8.1 Fundamentals of Computer Security

WOOYOUNG KIMFALL 2009

8.1 Fundamentals of Computer Security

Outline

1. Fundamentals of Computer Security

2. Recent Study

3. Future work

Randy Chow, Theodore Johnson, “Distributed Operating Systems &

Algorithms”, 1997

Fundamental of Computer Security [1]

Contents

1. Goal

2. Security Policies, Models, and Mechanisms

3. Security Issues in Distributed Systems

1.Goal

Secrecy : protection from unauthorized disclosure

Integrity: protection from unauthorized modification

Availability : protection from denial of service (DoS)

Reliability: fault-tolerance

Safety: tolerance of user faults

2.Security Policies, Models, Mechanisms

Four categories of common security threats Interruption, interception, modification, fabrication.

Fundamental approach Authentication. Authorization. Fault-tolerance.

Policy – user requirements

Model – formal representation of policies

1. Discretionary : separation of users and data under on a individual basis.

2. Mandatory : requires access control of all subject and objects under its control on a system-wide basis.

Mechanism – enforce protection

3.Security Issues in Distributed Systems

Additional Goal Interoperability – effective information exchange. Transparency – uniform view of a system.

Approaches Additional layer of software Redesign the system

Issues Structure: Client/server paradigm Where to put security services.

Naqvi, S.; Riguidel, M., "Security architecture for

heterogeneous distributed computing systems,"

Security Technology, 2004. 38th Annual 2004 International

Carnahan Conference on , vol., no., pp. 34-41, 2004

Recent Study [2]

Contents

1. Introduction

2. Grid Computing

3. Challenges (of Integrating Heterogeneous Devices and Networks in the Grid)

4. Proposed Security Architecture

5. Conclusions

1. Introduction

Grid Computing Security problem:

heterogeneity involves different administrative domains. Security requires specialized Grid-enabled tools.

Mobile Computing Harvesting the wireless mobile devices within the

computational Grid is a challenge. Recent works in nanotechnology make it possible to develop

low-power, battery-operated devices for grid computing. High level of security is necessary.

1. Introduction – Cont’d

Goal Develop an infrastructure for the secure integration of

heterogeneous mobile devices in the distributed computing environments.

2. Grid Computing

Grid computing focuses on large-scale pervasive resource sharing, virtual and pluggable high-performance orientation.

Problem: coordinated resource sharing and problem solving in dynamic, multi-institutional virtual organizations.

Virtual Organization (VO): a set of individuals and/or institutions defined by such sharing rules.

2. Grid Computing – Cont’d

Infrastructure Requirements1. Security

2. Resource Management

3. Information Services

4. Data Management

Rising concerns Significant changes in accessing Grid resources Introduce new security concerns.

3. Challenges

The heterogeneous mobile consumer devices connected through a potentially unreliable wireless network poses great security challenges, especially if they function as gateways to the Grid resources.

3. Challenges – Cont’d

Challenges of Integrating Heterogeneous Devices and Networks in the Grid

1. Bandwidth – multi-path disturbances, power-signal degradation, inter-cell hand-off, always-on characteristics.

2. Power Supply

3. Software Support

4. Key Management Scheme for Smart Devices

3. Challenges – Cont’d

5. Security Gaps – middle boxes

Example of security Gap: If the SSL session was broken at C and re-established, then result in security gaps.

3. Challenges – Cont’d

6. Heterogeneous Security Solutions Security is always an issue with mobile wireless devices since

wireless transmission can be widely attacked.

Various security mechanisms and protocols have been developed.

But this created a heterogeneous security environment.

Very little research on coordinating a set of distributed security modules.

Security service relies on establishment of Security Associations (SA), but two devices with different security capabilities cannot communicate and set up SA.

3. Challenges – Cont’d Efforts

Develop cryptographic algorithms for efficient utilization and management.

There is tradeoff between high-degree security and high speed communication

Challenge 1- Managing the diverse security capabilities so that an end-to-end security service can be provided with the highest performance possible

Challenge2-managing security capabilities so that they can be reconfigured dynamically upon route changes, policy update, detection of intrusion or security service degradation etc., to maintain adequate levels of end-to-end security service.

4. Proposed Security Architecture

Computational Grids is steeped in complex and dynamic network environments.

1. Networks have ephemeral nodes, coming and leaving at any time in unpredictable ways.

2. Computer-based systems can be mobile.

These introduce peculiar challenging security requirements for Grid applications.

4. Proposed Security Architecture – Cont’d

Security Requirements for Grid applications and the solution

1. Trust and Reputation1) The time factor influences the trust.

Trust can be rapid (OAC) or sluggish

(OBC) depending on the various

parameters for trust.

