting the wireless mobile devices within the
computational Grid is a challenge. Recent works in nanotechnology make it possible to develop
low-power, battery-operated devices for grid computing. High level of security is necessary.
1. Introduction – Cont’d
Goal
Develop an infrastructure for the secure integration of
heterogeneous mobile devices in the distributed computing
environments.
2. Grid Computing
Grid computing focuses on large-scale pervasive resource sharing,
virtual and pluggable high-performance orientation.
Problem: coordinated resource sharing and problem solving in
dynamic, multi-institutional virtual organizations.
Virtual Organization (VO): a set of individuals and/or institutions
defined by such sharing rules.
2. Grid Computing – Cont’d
Infrastructure Requirements
1. Security
2. Resource Management
3. Information Services
4. Data Management
Rising concerns Significant changes in accessing Grid resources Introduce new security concerns.
3. Challenges
The heterogeneous mobile consumer devices
connected through a potentially unreliable
wireless network poses great security challenges,
especially if they function as gateways to the Grid
resources.
3. Challenges – Cont’d
Challenges of Integrating Heterogeneous Devices and
Networks in the Grid
1. Bandwidth – multi-path disturbances, power-signal
degradation, inter-cell hand-off, always-on characteristics.
2. Power Supply
3. Software Support
4. Key Management Scheme for Smart Devices
3. Challenges – Cont’d
5. Security Gaps – middle boxes
Example of security Gap: If the SSL session was broken at C and re-established, then result in security gaps.
3. Challenges – Cont’d
6. Heterogeneous Security Solutions
Security is always an issue with mobile wireless devices since
wireless transmission can be widely attacked.
Various security mechanisms and protocols have been developed.
But this created a heterogeneous security environment.
Very little research on coordinating a set of distributed security
modules.
Security service relies on establishment of Security Associations
(SA), but two devices with different security capabilities cannot
communicate and set up SA.
3. Challenges – Cont’d
Efforts
Develop cryptographic algorithms for efficient utilization and
management.
There is tradeoff between high-degree security and high speed
communication
Challenge 1- Managing the diverse security capabilities so that an
end-to-end security service can be provided with the highest
performance possible
Challenge2-managing security capabilities so that they can be
reconfigured dynamically upon route changes, policy update,
detection of intrusion or security service degradation etc., to
maintain adequate levels of end-to-end security service.
4. Proposed Security Architecture
Computational Grids is steeped in complex and
dynamic network environments.
1. Networks have ephemeral nodes, coming and leaving at any
time in unpredictable ways.
2. Computer-based systems can be mobile.
These introduce peculiar challenging security
requirements for Grid applications.
4. Proposed Security Architecture – Cont’d
Security Requirements for Grid applications and
the solution
1. Trust and Reputation
1) The time factor influences the trust.
Trust can be rapid (OAC) or sluggish
(OBC) depending on the various
parameters for trust.
If trust lost at t1, considerable time is
required for retrieval.
Trust vs. Time graph
4. Proposed Security Architecture – Cont’d
2) Entities may form alliances.
3) The trust model should compute the eventual trust based on a
combination of direct trust and reputation and should be able to
weigh the two components differently.
Di Dj
Di: Trustworthiness of Dj is based more on the direct relationship than the
reputation of Dj.
Direct relationship: (trust level in the direct-trust table[DTT]) X (decay function)
Reputation: AVG(product of the trust level in the reputation trust table [RTT].)
Propose: RTT=DTT, and introduce the recommender trust
factor R
4. Proposed Security Architecture – Cont’d
2. Semantic Interoperability For interoperability, need to examine
Separation of symbol and concept Nature of anthologies and their role Difficulties for effective communication
Must provide data separation between trusted and untrusted systems.
VO determines levels of trustworthiness for its various actors. Access control decisions are made by comparing a user’s level of
trustworthiness with a sensitivity level already marked. Application service must be provided for several operational
environments.
4. Proposed Security Architecture – Cont’d
3. Secure and Trusted Time Stamping Authority Signed document should contain a secure timestamp. Propose the construction of a secure and trusted time stamping
authority by obtaining time for stamping from a precise clock that is synchronous to two atomic clocks.
Digital signature is obtained by using the RSA cryptosystem, and a secret key of a time stamping authority is stored at distributed servers.
For protection, the trusted clock frequently changes its location and the locations are computed with a random number of generator.
4. Proposed Security Architecture – Cont’d
4. Space Consideration Related to spatial-awareness Primitive level: space is the network space, distance are measured
with hops. Can include more physically grounded concepts of space,
requiring some computing scenario Can map the peers of a network in any sort of virtual space, which
should be supported by an appropriate routing mechanism.
4. Proposed Security Architecture – Cont’d
5. Context-Awarenesso Must transparently determine the sources and handle a
high degree of context changes.o Propose a context-awareness module.
Environment Role Activation Service Maintains information on the system state.
Context Management Services Collect environment variables and their associated
values Smart Sensors
Collect useful security-relevant data.
4. Proposed Security Architecture – Cont’d
Context Management
Environment Role Activation Service
Authorization server
Authenticati
on serverresources
Context-Awareness module in the Security Architecture
user
Smart Sensors
4. Proposed Security Architecture – Cont’d
6. Secure Code Mobility
o Mobile code/agent is exposed to various security threats
o The only existing defense is using trusted hardware
o Propose a generic secure computation service that
performs some cryptographic operations on behalf of the
mobile code.
4. Proposed Security Architecture – Cont’d
7. Virtualization of Security Services
o Virtualization of security services is having the absolute
freedom to choose the underlying security mechanism.
User domain: user, local resource, authentication server
Target domain: target resources, authorization server, a local CA, and access policy.
Between two domains, need an intermediary architecture.
Security services including pluggable security services, security units of two domains virtualizes the security dialogues.
4. Proposed Security Architecture – Cont’d
8. Pluggable Security Services
o Propose to extend the concept of security as services to
security as pluggable services.
o This extension permits the evolution of security
infrastructure with less impact on the resource
management functionalities.
o It permits the users and resource providers to configure
the security architecture based on their requirements
and satisfaction level.
4. Proposed Security Architecture – Cont’d
9. Evaluation of Security Quality
o Quality of Protection (QoP) is defined in generic security
service application program interface (GSS-API)
o Propose Quality of Security Service (QoSS) is as an
extension of QoP to cover a broad range of security services.
o QoSS allows ranges of security to be specified, giving the
opportunity to dynamically adjust to fit the security needs.
o QoSS can be used for the evaluation of user mobility in
ubiquitous environments in heterogeneous devices.
5. Conclusions
Security is one of the biggest challenges for the coupling of mobile
devices and geographically distributed computers.
Propose a new approach to deal with the challenges by the Grid.
The proposed approach is flexible and adaptive.
The design is consistent but fine-grained levels of trust and
security in heterogeneous distributed computing systems.
Future Works
The approach is a first attempt for the
development of an adaptive Grid security
mechanism.
A number of tests and simulations are
required before it can be effectively
implilented on a real Grid computing system.
Reference
1. Randy Chow, Theodore Johnson, “Distributed Operating
Systems & Algorithms”, 1997
2. Naqvi, S.; Riguidel, M., "Security architecture for
heterogeneous distributed computing systems," Security
Technology, 2004. 38th Annual 2004 International
Carnahan Conference on , vol., no., pp. 34-41, 11-14 Oct.
2004
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber
=1405366&isnumber=30459
Thank You