The Importance Of Security In Distributed Systems Information Technology Essay
The total number of computer systems installed within any organization has been increasing at a phenomenal rate. The relative ease of installing and utilizing computer applications is a compelling reason for connecting computer systems together and distributing or sharing the work. These distributed systems allow you to take better advantage of the vast array of processing power now available.
Distributed computing probably means many different things to many different people. To some, it means client or server, it is cooperative processing and to still other, it’s using a distributed database. Further explanations and definitions may be required to ensure that everyone has a common view and understanding of a distributed computing system. When referencing a distributed computing system, every user should be able to see the same thing. A distributed computing system is composed of system elements which are then distributed across different processing platforms connected by a network.
In this paper, have 10.0 Section. Each of the section will describe. Section 2.0 is about Distributed System. Section 3.0 is about Threat of distributed System. Distributed System Security will describe in Section 4.0. The next Section 5.0 is about Distributed System Security Mechanism. Distributed System Security Architecture will describe on Section 6.0.We can know about Distributed System Requirements in Section 7.0. In Section 8.0, we can know Factors Affecting Distributed System Security. Contribution in the security, we can see on Section 9.0 and finally Section 10 concludes this paper.
Distributed System
Today, computers are not stand alone units. Several computers are being networked together to form large computer systems. Not only are computers being network, but they are being networked into large distributed systems where each individual computer, node if you will, can make use of the applications distributed throughout the system (Dobry& Schanken, 1994).
Study on the formal specification of authorization has become a major challenge in the current development of secure computing and IT systems (Yun, 2008).
Figure 1. Authorization (Access control) in a distributed environment.
Consider a distributed environment as shown in Figure 1, in which different users can access various resources through the network (Internet).
Therefore, from the definition above, it indicates how an organization can benefit from using the distributed system as shown below:
Resource sharing
It is possible to use different types of hardware, software or data wherever in the system hence reduce unnecessary costs related with the tools. Also it supports resource sharing model that describes the way resources are provided, the way they are used as well as the way provider and users interact between each other. There are more benefits such as through search engines and computer based working were different information can be shared in inexpensive and easy way.
Concurrency
Several processes can take place at the same time while components access as well as update any of the shared resources including databases. The important thing is that concurrent updates must be coordinated in order to maintain integrity of the system.
Openness
It allows detailed interfaces of components to be published and supports the integration of new components with existing once.
Scalability
The system is capable of accommodating changes in case of increase number in of users and resources it should be able to respond faster. This can be done by adding a number of processors with high speed to the system. Therefore the architecture and implementation must be flexible enough to allow it.
Fault tolerance
Distributed systems are capable of operating correctly even if there maybe some defects within the system (internal errors) for the purpose of increasing system dependability within an organization o a business.
3.0 Threat of Distributed Systems
There are different threats when distributed system is concerned, as any networked computer system can face it. It is important to implement countermeasures for all expected threats for the purpose of the system to remain constant and cost effective. Those threats can be distinguished depending on their interaction as follows below:
Denial of service
Involves attacks that affect the availability of information from the system to the user resulting to paralysation of the entire operation of an organization or part of activities depending on the attack. The use of resource control mechanism can help in solving the above problem by applying timing responses, sizing responses, and connection control. Also problem detection by timing latency in system can easily be done if there is a dramatic increase of latency then denial of service (DoS) can be detected as well as addressed.
Information leakage
Is one of the threats of computer system specifically distributed systems where sensitive information can easily be revealed to unauthorized users that results to lack of confidentiality.
Unauthorized access
This can occur due to the reason that the physical configuration is not strong enough to protect such threats from accessing the system (distributed system). This is known as inter process communication threats. There is a need to for an organization that is willing to implement access control system to keep in mind three things which are models, access control policies as well as mechanisms (Krause & Tipton, 1998). Access control policies will enable organizations to be able to specify different ways that will lead to proper management of access to resources as well as information which are the valuable assets of an organization.
Distributed System Security
The objective of any security system is the ability to keep a secret. This is as true automated systems as much as it is for people. It is as important to keep the information secret when it is stored as well as when it sent over a network. A secure system is the one that can be trusted to keep secret, and important word is “trusted”. Trusts can be defined as a confident reliance on the integrity, honesty or justice of another. Trust refers to the ability of the application to perform actions with integrity and to perform its functions on a continuing basis.
However, individuals, governments and institutions such as banks, hospitals and other commercial enterprise will only consign their secrets to a computer system if they can be absolutely certain of confidentiality (Randell & Rushby, 2007).
The security architecture incorporates elements to safeguard the confidentiality of information and ensure that all access to the computing resources is authorized and authenticated. Defined security architecture can be used to ensure the design of applications and systems will meet the required security objectives. The architecture will help guide decisions between systems and across platforms and ensure all of the systems meet a standard minimum level of security.
