distributed system security presented by ajith reddy guedem
TRANSCRIPT
Distributed System Security
Presented byAjith Reddy Guedem
What is a Distributed System?
Distributed System is a collection of multiple, independent and physically separated computers
which do not share their primary memory
communicate through high-speed bus or telephone line or are a part of network
which invoke a process on another computer without the direct participation of the user
which act to the user like a single computer (single system image)
*The big advantage of distributed object systems is their modularity and flexibility. Exactly this, however, makes security more
complex.
What are the security threats in a Distributed System?
A security threat is a potential system misuse that could lead to a failure in achieving the system security goals.
Deliberate or accidental disclosure of data - Information Compromise
Knowingly or unknowingly destroying the data - Integrity Violations
Blocking or removing the system resources from being used by authorized users - Denial of service
Failure of Authentication and recording this fact – Repudiation of some fact
Bypassing of controls by malicious or negligent users - Malicious or negligent misuse
What are the vulnerabilities in a Distributed System?
Vulnerabilities are the weaknesses of the system that leave the system open to one or more threats.
Authorized user gaining access to data that is should not see
Security controls being bypassed
Eavesdropping on communication lines
Lack of accountability
Disrupting the communication between the objects
User pretending to be someone else and using the rights of the person illegally
Why is security more complex in CORBA (Distributed System)?
Since distributed system is not as simple as a client-server system there are some issues with distributed objects-
Mutual suspicion
Evolve continuously
Interactions between them are not well understood
Are polymorphic
Highly scalable and Dynamic
Highly layered
C O R B A
Is Basically a Middle Ware technology (used for
creating distributed systems) Was Invented by the Object Management
Group(OMG), a consortium of companies in 1989
Is a unifying standard for writing distributed object systems
Is Neutral with respect to platform, languages and vendor
Common Object Request Broker Architecture
C O R B A
Why Should I care about CORBA ?
You can use CORBA for legacy system integrationFor example an existing banking application written in C++ CORBA gives you the ability to preserve it and reuse it by wrapping the existing application as a CORBA object and can be called from any application
CORBA allows you for advances middle ware development If there is a middle ware service that can be generalized you are likely to find it standardized as a CORBA service
* for those who need it CORBA gives great functionality
Common Object Request Broker Architecture
C O R B A
What are the benefits of using CORBA ? CORBA is not controlled by one company
Controlled by a group of companies and hence prevents from becoming a standard that is specific to only one product or architecture
CORBA is language independent When using CORBA you invoke methods in objects that are written in different programming languages which allows legacy integration with languages such as COBOL. e.g: If you are using Java then you can use CORBA instead of Java Native Interface for invoking objects written in C++.
CORBA provides optimal value added services These are add on usable services such as Naming service, Trading service, Event service, Transaction service and other secure aspects which guard the vulnerability of distributed objects
Common Object Request Broker Architecture
C O R B A
What does CORBA offer programmers?
Programming language independence
Distinction between Interface and Implementation
Location transparency and Server activation
Automatic Stub and Skeleton code generation
Common Object Request Broker Architecture
CLIENT SERVER
ORB ORB BOA
OSAGENT OSAGENT
OSAGENT
OSAGENT
The ORB Architecture
C O R B A
ORB: The ORB layer acts as an indirect connection between the client and server
OS Agent: These act like software brokers each associated with an ORB. There may be many OS Agents in the network which communicate
with each other to get the required object reference.
BOA: An object adapter is the primary way that an object implementation accesses services provided by the ORB. Services provided by the ORB through an Object Adapter often include:
generation and interpretation of object references
method invocation, security of interactions
object and implementation activation and deactivation
mapping object references to implementations, and registration of implementations
Common Object Request Broker Architecture
C O R B A
CORBA Security(CORBASec) Corba Security is one of the CORBAservices
The best way to think of Corba Security is an invisible mechanism that insures correct user access to data resources. Developers should be able to model authorization policies based on their requirement structure and easily administrate those policies.
It’s presence is felt by all user applications developed using CORBA as well as all other CORBAservices that the manufacturer provides
It’s usage within a large application needs to be carefully tuned because it will inevitably put a load on performance
Common Object Request Broker Architecture
C O R B A
What are the security aspects of CORBA?
Ensure that the communication between distributed objects is secure distributed objects (especially CORBA/IIOP communications).
User authentication - to let users identify themselves only once to gain access to many systems.
System authentication- ensure that systems(hosts) identify themselves to other systems in a distributed environment.
Common Object Request Broker Architecture
C O R B A
MEASURES TAKEN Authentication Message Protection (Encryption) Access Control Audit Non Repudiation
* There are some security aspects that are out of the scope of CORBA
spec such as
Denial of service caused due to flooding Traffic analysis as
Common Object Request Broker Architecture
Where exactly should the security measures be
taken?C O R B A
Various Layers of security in CORBAC O R B A
C O R B ACommon Object Request
Broker Architecture
Authentication
C O R B A
User sponsor - user loginUser login program (user ID , password)Principal authenticator creates the
credential object Current - represents the current execution
context (accessed by target and client ORB)
Common Object Request Broker Architecture
Authentication
C O R B ACommon Object Request
Broker Architecture
Message Protection(Encryption)
To scramble the data so that outsiders cannot read it
Encryption methods depend on the varying degrees of performance/protection tradeoffs
Requests and responses are to be protected from Integrity - to prevent undetected, unauthorised modification of
messages and to preserve the order of the messages this is done thru cryptographic checksums and sequence numbers
Confidentiality - to ensure that messages have not been read in transit
this is done thru encryption techniques
C O R B ACommon Object Request
Broker Architecture
Security Context Establishment
C O R B A
Security associations is binding last for several requests i.e. once a caller and target trust each other
Secure Invocation checks bindingSecure invocation creates Vault Vault creates the security context objectVault establishes security association
Common Object Request Broker Architecture
C O R B A Common Object Request Broker Architecture
Authorization and Access control
C O R B A
After client authentication there are two types of access control Application level access control for security aware
applications where both the client and target object call Domain Manager which in turn calls policy objects in enforce local access policies
ORB access control for both security aware and security unaware applications where is access control is built into the ORB and cannot be bypassed. ORB calls Client Access decision objects from security services to implement required rights according to the access policy.
Common Object Request Broker Architecture
C O R B A Common Object Request Broker Architecture
Auditing
C O R B A
There are two categories of audit policies System audit policies
Records results of system related activities• like authentication, privileges, success or failure of
authorization - these are enforced automatically Application audit policies
Records results of application related activities• we can select events audited by -
– object type or object– operation– time– principle attributes– success or failure of an operation
Common Object Request Broker Architecture
C O R B A Common Object Request Broker Architecture
Non Repudiation
C O R B A
Provide an irrefutable evidence for an claimed action or event
Give the sender proof of receipt The target calls NRCredentials objects and generates the
evidence - proof of receipt and is sent to the client with the response.Client verifies evidence called by client to check the proof of receipt.
Give the receiver with proof of origin The client calls the NRCredentials object and generates
the evidence which is then sent to the target .Target calls the verify evidence operation of its NRCredentials object
Common Object Request Broker Architecture
C O R B A
Questions and Comments?
Common Object Request Broker Architecture