SECURITY CHAPTER OUTLINE Upon completion of this chapter, students should be able to: Introduction to security Secure channels Access control Secure naming Security management180 Distributed Systems a dev ocesses, Securit Security is a broad term that covers a multitude of technologies, Se gan covtena whee involves many things, including authenticating users and data, ein. oy deceit ae are at rest (eg, stored in files) or in motion (moving over 4 neti Nt wrong IP address for masquerading as another server or user, providing false data (e-8 DNS query), and physical premises security. ; Security in distributed systems introduces two specific concerns that centralized suns do not have, Te firsts the use ofa network where contents may be seen by other, possibly malicious, parties. The second is the use of servers. Because clients interact with services (appl aa running on a server, the application rather than the operating system is ees le for authenticating the client and controlling access to services. Moreover, physical mee to the system and the security controls configured for the operating system may be unknown to the client. Security Goals Security is about keeping systems, programs, and data secure. It addresses three broad areas: confidentiality, integrity, and availability. Together, these are referred to as the CIA Triad. Availability faxonomy of security goals (CIA triad) © Confidentiality: Confidentiality prevents the disclosure of information to unauthorized people, resources and processes. Another term for confidentiality is privacy. Organizations restrict access to ensure that only authorized operators can use data or other network resources. For example, a programmer should not have access to the personal information of all employees. Organizations need to train employees about best practices in safeguarding sensitive information to protect themselves and the organization from attacks. Methods used to ensure confidentiality include data encryption, authentication, and access control. Integrity: Integrity is the accuracy, consistency, and trustworthiness of data during its entire life cycle. Another term for integrity is quality. Data undergoes a number of operations such as capture, storage, retrieval, update, and transfer. Data must remain unaltered during all of these operations by unauthorized entities, Methods used to ensure data integrity include hashing, data validation checks, data consistency checks, and access controls. Data integrity systems can include one or more of the methods listed above. Figure 9. neeo © a ilability of ing "y is the principle used to describe the need to and system failures cg nat” YSEMS and services at all tmes, Cyberattacks example, interupti, can prevent access to information systems and services. For down may aah "8 “ Availability of the website of a competitor by bringing it © an advantage to its rival. These denial-of-servi threaten system aval These denial-of-service (DoS) attacks ity and prevent legiti i information systems when a Spitimate users from accessing and using Methods used to ensure availabili increased system Tesiliency, and software, « _ Availability: Data availabili maintain avai ity include system redundancy, system backups, equipment maintenance, up-to-date operating systems and plans in place to recover quickly from unforeseen disasters. Security Threats and Attacks A potential for violation of security, which exists when there is a circumstance, capability, action, or event that could breach security and cause harm i.e., a security threat is a possible danger that might exploit a vulnerability, There are four types of security threats: « _ Interception: It refers to the unauthorized party gaining access to a service or data. eavesdropping, illegal copying. Source Destination Figure 9.2: Interception Interruption: It refers to the situation in which services or data becoming unavailable, unusable, destroyed and so on. E.g,, intentional file corruption, denial of service attacks. eo °° Figure 9.3: Interruption © Modification: Unauthorized changing of data or service so that it no longer adheres to its original specification. E.g., changing values in a data file, changing program to log secretly user's activities Destination Soure Destination Figure 9.4: Modification182 Distributed Systems * Fabrication: It refers to the situation in which additional data or ee is ae that would normally not exist, Eg, adding entry to password file or database, breaking into a system by replaying previously sent messages. ination Source Destin: Figure 9.5: Fabrication Among four, interruption, modification, and. fabrication can each be seen as a form of data falsification. Security attack is an assault on system security that derives from an intelligent threat; ie,, and intelligent act that is a deliberate attempt to evade security service and violate the security policy of a system. The goals of security can be threatened by security attacks. Threat to availability ‘[Fevevina | [Fepuaiaton | Threat to integrity Figure 9.6: Classification of attacks with relation to security goals ireate to confidentiality * Snooping refers to unauthorized access to or interception of data. © Traffic analysis refers to obtaining some other type of information by monitoring online traffic. . Modification means that the attacker intercepts the message and changes it. * Masquerading or spoofing happens when the attacker impersonates somebody else. ‘ © Replaying means the attacker obtains a copy of a message sent by a user and later tries to replay it. © Repudiation means that sender of the message might later deny that she has sent the message; the receiver of the message might later deny that he has received the message. Denial of service (DoS) is a very common attack. It may slow down or totally interrupt the service of a system.gecutity Policies and Mechanisms " curity policy describes precisely which acti 7 nyse precisely which actions the entities in a system are allowed to take and which ones are prohibited. Entities include users, | policy has been laid down, it becomes by which a policy can be enforced ie., t security mechanisms are: gervices, data, machines, and so on. Once a security sible to concentrate on the security mechanisms security mechanisms implement security policies. Importan\ 1. Encryption: It provides a means to im 7 plement data confidentiality. In addition, it allows user to verify data modification so, it also provides support for integrity checks. 2 ‘Authentication: It is used to verify the claimed identity of a user, client, server, host or other entity are authentic. Typically, users are authenticated by password, but there are many other ways to authenticate clients, 3. Authorization: After a client has been authenticated, authorization is to check as a weather the client is authorized to perform specific task. 4, Auditing: Auditing tools are used to trace which client accessed what information, when and in which way they did so. Although auditing does not provide any protection against security threats. Audit logs can be useful for the analysis of a security breach, and subsequently taking measures against intruders. Design Issues A distributed system, or any computer system for that matter, must provide security services by which a wide range of security policies can be implemented. There are a number of important design issues that need to be taken into account when implementing general-purpose security services. Major design issues are: focus of control, layering of security mechanisms, and simplicity © Focus of control In consider to the protection of a distributed application, three different approaches that can be followed. First approach is protection on data i.e,, various operations can be performed, but main concern is data integrity. Data is protected against wrong or invalid operations 9 ¢ ah 2 Invocation Method Figure 9.7: Protection on data cg SS a I Bi chi cl184 Distributed Systems ion i concern is access contr Second approach is protection on invocation ie, main a mechanisms. | Data is protected against | unauthorized invocations Figure 9.8: Protection on invocation Third approach is protection on user i.e., main concern is defining roles that users have Data is protected by checking the role of invoker Figure 9.9: Protection on user Layering of security mechanism An important issue in designing secure systems is to decide that where security mechanisms are placed. Figure below separates general-purpose services from communication services. The separation is important for understanding the layering of security in distributed systems and, in particular, the idea of trust. Security is technical; trust is emotional. Depending on the trust a client has in how secure the services are in a particular layer. [Transport] ‘Application Middleware OS Services Datalink High-level protocols |OS kernel] Figure 9.10: Logical layering of a distributes system .