Nevertheless, the security still has some problem. For example, the problems of maintaining security are compounded because the sharing of secrets is generally desired but only in a tightly controlled manner. In case, an individual can choose other individuals or groups with whom he wishes to share his private information (Randell & Rushby, 2007). This sharing is called discretionary security because it is permitted at the discretion of the individual. The trusted portion of a secure system is normally identified with a small operating system nuclear. The name is a security kernel. It is the rest of the operating system and all applications and user programs belong to the un-trusted element. However, certain difficulties attend the use of such kernelized systems.
In the part of the structure of all secure systems constructed or designed recently has been influenced by the concept of a reference monitor (Randell & Rushby, 2007). A reference monitor is a small, inaccessible, reliable mechanism that controls the behavior of un-trusted system elements by mediating their references to such external entities as data and other un-trusted elements. Each access is checked against a record of the accesses that the security policy authorizes for that element.
Distributed System Security
Mechanism
Cryptography
The security of information transmitted from one node to another is questionable, therefore there is a need of using a proper method of transforming it into unreadable formats (secrets writing) through cryptography. The use of a single key or public key cryptographic algorithm which is suitable for protecting message content by hiding information carried by a packet during the transmission process. This can be accomplished using RSA or AES algorithms.
Authentication protocol
Provides a series of communication procedures between users of the system and the server for the purpose of securing the communication process.
Access control mechanism
This can be done using access control lists (ACL) that consists of a list related to an object that states all the subjects that can be allowed to access the object, as well as the rights to the object. ACL normally are implemented directly or as an approximation in recent Operating systems
Distributed System Security Architecture
The OSI Open system interconnection Reference model is often used to depict largely of distributed system architecture for it has the ability to describe various levels of service essential to support distributed transactions. Autonomous computer systems and their processes intercommunicate through the first four levels of OSI-RM.
Middleware is considered as the bridge used to connect distributed applications across different physical locations, with different hardware platforms, network technologies, operating systems, as well as different programming languages
In order to design, maintain and utilize the computational services offered by the distributed system, it is suitable to use abstraction of the distributed system physical architecture (Donnelly. 1979). The abstraction views the distributed system as a collection of processes that normally communicates with each other in the process. Processes communicate by passing messages; there if two processes communicate it means the communication is done over communication channels.
7.0 Distributed System Security
Requirement
There are many requirements of distributed system security that focus on the area of IT security criteria. That is the development of protection profiles. The protection profile is meant to describe requirements that must be met to achieve varying levels of security. These requirements presented component, categorized or relating to assurance. For example, trusted recovery is the components that refer to functions that respond to anticipated failures or discontinuity in operations (Dobry & Schanken, 1994).
Following a system failures the system must be able to recreate the Trusted Computing Base (TCB) secure states. Failure from which the system must be able to anticipate and securely recover include action that fail to complete because they detect exceptional conditions during their operations. The distributed system must be competent of recognizing failures in which of its components. This is because the overall TCB is a discontinuity in the protection provided by them. Another example is cryptography. The cryptography is a method of securing of information that has the components to establish the guidelines for using cryptography to secure the paths between nodes. Encryption and decryption performance of the system is the factor of the confidentiality and integrity of data communications .So, several different types of encryption may need to be used depending on the user’s environment.
Although, there have several requirement of distributed system security such as trusted recovery, trusted path, security management and etc. They already have new concepts required to secure the connections between the various products that comprise the distributed system need to be included. A distributed system is one of the first implementations for be secure, must not only make use of traditional computer security concepts but have to utilize communication security concepts as well.
Factors Affecting Distributed System Security
There is a need to analyze and identify the factors as well as issues related to trustworthiness of services provided by distributed systems apart from network topology and node evaluation. These factors includes distributed system physical security environment, interactions between different security mechanisms and distributed system management structure, are very important and relevant compared to network topology and node evaluation levels. Below is more information concerning the factors mentioned above.
Physical security
There are some differences that occur in a distributed system’s physical environment such as those that occurs due to the reason that the elements/components of a distributed system are located in different location which is the result of changes overtime in its environment.
Jurisdiction authorities
The wide spread heterogeneity in the physical security environment is the result of the process of administering a distributed system by multiple jurisdiction authorities due to the types of mechanisms supported.
Interaction between security mechanisms
In distributed system nodes are from different manufacturers, families of a single manufacturer, different versions which results into different security mechanism. In case stand-alone system or distributed systems that may be using different discretionary access control mechanisms are interconnected for the purpose of forming a single distributed system then it brings danger (Anderson. 1985). The interactions between different policies implanted in trusted subjects running in different nodes bring dangers to the system.
Contribution
The analysis presented in this paper was mention distributed system security that is a computer security architecture that provides a suite of functions including login, authentication, and access control in a distributed system to differ from other similar architectures. The distributed system security includes many applications that can help the system to protect to failure network. Therefore, this paper is suitable for individuals, governments and institutions such as banks, hospitals and other commercial enterprise that they would like to know the information of distributed system security.
10.0 Conclusion
Distributed system security is fundamentally more complex than stand-alone system security. Current computer security concepts assume that trusts is assigned to a distributed system element on the basis of viewpoint. This security mechanism for distributed file systems solves many of the performance and security problems in existing systems today.
Order Now