1 / 16

Computer Security Distributed System Security

Computer Security Distributed System Security Distributed System Security Objectives Appreciate the security problems in distributed systems Examine which system layer is best suited for implementing security Analyze the security mechanisms currently used in distributed systems.

Download Presentation

Computer Security Distributed System Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Computer SecurityDistributed System Security

  2. Distributed System Security Objectives • Appreciate the security problems in distributed systems • Examine which system layer is best suited for implementing security • Analyze the security mechanisms currently used in distributed systems.

  3. Distributed System SecurityIntroduction Moving from a centralized system to a distributed system has a major impact on security. It is essential to understand the implicit assumptions that underpin the security in a centralized system.

  4. Security Policies Users are not necessarily registered at the node they are accessing an object. • How do you authenticate a user? • Based on: • the user identity • The network address the user operates from • What is the basis for access control mechanisms • Based on • The distributed service the user invokes (the access operation).

  5. Security Policies Unix takes the user identity approach for remote access services such as:ftp or telnet, rlogin • telnet and rlogin create a remote virtual terminal. There are several major vulnerabilities with this approach. How will users access rights travel?

  6. Security Policies Example: You send a read request for data held at a remote server. The server writes the data to an output channel connecting back to you. Which access rules should the server apply: those for read access or those for write access? You may decide that users coming from certain “trusted” nodes need not be authenticated again. In Unix trusted hosts can be specified in the.rhostsfile And trusted users in thersh (remote shell) command

  7. Security Policies The trust relationships in Windows NT provide a more sophisticated for giving users in a trusted domain access to resources in a trusting domain. One way trust relationship • trusted domain • trusting domain User accounts from the trusted domain are valid in the trusting domain.

  8. Security Policies We also have two-way or more trust relationships. However it is important to note that trust is not transitive! A trust relationship is set up as follows: • An administrator sets up an interdomain trust account specifying the name of the trusted domain and a password for this domain.

  9. Security Policies A trust relationship is set up as follows: • An administrator sets up an interdomain trust account specifying the name of the trusted domain and a password for this domain. • The password is given to the trusting domain. • The Local Security Authority (LSA) in the trusting domain creates a trusted domain object, containing the name and SID of the trusted domain, and a secret object, containing the password received.

  10. Delegation In distributed systems controlled invocation takes on a new dimension. A user may login at a local node and execute a program on a remote node. To obtain access to resources the program will need the relevant access rights. Typically the program is endowed with the access rights of the user and runs with the access rights on the remote host.

  11. Delegation So the program is running with the access rights delegated by the user. Users may not feel too comfortable about releasing their rights to an unknown host! For example, if there is weak protection on the remote host, an attacker may grab the users access right and use it for an illicit purpose. For popular services one can create a proxy users to deal with remote service requests.

  12. Security enforced Once policies are sorted out, these must be enforced • Where do you authenticate the user? • Where do you make an access control decision? There are several possible approaches: • Use a Kerberos type mechanism with • An authentication server and • Ticket granting servers • Install a firewall to control access to an internal network.

  13. Authentication Unprotected passwords transmitted over public networks are an obvious vulnerability. We shall consider two security enforcement schemes: • A central security enforcement scheme: Kerberos • A local security enforcement scheme: DSSA/SPX

  14. A central security enforcement scheme Kerberos • Authentication is based on two basic concepts: tickets • and security servers. • Kerberos authentication server(KAS): • Authenticates principals at login and issues tickets which are valid for one login session and enable principals to obtain other tickets from ticket-granting servers. • Ticket granting servers (TGS): • Issue tickets that give principals access to network services.

  15. Kerberos TGS 4 3 5 2 • A,TGS,L1,N1 • eKa(TGS,Ka,tgs,Ticketa,tgs,L1,N1) • A,B, L2,N2 ,Ticketa,tgs,eKa,tgs(A,T3) • eKa,tgs(B,Ka,b,Ticketa,b,L2,N2) • eKa,b(A,T4),Ticketa,b • eKa,b(T4) Ticketa,tgs= eKtgs(Ka,tgs,A,T1,L1) Ticketa,b = eKb(Ka,b,A,T2,L2) KAS A B 1 6

  16. Kerberos Remarks: In the basic Kerberos scheme the session keys are symmetric. The encryption keys Ka (or Kb) can be symmetric, or alternatively Public Encryption Keys may be used. Revocation: The KAS and TGS update their access rights database.

More Related