Security

1
Security

• Distributed Systems
• Lecture 14

2
Why care about security?

• Authentication
• Use another persons ID for sending email
• Non-repudiation
• E-commerce
• Spoof credit card number
• Replay card transactions
• Sniff information
• Monitor the number of transactions or
  stock-trades
• Denial of Service
• Malicious software

3
W32.Blaster.Worm

• Distributed Denial of Service
• Blaster Worm replicated itself on 120,000
  computers worldwide
• On August 11, 2003 Microsoft update server was
  pelted with DDOS
• Lost out at name indirection
• Microsoft removed the DNS entry of
  windowsupdate.com

4
What we want to achieve

• A secure system must ensure privacy, integrity
  and availability of resources
• What constitutes a secure system?
• What do you think? Policy
• How the system implements it Mechanism
• Design Principle Dont overdo security!
• Tension between usability and security

5
A snapshot of a distributed system
Spoofing/sniffing Tampering Replaying
Illegal Access Password hacking
Illegal Access Denial of service Virus Byzantine
failures
6
Design space

• Networks are insecure
• Interfaces are externally visible
• Names are well-known

7
Security Threats

• Masquerading Using someone elses ID
• Eavesdropping Spoof data
• Tampering Spoof and modify data
• Replaying Sniff and replay
• Denial of Service Hoard available resources

8
Common techniques for security

• Encryption
• Sender identity?
• Message integrity?
• Signatures non-repudiation
• Checksums integrity
• Authentication access control
• Time-stamping replay attacks
• Logging traceback

9
Code level security

• Pointers
• Turing completeness
• Modularity
• Type checking
• Code validity

10
Design Principles

• Analyze Threat level
• Typically lazy/silly users
• Minimize Trusted kernel
• Log events
• Limit the scope and time of security tokens
• Publish algorithms
• Security by tokens

11
(No Transcript)