WOOYOUNG KIM

1
8.1 Fundamentals of Computer Security

• WOOYOUNG KIM
• FALL 2009

2
Outline

• Fundamentals of Computer Security
• Recent Study
• Future work

3
Fundamental of Computer Security 1
Randy Chow, Theodore Johnson, Distributed
Operating Systems Algorithms, 1997
4
Contents

1. Goal
2. Security Policies, Models, and Mechanisms
3. Security Issues in Distributed Systems

5

1. Goal

• Secrecy protection from unauthorized disclosure
• Integrity protection from unauthorized
  modification
• Availability protection from denial of service
  (DoS)
• Reliability fault-tolerance
• Safety tolerance of user faults

6

1. Security Policies, Models, Mechanisms

• Four categories of common security threats
• Interruption, interception, modification,
  fabrication.
• Fundamental approach
• Authentication. Authorization. Fault-tolerance.
• Policy user requirements
• Model formal representation of policies
• Discretionary separation of users and data
  under on a individual basis.
• Mandatory requires access control of all
  subject and objects under its control on a
  system-wide basis.
• Mechanism enforce protection

7

1. Security Issues in Distributed Systems

• Additional Goal
• Interoperability effective information
  exchange.
• Transparency uniform view of a system.
• Approaches
• Additional layer of software
• Redesign the system
• Issues
• Structure Client/server paradigm
• Where to put security services.

8
Recent Study 2
Naqvi, S. Riguidel, M., "Security architecture
for heterogeneous distributed computing systems,"
Security Technology, 2004. 38th Annual 2004
International Carnahan Conference on , vol., no.,
pp. 34-41, 2004
9
Contents

1. Introduction
2. Grid Computing
3. Challenges (of Integrating Heterogeneous Devices
   and Networks in the Grid)
4. Proposed Security Architecture
5. Conclusions

10
Introduction

• Grid Computing
• Security problem
• heterogeneity involves different administrative
  domains.
• Security requires specialized Grid-enabled tools.
• Mobile Computing
• Harvesting the wireless mobile devices within the
  computational Grid is a challenge.
• Recent works in nanotechnology make it possible
  to develop low-power, battery-operated devices
  for grid computing.
• High level of security is necessary.

11
Introduction Contd

• Goal
• Develop an infrastructure for the secure
  integration of heterogeneous mobile devices in
  the distributed computing environments.

12
Grid Computing

• Grid computing focuses on large-scale pervasive
  resource sharing, virtual and pluggable
  high-performance orientation.
• Problem coordinated resource sharing and problem
  solving in dynamic, multi-institutional virtual
  organizations.
• Virtual Organization (VO) a set of individuals
  and/or institutions defined by such sharing rules.

13
Grid Computing Contd

• Infrastructure Requirements
• Security
• Resource Management
• Information Services
• Data Management
• Rising concerns
• Significant changes in accessing Grid resources
• Introduce new security concerns.

14
Challenges

• The heterogeneous mobile consumer devices
  connected through a potentially unreliable
  wireless network poses great security challenges,
  especially if they function as gateways to the
  Grid resources.

15
Challenges Contd

• Challenges of Integrating Heterogeneous Devices
  and Networks in the Grid
• Bandwidth multi-path disturbances, power-signal
  degradation, inter-cell hand-off, always-on
  characteristics.
• Power Supply
• Software Support
• Key Management Scheme for Smart Devices

16
Challenges Contd

1. Security Gaps middle boxes

Example of security Gap If the SSL session was
broken at C and re-established, then result in
security gaps.
17
Challenges Contd

• Heterogeneous Security Solutions
• Security is always an issue with mobile wireless
  devices since wireless transmission can be widely
  attacked.
• Various security mechanisms and protocols have
  been developed.
• But this created a heterogeneous security
  environment.
• Very little research on coordinating a set of
  distributed security modules.
• Security service relies on establishment of
  Security Associations (SA), but two devices with
  different security capabilities cannot
  communicate and set up SA.

18
Challenges Contd

• Efforts
• Develop cryptographic algorithms for efficient
  utilization and management.
• There is tradeoff between high-degree security
  and high speed communication
• Challenge 1- Managing the diverse security
  capabilities so that an end-to-end security
  service can be provided with the highest
  performance possible
• Challenge2-managing security capabilities so that
  they can be reconfigured dynamically upon route
  changes, policy update, detection of intrusion or
  security service degradation etc., to maintain
  adequate levels of end-to-end security service.

19
Proposed Security Architecture

• Computational Grids is steeped in complex and
  dynamic network environments.
• Networks have ephemeral nodes, coming and leaving
  at any time in unpredictable ways.
• Computer-based systems can be mobile.
• These introduce peculiar challenging security
  requirements for Grid applications.

20
Proposed Security Architecture Contd

• Security Requirements for Grid applications and
  the solution
• Trust and Reputation
• The time factor influences the trust.

