340 likes | 533 Views
WOOYOUNG KIM FALL 2009. 8.1 Fundamentals of Computer Security. Outline. Fundamentals of Computer Security Recent Study Future work. Fundamental of Computer Security [1]. Randy Chow, Theodore Johnson, “ Distributed Operating Systems & Algorithms ”, 1997. Contents. Goal
E N D
WOOYOUNG KIM FALL 2009 8.1 Fundamentals of Computer Security
Outline • Fundamentals of Computer Security • Recent Study • Future work
Fundamental of Computer Security [1] Randy Chow, Theodore Johnson, “Distributed Operating Systems & Algorithms”, 1997
Contents • Goal • Security Policies, Models, and Mechanisms • Security Issues in Distributed Systems
Goal • Secrecy : protection from unauthorized disclosure • Integrity: protection from unauthorized modification • Availability : protection from denial of service (DoS) • Reliability: fault-tolerance • Safety: tolerance of user faults
Security Policies, Models, Mechanisms • Four categories of common security threats • Interruption, interception, modification, fabrication. • Fundamental approach • Authentication. Authorization. Fault-tolerance. • Policy – user requirements • Model – formal representation of policies • Discretionary : separation of users and data under on a individual basis. • Mandatory : requires access control of all subject and objects under its control on a system-wide basis. • Mechanism – enforce protection
Security Issues in Distributed Systems • Additional Goal • Interoperability – effective information exchange. • Transparency – uniform view of a system. • Approaches • Additional layer of software • Redesign the system • Issues • Structure: Client/server paradigm • Where to put security services.
Recent Study [2] Naqvi, S.; Riguidel, M., "Security architecture for heterogeneous distributed computing systems," Security Technology, 2004. 38th Annual 2004 International Carnahan Conference on , vol., no., pp. 34-41, 2004
Contents • Introduction • Grid Computing • Challenges (of Integrating Heterogeneous Devices and Networks in the Grid) • Proposed Security Architecture • Conclusions
Introduction • Grid Computing • Security problem: • heterogeneity involves different administrative domains. • Security requires specialized Grid-enabled tools. • Mobile Computing • Harvesting the wireless mobile devices within the computational Grid is a challenge. • Recent works in nanotechnology make it possible to develop low-power, battery-operated devices for grid computing. • High level of security is necessary.
Introduction – Cont’d • Goal • Develop an infrastructure for the secure integration of heterogeneous mobile devices in the distributed computing environments.
Grid Computing • Grid computing focuses on large-scale pervasive resource sharing, virtual and pluggable high-performance orientation. • Problem: coordinated resource sharing and problem solving in dynamic, multi-institutional virtual organizations. • Virtual Organization (VO): a set of individuals and/or institutions defined by such sharing rules.
Grid Computing – Cont’d • Infrastructure Requirements • Security • Resource Management • Information Services • Data Management • Rising concerns • Significant changes in accessing Grid resources • Introduce new security concerns.
Challenges The heterogeneous mobile consumer devices connected through a potentially unreliable wireless network poses great security challenges, especially if they function as gateways to the Grid resources.
Challenges – Cont’d • Challenges of Integrating Heterogeneous Devices and Networks in the Grid • Bandwidth – multi-path disturbances, power-signal degradation, inter-cell hand-off, always-on characteristics. • Power Supply • Software Support • Key Management Scheme for Smart Devices
Challenges – Cont’d • Security Gaps – middle boxes Example of security Gap: If the SSL session was broken at C and re-established, then result in security gaps.
Challenges – Cont’d • Heterogeneous Security Solutions • Security is always an issue with mobile wireless devices since wireless transmission can be widely attacked. • Various security mechanisms and protocols have been developed. • But this created a heterogeneous security environment. • Very little research on coordinating a set of distributed security modules. • Security service relies on establishment of Security Associations (SA), but two devices with different security capabilities cannot communicate and set up SA.
Challenges – Cont’d • Efforts • Develop cryptographic algorithms for efficient utilization and management. • There is tradeoff between high-degree security and high speed communication • Challenge 1- Managing the diverse security capabilities so that an end-to-end security service can be provided with the highest performance possible • Challenge2-managing security capabilities so that they can be reconfigured dynamically upon route changes, policy update, detection of intrusion or security service degradation etc., to maintain adequate levels of end-to-end security service.
Proposed Security Architecture • Computational Grids is steeped in complex and dynamic network environments. • Networks have ephemeral nodes, coming and leaving at any time in unpredictable ways. • Computer-based systems can be mobile. • These introduce peculiar challenging security requirements for Grid applications.
