computer security distributed system security l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Computer Security Distributed System Security PowerPoint Presentation
Download Presentation
Computer Security Distributed System Security

Loading in 2 Seconds...

play fullscreen
1 / 16

Computer Security Distributed System Security - PowerPoint PPT Presentation


  • 401 Views
  • Uploaded on

Computer Security Distributed System Security Distributed System Security Objectives Appreciate the security problems in distributed systems Examine which system layer is best suited for implementing security Analyze the security mechanisms currently used in distributed systems.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Computer Security Distributed System Security' - ostinmannual


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
distributed system security
Distributed System Security

Objectives

  • Appreciate the security problems in distributed systems
  • Examine which system layer is best suited for implementing security
  • Analyze the security mechanisms currently used in distributed systems.
distributed system security introduction
Distributed System SecurityIntroduction

Moving from a centralized system to a

distributed system has a major impact on

security.

It is essential to understand the implicit

assumptions that underpin the security in a

centralized system.

security policies
Security Policies

Users are not necessarily registered at the

node they are accessing an object.

  • How do you authenticate a user?
    • Based on:
      • the user identity
      • The network address the user operates from
  • What is the basis for access control mechanisms
    • Based on
      • The distributed service the user invokes (the access operation).
security policies5
Security Policies

Unix takes the user identity approach for

remote access services such as:ftp or telnet, rlogin

  • telnet and rlogin create a remote virtual terminal.

There are several major vulnerabilities with this

approach.

How will users access rights travel?

security policies6
Security Policies

Example:

You send a read request for data held at a remote server.

The server writes the data to an output channel connecting

back to you.

Which access rules should the server apply: those for

read access or those for write access?

You may decide that users coming from certain

“trusted” nodes need not be authenticated again.

In Unix trusted hosts can be specified in the.rhostsfile

And trusted users in thersh (remote shell) command

security policies7
Security Policies

The trust relationships in Windows NT provide a more

sophisticated for giving users in a trusted domain

access to resources in a trusting domain.

One way trust relationship

  • trusted domain
  • trusting domain

User accounts from the trusted domain are valid in the

trusting domain.

security policies8
Security Policies

We also have two-way or more trust relationships.

However it is important to note that trust is not

transitive!

A trust relationship is set up as follows:

  • An administrator sets up an interdomain trust account specifying the name of the trusted domain and a password for this domain.
security policies9
Security Policies

A trust relationship is set up as follows:

  • An administrator sets up an interdomain trust account specifying the name of the trusted domain and a password for this domain.
  • The password is given to the trusting domain.
  • The Local Security Authority (LSA) in the trusting domain creates a trusted domain object, containing the name and SID of the trusted domain, and a secret object, containing the password received.
delegation
Delegation

In distributed systems controlled invocation takes on a

new dimension.

A user may login at a local node and execute a

program on a remote node.

To obtain access to resources the program will need

the relevant access rights.

Typically the program is endowed with the access rights of the

user and runs with the access rights on the remote host.

delegation11
Delegation

So the program is running with the access rights

delegated by the user.

Users may not feel too comfortable about releasing

their rights to an unknown host!

For example, if there is weak protection on the remote

host, an attacker may grab the users access right and

use it for an illicit purpose.

For popular services one can create a proxy users to

deal with remote service requests.

security enforced
Security enforced

Once policies are sorted out, these must be enforced

  • Where do you authenticate the user?
  • Where do you make an access control decision?

There are several possible approaches:

  • Use a Kerberos type mechanism with
    • An authentication server and
    • Ticket granting servers
  • Install a firewall to control access to an internal network.
authentication
Authentication

Unprotected passwords transmitted over public

networks are an obvious vulnerability.

We shall consider two security enforcement schemes:

  • A central security enforcement scheme: Kerberos
  • A local security enforcement scheme: DSSA/SPX
a central security enforcement scheme kerberos
A central security enforcement scheme Kerberos
  • Authentication is based on two basic concepts: tickets
  • and security servers.
    • Kerberos authentication server(KAS):
    • Authenticates principals at login and issues tickets which are valid for one login session and enable principals to obtain other tickets from ticket-granting servers.
          • Ticket granting servers (TGS):
    • Issue tickets that give principals access to network services.
kerberos
Kerberos

TGS

4

3

5

2

  • A,TGS,L1,N1
  • eKa(TGS,Ka,tgs,Ticketa,tgs,L1,N1)
  • A,B, L2,N2 ,Ticketa,tgs,eKa,tgs(A,T3)
  • eKa,tgs(B,Ka,b,Ticketa,b,L2,N2)
  • eKa,b(A,T4),Ticketa,b
  • eKa,b(T4)

Ticketa,tgs= eKtgs(Ka,tgs,A,T1,L1)

Ticketa,b = eKb(Ka,b,A,T2,L2)

KAS

A

B

1

6

kerberos16
Kerberos

Remarks:

In the basic Kerberos scheme the session keys are symmetric.

The encryption keys Ka (or Kb) can be symmetric, or alternatively

Public Encryption Keys may be used.

Revocation:

The KAS and TGS update their access rights database.