Distributed SystemsFundamentals of Computer Security

DM Rasanjalee Himali

CSc8320 – Advanced Operating Systems (SECTION 8.1)

FALL 2009

Section I

The Basics

Introduction Computer security and fault tolerance

problems are more critical in distributed systems◦ Reasons:

Open architecture Need for communication across heterogeneous

systems across communication links.

Solutions are closely related to many of the fundamental issues in the design of distributed system.

Introduction [contd.] A secure (dependable) computer system:

◦ A robust system that exhibits the characteristics of: Secrecy Integrity Availability Reliability Safety

Introduction [contd.] Secrecy:

Privacy / Confidentiality Protection from unauthorized disclosure of system objects

Integrity: System objects can be modified only by authorized users

Availability: Authorized users should not be prevented from accessing to which

he or she has legitimate right of access

Reliability & Safety: Fault tolerance features for unintentional system and user faults

Computer security in a narrow sense : secrecy + Integrity + availability due to intentional intrusions. In a broader sense reliability & safety is desired.

Fundamentals of computer security The world of Computer Systems can be represented by:

Subjects: Active entities that access objects

Objects: Passive entities that must be protected Examples: data, hardware, software and communication links

◦ Access Control Policy: Describes how objects are to be accessed by subjects

◦ Flow Control Policy: Describes how the information flow between objects and

subjects is to be regulated

Security Threats Security threats may come from:

◦ External intruders, ◦ internal intruders, ◦ unintentional system faults or user faults

Four categories :◦ Interruption

Ex: loss of data, denial of service◦ Interception

Related to security◦ Modification

violations of system integrity◦ Fabrication

violations of system integrity

Interruption In an interruption attack, a network service is made

degraded or unavailable for legitimate use.

Interruption attacks are attacks against the availability of the network.

These attacks can take the form of:◦ Overloading a server host so that it cannot respond.◦ Blocking access to a service by overloading an

intermediate network or network device.◦ Redirecting requests to invalid destinations.

Interruption

Often called “Denial of Service” or “DoS” attacks.

sender receiver

channel data, control messages

data

Alice Bob

Trudy

Interception

In an interception attack, an unauthorized individual gains access to confidential or private information.

Interception attacks are attacks against network confidentiality.

These attacks can take the form of:◦ Eavesdropping on communication.◦ Illicit copying of files or programs.◦ Obtaining copies of messages for later replay.

Interception

sender receiver

channel data, control messages

data data

Alice Bob

Trudy

data

Modification In a modification attack, an unauthorized individual

not only gains access to, but tampers with information, resources, or services.

Modification attacks are attacks against the integrity of the network.

These attacks can take the form of:◦ Modifying the contents of messages in the network.◦ Changing information stored in data files.◦ Altering programs so they perform differently.◦ Reconfiguring system hardware or network topologies.

Also called “man in the middle” attacks.

Modification

sender receiver

channel data, control messages

datadifferent

data

Alice Bob

Trudy

Fabrication In a fabrication attack, an individual inserts counterfeit

information, resources, or services into the network.

Fabrication attacks are attacks against the authentication, access control, and authorization capabilities of the network.

These attacks can take the form of:◦ Inserting messages into the network using the identity of another

individual.◦ Replaying previously intercepted messages.◦ Spoofing a web site or other network service.◦ Taking the address of another host or service, essentially

becoming that host or service.

Also called “masquerading” attacks.

Fabrication

senderdata

AliceTrudy

receiver

data

BobTrudy

Security Threat Prevention Authentication & verification

◦ Exclude external intruders

Authorization validation◦ Exclude internal intruders

Fault-tolerance Mechanisms◦ Unintentional faults

Data encryption◦ Prevents the exposure of information & maintain privacy

Auditing◦ Passive form of protection◦ Ex: Auditing of an active log

Security Threats and protection Models

SUBJECT OBJECTData access or Information Flow

SECURITY THREATS PROTECTION MODELS

InterruptionInterceptionModification

AuthenticationAuthorizationFault-tolerance

Fabrication EncryptionAuditing

Section II

Related Work

Cloud Computing [3] Cloud Computing = Virtual Centralization

The service and data maintenance is provided by some vendor

Client/customer has no control over:◦ where the processes are running or ◦ where the data is stored.

Uses the internet as the communication media

Leading vendors, including Amazon, Google, IBM and Microsoft, have all released cloud computing capabilities for end users to make use of their services

◦ Ex: Amazon,storage services (S3), computing capacity in the elastic compute cloud (EC2) services and application services for e-commerce (AWS).

Cloud Computing Security Vendor has to provide some assurance in service

level agreements (SLA) to convince the customer on security issues.

Guaranteeing the security of corporate data in the "cloud" is difficult, as they provide different services ◦ Ex: Software as a service (SaaS), Platform as a service

(PaaS), and Infrastructure as a service (IaaS).

The SLA is the only legal agreement between the service provider and client.

The only means the provider can gain trust of client is through the SLA, so it has to be standardized.

SLA has to describe different levels of security and their complexity based on the services to make the customer understand the security policies that are being implemented.

This paper, describe security issues that have to be included in SLA.

Service Level Agreement SLA should: • Identify and define the customer’s needs • Provide a framework for understanding • Simplify complex issues • Reduce areas of conflict • Encourage dialog in the event of disputes • Eliminate unrealistic expectations

How to standardize SLA’s1. Privileged user access

Sensitive data processed outside the enterprise – risk Get as much information about the people who manage our data.

2. Regulatory compliance Customers are ultimately responsible for the security and integrity

of their own data, even when it is held by a service provider Traditional service providers are subjected to external audits and

security certifications. Cloud computing providers who refuse to undergo this scrutiny

are signaling that customers can only use them for the most trivial functions.

3. Recovery Even if we don't know where your data is, a cloud provider should

tell us what will happen to our data and service in case of a disaster.

Any offering that does not replicate the data and application infrastructure across multiple sites is vulnerable to a total failure.

Service-level threats and vulnerabilities

Service-level Solutions

Section III

Future Work

Cloud Computing Security Security in cloud brings complexities that needs to be

addressed:

(1) Since multiple providers are involved in the cloud, SLA management is complex.

In normal systems, SLAs are arrived at between a single provider and the consumer.

In a complex cloud transaction with multiple providers, how would SLAs be managed?

(2) Data privacy is another serious concern. ◦ How would privacy concerns be addressed by enterprises which

wished to store data in the cloud? ◦ This could be further complicated by legislative compliance issues.

(3) The ability to dynamically provision and de-provision security information is crucial for cloud providers, as enterprise consumers will have a constantly changing user base.

References [1] Randy Chow, Theodore Johnson, “Distributed

Operating Systems & Algorithms”, Addison Wesley, 1997

[2] Balachandra Reddy Kandukuri, Ramakrishna Paturi V, Dr. Atanu Rakshit “Cloud Security Issues”, IEEE International Conference on Services Computing, 2009

[3] Abhijit Belapurkar, Anirban Chakrabarti, Harigopal Ponnapalli, Niranjan Varadarajan, Srinivas Padmanabhuni, Srikanth Sundarrajan, “Distributed Systems Security” Wiley, 2009

[4]www.csd.uwo.ca/courses/CS457a/notes/