Proposed Security Architecture – Cont’d • Security Requirements for Grid applications and the solution • Trust and Reputation • The time factor influences the trust. • Trust can be rapid (OAC) or sluggish (OBC) depending on the various parameters for trust. • If trust lost at t1, considerable time is required for retrieval. • Trust vs. Time graph
Proposed Security Architecture – Cont’d • Entities may form alliances. • The trust model should compute the eventual trust based on a combination of direct trust and reputation and should be able to weigh the two components differently. Di Dj • Di: Trustworthiness of Dj is based more on the direct relationship than the reputation of Dj. • Direct relationship: (trust level in the direct-trust table[DTT]) X (decay function) • Reputation: AVG(product of the trust level in the reputation trust table [RTT].) • Propose: RTT=DTT, and introduce the recommender trust factor R
Proposed Security Architecture – Cont’d • Semantic Interoperability • For interoperability, need to examine • Separation of symbol and concept • Nature of anthologies and their role • Difficulties for effective communication • Must provide data separation between trusted and untrusted systems. • VO determines levels of trustworthiness for its various actors. • Access control decisions are made by comparing a user’s level of trustworthiness with a sensitivity level already marked. • Application service must be provided for several operational environments.
Proposed Security Architecture – Cont’d • Secure and Trusted Time Stamping Authority • Signed document should contain a secure timestamp. • Propose the construction of a secure and trusted time stamping authority by obtaining time for stamping from a precise clock that is synchronous to two atomic clocks. • Digital signature is obtained by using the RSA cryptosystem, and a secret key of a time stamping authority is stored at distributed servers. • For protection, the trusted clock frequently changes its location and the locations are computed with a random number of generator.
Proposed Security Architecture – Cont’d • Space Consideration • Related to spatial-awareness • Primitive level: space is the network space, distance are measured with hops. • Can include more physically grounded concepts of space, requiring some computing scenario • Can map the peers of a network in any sort of virtual space, which should be supported by an appropriate routing mechanism.
Proposed Security Architecture – Cont’d • Context-Awareness • Must transparently determine the sources and handle a high degree of context changes. • Propose a context-awareness module. • Environment Role Activation Service • Maintains information on the system state. • Context Management Services • Collect environment variables and their associated values • Smart Sensors • Collect useful security-relevant data.
Proposed Security Architecture – Cont’d Context-Awareness module in the Security Architecture user resources Authorization server Authenticationserver Environment Role Activation Service Context Management Smart Sensors
Proposed Security Architecture – Cont’d • Secure Code Mobility • Mobile code/agent is exposed to various security threats • The only existing defense is using trusted hardware • Propose a generic secure computation service that performs some cryptographic operations on behalf of the mobile code.
Proposed Security Architecture – Cont’d • Virtualization of Security Services • Virtualization of security services is having the absolute freedom to choose the underlying security mechanism. User domain: user, local resource, authentication server Target domain: target resources, authorization server, a local CA, and access policy. Between two domains, need an intermediary architecture. Security services including pluggable security services, security units of two domains virtualizes the security dialogues.
Proposed Security Architecture – Cont’d • Pluggable Security Services • Propose to extend the concept of security as services to security as pluggable services. • This extension permits the evolution of security infrastructure with less impact on the resource management functionalities. • It permits the users and resource providers to configure the security architecture based on their requirements and satisfaction level.
Proposed Security Architecture – Cont’d • Evaluation of Security Quality • Quality of Protection (QoP) is defined in generic security service application program interface (GSS-API) • Propose Quality of Security Service (QoSS) is as an extension of QoP to cover a broad range of security services. • QoSS allows ranges of security to be specified, giving the opportunity to dynamically adjust to fit the security needs. • QoSS can be used for the evaluation of user mobility in ubiquitous environments in heterogeneous devices.
Conclusions • Security is one of the biggest challenges for the coupling of mobile devices and geographically distributed computers. • Propose a new approach to deal with the challenges by the Grid. • The proposed approach is flexible and adaptive. • The design is consistent but fine-grained levels of trust and security in heterogeneous distributed computing systems.
Future Works • The approach is a first attempt for the development of an adaptive Grid security mechanism. • A number of tests and simulations are required before it can be effectively implilented on a real Grid computing system.
Reference • Randy Chow, Theodore Johnson, “Distributed Operating Systems & Algorithms”, 1997 • Naqvi, S.; Riguidel, M., "Security architecture for heterogeneous distributed computing systems," Security Technology, 2004. 38th Annual 2004 International Carnahan Conference on , vol., no., pp. 34-41, 11-14 Oct. 2004URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1405366&isnumber=30459