Distributed System Concepts and Architectures by wanghonghx

VIEWS: 6 PAGES: 18

									Distributed Computer Security

 8320 Advanced Operating Systems
 Lanier Watkins
Outline
   Distributed Computer Security-1997
       Computer Security/Fault Tolerance
       Secure System
            Secrecy
            Integrity
            Availability
            Reliability
            Safety
   Fundamentals of Computer Security -1997
       Subjects
       Objects
   Security Policies, Models, and Mechanisms-1997
Outline (Continued)
       Common Security Threats
            Interruption
            Interception
            Modification
            Fabrication
       Security Approaches
            Authentication
            Authorization
            Fault-Tolerance
            Encryption
            Auditing
       Security Models
   Security Issues in Distributed Systems-1997
       Interoperability
       Transparency
Outline (Continued)
    Grid-based Intrusion Detection System-2003
    Cluster Security with NvisionCC: Process Monitoring by Leveraging
     Emergent Properties-2005
    GHIDS:Defending Computational Grids against Misusing of Shared
     Resources-2006
    Passive Identification of Unauthorized Use of Grid Computing
     Resources-2007
Distributed Computer Security-1997
   Security and Fault Tolerance
       Critical in Distributed Systems because of openness of environment
       Solutions are closely related to design issues
   Secure/Dependable System
       Secrecy
             Protection from unauthorized disclosure
       Integrity
             Only authorized users modify system objects
       Availability
             Authorized users are not prevented from accessing respective objects
       Reliability and Safety are fault-tolerant features
Fundamentals of Computer Security-1997
   Computer Systems
       Can be represented by:
            Subjects
                 Active entities that access objects
            Objects
                 Passive entities that must be protected
                 Examples: data, hardware, software and communication
                  links
       Access Control Policy
            Describes how objects are accessed by subjects
       Flow Control Policy
            Regulates the information flow between objects and
             subjects
Security Policies, Models, and Mechanisms-1997
   4 Categories of Security Threats
        Interruption
             Loss of data and denial of service
        Interception
             Related to secrecy
        Modification and Fabrication are violations of system integrity
   3 Fundamental Approaches
        Authentication
             Verification
        Authorization
             Extending permission
        Fault Tolerance
             Sustaining faults
        Encryption
             Prevents exposure of information and maintains privacy
        Auditing
             Passive form of protection
Security Policies, Models, and Mechanisms-1997