If trust lost at t1, considerable time is

required for retrieval.

Trust vs. Time graph

4. Proposed Security Architecture – Cont’d

2) Entities may form alliances.

3) The trust model should compute the eventual trust based on a combination of direct trust and reputation and should be able to weigh the two components differently.

Di Dj

Di: Trustworthiness of Dj is based more on the direct relationship than the

reputation of Dj.

Direct relationship: (trust level in the direct-trust table[DTT]) X (decay function)

Reputation: AVG(product of the trust level in the reputation trust table [RTT].)

Propose: RTT=DTT, and introduce the recommender trust

factor R

4. Proposed Security Architecture – Cont’d

2. Semantic Interoperability For interoperability, need to examine

Separation of symbol and concept Nature of anthologies and their role Difficulties for effective communication

Must provide data separation between trusted and untrusted systems.

VO determines levels of trustworthiness for its various actors. Access control decisions are made by comparing a user’s level of

trustworthiness with a sensitivity level already marked. Application service must be provided for several operational

environments.

4. Proposed Security Architecture – Cont’d

3. Secure and Trusted Time Stamping Authority Signed document should contain a secure timestamp. Propose the construction of a secure and trusted time stamping

authority by obtaining time for stamping from a precise clock that is synchronous to two atomic clocks.

Digital signature is obtained by using the RSA cryptosystem, and a secret key of a time stamping authority is stored at distributed servers.

For protection, the trusted clock frequently changes its location and the locations are computed with a random number of generator.

4. Proposed Security Architecture – Cont’d

4. Space Consideration Related to spatial-awareness Primitive level: space is the network space, distance are measured

with hops. Can include more physically grounded concepts of space,

requiring some computing scenario Can map the peers of a network in any sort of virtual space, which

should be supported by an appropriate routing mechanism.

4. Proposed Security Architecture – Cont’d

5. Context-Awarenesso Must transparently determine the sources and handle a

high degree of context changes.o Propose a context-awareness module.

Environment Role Activation Service Maintains information on the system state.

Context Management Services Collect environment variables and their associated

values Smart Sensors

Collect useful security-relevant data.

4. Proposed Security Architecture – Cont’d

Context Management

Environment Role Activation Service

Authorization server

Authentication server

resources

Context-Awareness module in the Security Architecture

user

Smart Sensors

4. Proposed Security Architecture – Cont’d

6. Secure Code Mobilityo Mobile code/agent is exposed to various security threats

o The only existing defense is using trusted hardware

o Propose a generic secure computation service that performs some cryptographic operations on behalf of the mobile code.

4. Proposed Security Architecture – Cont’d

7. Virtualization of Security Serviceso Virtualization of security services is having the absolute

freedom to choose the underlying security mechanism.

User domain: user, local resource, authentication server

Target domain: target resources, authorization server, a local CA, and access policy.

Between two domains, need an intermediary architecture.

Security services including pluggable security services, security units of two domains virtualizes the security dialogues.

4. Proposed Security Architecture – Cont’d

8. Pluggable Security Serviceso Propose to extend the concept of security as services to

security as pluggable services.

o This extension permits the evolution of security infrastructure with less impact on the resource management functionalities.

o It permits the users and resource providers to configure the security architecture based on their requirements and satisfaction level.

4. Proposed Security Architecture – Cont’d

9. Evaluation of Security Qualityo Quality of Protection (QoP) is defined in generic security

service application program interface (GSS-API)

o Propose Quality of Security Service (QoSS) is as an extension of QoP to cover a broad range of security services.

o QoSS allows ranges of security to be specified, giving the opportunity to dynamically adjust to fit the security needs.

o QoSS can be used for the evaluation of user mobility in ubiquitous environments in heterogeneous devices.

5. Conclusions

Security is one of the biggest challenges for the coupling of mobile devices and geographically distributed computers.

Propose a new approach to deal with the challenges by the Grid.

The proposed approach is flexible and adaptive.

The design is consistent but fine-grained levels of trust and security in heterogeneous distributed computing systems.

Future Works

The approach is a first attempt for the development of an adaptive Grid security mechanism.

A number of tests and simulations are required before it can be effectively implilented on a real Grid computing system.

Reference

1. Randy Chow, Theodore Johnson, “Distributed Operating Systems & Algorithms”, 1997

2. Naqvi, S.; Riguidel, M., "Security architecture for heterogeneous distributed computing systems," Security Technology, 2004. 38th Annual 2004 International Carnahan Conference on , vol., no., pp. 34-41, 11-14 Oct. 2004URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=1405366&isnumber=30459

Thank You