Trust can be rapid (OAC) or sluggish (OBC)
depending on the various parameters for trust.
If trust lost at t1, considerable time is
required for retrieval.
Trust vs. Time graph
21
Proposed Security Architecture Contd

• Entities may form alliances.
• The trust model should compute the eventual trust
  based on a combination of direct trust and
  reputation and should be able to weigh the two
  components differently.

Di
Dj
Di Trustworthiness of Dj is based more on the
direct relationship than the reputation of
Dj. Direct relationship (trust level in the
direct-trust tableDTT) X (decay
function)? Reputation AVG(product of the trust
level in the reputation trust table
RTT.)? Propose RTTDTT, and introduce the
recommender trust factor R
22
Proposed Security Architecture Contd

• Semantic Interoperability
• For interoperability, need to examine
• Separation of symbol and concept
• Nature of anthologies and their role
• Difficulties for effective communication
• Must provide data separation between trusted and
  untrusted systems.
• VO determines levels of trustworthiness for its
  various actors.
• Access control decisions are made by comparing a
  users level of trustworthiness with a
  sensitivity level already marked.
• Application service must be provided for several
  operational environments.

23
Proposed Security Architecture Contd

• Secure and Trusted Time Stamping Authority
• Signed document should contain a secure
  timestamp.
• Propose the construction of a secure and trusted
  time stamping authority by obtaining time for
  stamping from a precise clock that is synchronous
  to two atomic clocks.
• Digital signature is obtained by using the RSA
  cryptosystem, and a secret key of a time stamping
  authority is stored at distributed servers.
• For protection, the trusted clock frequently
  changes its location and the locations are
  computed with a random number of generator.

24
Proposed Security Architecture Contd

• Space Consideration
• Related to spatial-awareness
• Primitive level space is the network space,
  distance are measured with hops.
• Can include more physically grounded concepts of
  space, requiring some computing scenario
• Can map the peers of a network in any sort of
  virtual space, which should be supported by an
  appropriate routing mechanism.

25
Proposed Security Architecture Contd

• Context-Awareness
• Must transparently determine the sources and
  handle a high degree of context changes.
• Propose a context-awareness module.
• Environment Role Activation Service
• Maintains information on the system state.
• Context Management Services
• Collect environment variables and their
  associated values
• Smart Sensors
• Collect useful security-relevant data.

26
Proposed Security Architecture Contd

• Context-Awareness module in the Security
  Architecture

user
Authorization server
Authentication server
resources
Environment Role Activation Service
Context Management
Smart Sensors
27
Proposed Security Architecture Contd

• Secure Code Mobility
• Mobile code/agent is exposed to various security
  threats
• The only existing defense is using trusted
  hardware
• Propose a generic secure computation service that
  performs some cryptographic operations on behalf
  of the mobile code.

28
Proposed Security Architecture Contd

• Virtualization of Security Services
• Virtualization of security services is having the
  absolute freedom to choose the underlying
  security mechanism.

User domain user, local resource, authentication
server Target domain target resources,
authorization server, a local CA, and access
policy. Between two domains, need an intermediary
architecture. Security services including
pluggable security services, security units of
two domains virtualizes the security dialogues.
29
Proposed Security Architecture Contd

• Pluggable Security Services
• Propose to extend the concept of security as
  services to security as pluggable services.
• This extension permits the evolution of security
  infrastructure with less impact on the resource
  management functionalities.
• It permits the users and resource providers to
  configure the security architecture based on
  their requirements and satisfaction level.

30
Proposed Security Architecture Contd

• Evaluation of Security Quality
• Quality of Protection (QoP) is defined in generic
  security service application program interface
  (GSS-API)
• Propose Quality of Security Service (QoSS) is as
  an extension of QoP to cover a broad range of
  security services.
• QoSS allows ranges of security to be specified,
  giving the opportunity to dynamically adjust to
  fit the security needs.
• QoSS can be used for the evaluation of user
  mobility in ubiquitous environments in
  heterogeneous devices.

31
Conclusions

• Security is one of the biggest challenges for the
  coupling of mobile devices and geographically
  distributed computers.
• Propose a new approach to deal with the
  challenges by the Grid.
• The proposed approach is flexible and adaptive.
• The design is consistent but fine-grained levels
  of trust and security in heterogeneous
  distributed computing systems.

32
Future Works

• The approach is a first attempt for the
  development of an adaptive Grid security
  mechanism.
• A number of tests and simulations are required
  before it can be effectively implilented on a
  real Grid computing system.

33
Reference

1. Randy Chow, Theodore Johnson, Distributed
   Operating Systems Algorithms, 1997
2. Naqvi, S. Riguidel, M., "Security architecture
   for heterogeneous distributed computing systems,"
   Security Technology, 2004. 38th Annual 2004
   International Carnahan Conference on , vol., no.,
   pp. 34-41, 11-14 Oct. 2004URL http//ieeexplore.
   ieee.org/stamp/stamp.jsp?arnumber1405366isnumber
   30459

34
Thank You