Computer security distributed system security
Download
1 / 16

Computer Security Distributed System Security - PowerPoint PPT Presentation


  • 397 Views
  • Uploaded on

Computer Security Distributed System Security Distributed System Security Objectives Appreciate the security problems in distributed systems Examine which system layer is best suited for implementing security Analyze the security mechanisms currently used in distributed systems.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Computer Security Distributed System Security' - ostinmannual


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Computer security distributed system security l.jpg

Computer SecurityDistributed System Security


Distributed system security l.jpg
Distributed System Security

Objectives

  • Appreciate the security problems in distributed systems

  • Examine which system layer is best suited for implementing security

  • Analyze the security mechanisms currently used in distributed systems.


Distributed system security introduction l.jpg
Distributed System SecurityIntroduction

Moving from a centralized system to a

distributed system has a major impact on

security.

It is essential to understand the implicit

assumptions that underpin the security in a

centralized system.


Security policies l.jpg
Security Policies

Users are not necessarily registered at the

node they are accessing an object.

  • How do you authenticate a user?

    • Based on:

      • the user identity

      • The network address the user operates from

  • What is the basis for access control mechanisms

    • Based on

      • The distributed service the user invokes (the access operation).


Security policies5 l.jpg
Security Policies

Unix takes the user identity approach for

remote access services such as:ftp or telnet, rlogin

  • telnet and rlogin create a remote virtual terminal.

    There are several major vulnerabilities with this

    approach.

    How will users access rights travel?


Security policies6 l.jpg
Security Policies

Example:

You send a read request for data held at a remote server.

The server writes the data to an output channel connecting

back to you.

Which access rules should the server apply: those for

read access or those for write access?

You may decide that users coming from certain

“trusted” nodes need not be authenticated again.

In Unix trusted hosts can be specified in the.rhostsfile

And trusted users in thersh (remote shell) command


Security policies7 l.jpg
Security Policies

The trust relationships in Windows NT provide a more

sophisticated for giving users in a trusted domain

access to resources in a trusting domain.

One way trust relationship

  • trusted domain

  • trusting domain

    User accounts from the trusted domain are valid in the

    trusting domain.


Security policies8 l.jpg
Security Policies

We also have two-way or more trust relationships.

However it is important to note that trust is not

transitive!

A trust relationship is set up as follows:

  • An administrator sets up an interdomain trust account specifying the name of the trusted domain and a password for this domain.


Security policies9 l.jpg
Security Policies

A trust relationship is set up as follows:

  • An administrator sets up an interdomain trust account specifying the name of the trusted domain and a password for this domain.

  • The password is given to the trusting domain.

  • The Local Security Authority (LSA) in the trusting domain creates a trusted domain object, containing the name and SID of the trusted domain, and a secret object, containing the password received.


Delegation l.jpg
Delegation

In distributed systems controlled invocation takes on a

new dimension.

A user may login at a local node and execute a

program on a remote node.

To obtain access to resources the program will need

the relevant access rights.

Typically the program is endowed with the access rights of the

user and runs with the access rights on the remote host.


Delegation11 l.jpg
Delegation

So the program is running with the access rights

delegated by the user.

Users may not feel too comfortable about releasing

their rights to an unknown host!

For example, if there is weak protection on the remote

host, an attacker may grab the users access right and

use it for an illicit purpose.

For popular services one can create a proxy users to

deal with remote service requests.


Security enforced l.jpg
Security enforced

Once policies are sorted out, these must be enforced

  • Where do you authenticate the user?

  • Where do you make an access control decision?

    There are several possible approaches:

  • Use a Kerberos type mechanism with

    • An authentication server and

    • Ticket granting servers

  • Install a firewall to control access to an internal network.


Authentication l.jpg
Authentication

Unprotected passwords transmitted over public

networks are an obvious vulnerability.

We shall consider two security enforcement schemes:

  • A central security enforcement scheme: Kerberos

  • A local security enforcement scheme: DSSA/SPX


A central security enforcement scheme kerberos l.jpg
A central security enforcement scheme Kerberos

  • Authentication is based on two basic concepts: tickets

  • and security servers.

    • Kerberos authentication server(KAS):

    • Authenticates principals at login and issues tickets which are valid for one login session and enable principals to obtain other tickets from ticket-granting servers.

      • Ticket granting servers (TGS):

  • Issue tickets that give principals access to network services.


  • Kerberos l.jpg
    Kerberos

    TGS

    4

    3

    5

    2

    • A,TGS,L1,N1

    • eKa(TGS,Ka,tgs,Ticketa,tgs,L1,N1)

    • A,B, L2,N2 ,Ticketa,tgs,eKa,tgs(A,T3)

    • eKa,tgs(B,Ka,b,Ticketa,b,L2,N2)

    • eKa,b(A,T4),Ticketa,b

    • eKa,b(T4)

      Ticketa,tgs= eKtgs(Ka,tgs,A,T1,L1)

      Ticketa,b = eKb(Ka,b,A,T2,L2)

    KAS

    A

    B

    1

    6


    Kerberos16 l.jpg
    Kerberos

    Remarks:

    In the basic Kerberos scheme the session keys are symmetric.

    The encryption keys Ka (or Kb) can be symmetric, or alternatively

    Public Encryption Keys may be used.

    Revocation:

    The KAS and TGS update their access rights database.


    ad