DS-week8

Security in Distributed Systems

  • Communication between users or processes
  • Authorization

main method for (1) is secure channel

Methods for (2) are called access control

Relationship between Security and Dependability

  • dependability involves availability, reliability, safety and maintainability

  • Confidentiality: information is disclosed only to authorized parties

  • Integrity: System’s assets can be made only in an authorized way

Security Threats

  • interception: unaauthorized party gain access to data or service
  • interruption: service or data becomes unavailable
  • modification: unauthorized changing of data
  • Fabrication: additional data are generated that would normally not exist

Security Mechanisms

  • Encryption: transform data into something an attacker cannot understand
    • Symmetri: same secret value(key) used for encryption and decryption
    • Asymmetric: different key
  • Authentication: verify the identity of a user based on secret information(eg. password)
  • Authorization: check whether a lcient is authorized to perform the action requested
  • Auditing: trace which clients accessed what and in which way

Cryptography 密码学

suppose S wnats to send message m to R

  1. encrypts into an unintelligible message m’

  2. send m’ to R

  3. R decrypt the received message into m

Secure channels

  • protects senders and receiver againset interception modification and fabrication

  • protecting against interception is done by ensuring confidentiality: cannot access by unauthorised parties

  • protecting against modification and fabrication is done by protocols for mutual (相互的)authentication and message integrity

  • confidentiality is by encrypting a message before sending it

  • integrity can be done by digital signatures

    在这张图中,Alice用私钥对m加密计作KA-(m),再用Bob的公钥加密计作KB+(m, KA-(m)), Bob使用自己的私钥KB-对外层的公钥KB+解密,再使用Alice的公钥KA+对Aloce的私钥KA-解密

Controller access

  • protecting it against requests generated by unauthorized subject
  • enforced by a program called a reference monitor
  • a reference monitor records which subject may do what and decides where allowed
  • Referene monitor should be impenetrable(坚不可摧的) by its very nature