   Security Model
       Discretionary
            Provides separation of users and data
            E.g. access control matrix
       Mandatory
            Requires access control of all subjects and orders under its control on a
             system wide basis
            E.g. multilevel security, all subjects and objects in the system are
             assigned a sensitivity label. The labels are used as the basis for
             mandatory access control decisions.
Security Issues in Distributed Systems-1997
   Interoperability and Transparency
       Gives rise to security issues
   System Architecture
       2 Approaches to Implementing New Services
            Add an additional layer of software that runs on top of the existing
             system to provide the new services
            Redesign the system so that the new services can be executed more
             efficiently in the kernel mode
       Client/Server Model
            Typically used by Distributed Operating Systems
            Fits well with object oriented paradigm
            Objects to be protected are associated with servers managing objects
            Each object has a set of allowable well formed operations that can be
             invoked by the client processes
Security Issues in Distributed Systems-1997
    Client/Server Security
         A client initiates an access to an object through the kernel
         Kernel authenticates the client and then invokes the object server
         Implemented via Interprocess Communication at transport layer
         Supported by secure host-to-host communications at the network
          layer and node to node communication at the link layer
         Secure distributed system consists of communicating security
          servers using trusted gateway.
    Simulate a Secure Private Network Over the Public Network
              Balances interoperability and transparency
              Interdomain authentication
                    Authorized by Interdomain access control
              Secure message transfer between domains
                    Depends on successful interdomain authentication
              Interdomain access control
                    Depends on ability to transmits secure request/reply messages
              Security Transparency maintained via secure APIs (TAPI)
                    E.g. GSS-API developed by DEC
Grid-Based Intrusion Detection System -
(VChoon et al,2003)
   Grid Based Intrusion Detection System Proposed
        Design
             Grid environment
                     GIDS must be applicable in Grid environment
             Autonomous
                     GIDS must be independent of user intervention
             Flexible
                     GIDS must be customizable
             Scalable
                     GIDS must cover many nodes
             Reusable
                     GIDS code must be easily deployed
             Adaptable
                     GIDS must have on demand enablement
             Low Overhead
                     GIDS must not have significant system impact
             Timeliness
                     GIDS must solve problems just in time
Grid-Based Intrusion Detection System -
(VChoon et al,2003)
     Approach
          GIDS acts as a Virtual Organization
          GIDS shares its resources in the form of application services
     Services
          Auditing
          Anomaly type of intrusion detection
          Signature Matching
          Policy Language
          Secure Communication
          Monitoring
          Distributed Database
     Architecture
          Agent-daemon running on machine being protected
          Server-Service provider
          Manager-Control center of the VO
          Secure Communicator-Provides secure communication for VO
Cluster Security with NVissionCC -(Koenig
et al,2005)
   Cluster Security Monitoring Tool
        Design
             Performance Impact
             Central Control
             Leverage Existing Software
             Configurability
             Effectiveness
        Approach/Services
             Monitors processes across cluster nodes
             Looks for open network ports
             Looks for irregular network traffic patterns
             Looks for modifications to critical files
             Raises alerts when deviations from profiles are detected
        Architecture
             PCP daemon
             Collector Node
             Data Analyzer
             User Interface
GHIDS: Defending Computational Grids
Against Misusing of Shared Resources -
(Feng et al,2006)
   Grid Specific Host Based Intrusion Detection System
        Design
             Performance Impact
             Central Control
             Leverage Existing Software
             Configurability
             Effectiveness
        Approach/Services
             Uses Bottleneck Verification (Host)
                     Detects users that go from user to super user improperly
             Monitors process creation, modification and destruction (Host)
             Monitors accessing of critical resources (Host)
             Grid User ID and Host Level ID stores when Grid services used
        Architecture
             Host and Grid level deployment
             Virtual Kernel Device created
             Grid Middleware modified
             Data Analyzer
             User Interface
Non-Intrusive Security Monitoring in
Cluster Grid Networks -(Watkins,2007)
   Non-Intrusive Cluster Security Monitoring Tool
        Design
             Performance Impact
             Central Control
             Leverage Existing Software
             Configurability
             Effectiveness
        Approach/Services
             Host Level and Grid Level Support
             Identifies unauthorized use resources
             Identifies Misuse of resources
             Raises alerts when deviations from profiles are detected
        Architecture
             NO daemons
             Collector node
Non-Intrusive Security Monitoring in
Cluster Grid Networks -(Watkins,2007)


         Packet Analysis
          (TCPdump)



          Preprocessor
            (Wavelet
           Transform)


       Feature Extraction
      (Energy + Transients)


           Detection &
            Decision



         CPU Utilization
          Identification
         Non-Intrusive Security Monitoring in
         Cluster Grid Networks -(Watkins,2007)




 •Problem has inherent uncertainty
 •Identification Scheme              CPU Speed           Average Energy


     •Use Fuzzy Operators            2 GHz- 70% Load       50287362.90


     •Use Type I Fuzzy               450 MHz- 70% Load     50400246.44


     •Use Type II Fuzzy


Min(PIII,PIV)                             OR
Max(PIII,PIV)       OR
Average(PIII,PIV)
     References
Distributed Operating Systems & Algorithms,
Randy Chow and Theodore Johnson, Addison Wesley, 1997
“Grid Based Intrusion Detection System”, O. Tian, A. Samsudin, IEEE 2003

“Cluster Security with NVisionCC:Process Monitoring by Leveraging Emergent Properties”,

 Koeng et al,IEEE 2005
“GHIDS:Defending Computational Grids Against Misusing of Shared Resources”, Feng et all, IEEE2006

								
To top