Über die Autorin bzw. den Autor

Anirban Chakrabarti holds a PhD degree from the Department of Electrical and Computer Engineering, Iowa State University in Dec. 2003. Currently he works as a Senior Research Associate in the Grid Computing Focus Group in Software Engineering Technology Labs (SETLABS) of Infosys Technologies, India. In Infosys he is working on the virtualization techniques in the Grid Computing area. In Grid computing his main interests lie in security, manageability, workflow management, and application engineering issues. He is also interested in research in the areas of Internet infrastructure encompassing security, routing and multicasting.

Dr. Srinivas Padmanabhuni is a Principal Researcher at Software Engineering and Technology Labs (SETLabs) in Infosys Technologies Limited, Bangalore, India. He heads the Web Services and SOA centre of excellence in SETLabs at Infosys. Dr. Srinivas specializes in Enterprise Security, Web services, Service Oriented Architecture and Grid technologies alongside pursuing interests in semantic web, autonomic computing, recovery oriented computing, intelligent agents, and enterprise architecture. He is on editorial board of international journals, and has served on program committees for several international conferences and workshops including ICWS (International Conference of Web Services), PricAI (Pacific Rim International Conference on AI), NWeSP (International Conferenceon Next Generation Web Services Practices).

Von der hinteren Coverseite

How to solve security issues and problems arising in distributed systems.

Security is one of the leading concerns in developing dependable distributed systems of today, since the integration of different components in a distributed manner creates new security problems and issues. Service oriented architectures, the Web, grid computing and virtualization – form the backbone of today’s distributed systems. A lens to security issues in distributed systems is best provided via deeper exploration of security concerns and solutions in these technologies.

Distributed Systems Security provides a holistic insight into current security issues, processes, and solutions, and maps out future directions in the context of today’s distributed systems. This insight is elucidated by modeling of modern day distributed systems using a four-tier logical model –host layer, infrastructure layer, application layer, and service layer (bottom to top). The authors provide an in-depth coverage of security threats and issues across these tiers. Additionally the authors describe the approaches required for efficient security engineering, alongside exploring how existing solutions can be leveraged or enhanced to proactively meet the dynamic needs of security for the next-generation distributed systems. The practical issues thereof are reinforced via practical case studies.

Distributed Systems Security:

•Presents an overview of distributed systems security issues, including threats, trends, standards and solutions.

•Discusses threats and vulnerabilities in different layers namely the host, infrastructure, application, and service layer to provide a holistic and practical, contemporary view of enterprise architectures.

•Provides practical insights into developing current-day distributed systems security using realistic case studies.

This book will be of invaluable interest to software engineers, developers, network professionals and technical/enterprise architects working in the field of distributed systems security. Managers and CIOs, researchers and advanced students will also find this book insightful.

Aus dem Klappentext

How to solve security issues and problems arising in distributed systems.

Security is one of the leading concerns in developing dependable distributed systems of today, since the integration of different components in a distributed manner creates new security problems and issues. Service oriented architectures, the Web, grid computing and virtualization – form the backbone of today’s distributed systems. A lens to security issues in distributed systems is best provided via deeper exploration of security concerns and solutions in these technologies. 

Distributed Systems Security provides a holistic insight into current security issues, processes, and solutions, and maps out future directions in the context of today’s distributed systems.  This insight is elucidated by modeling of modern day distributed systems using a four-tier logical model –host layer, infrastructure layer, application layer, and service layer (bottom to top). The authors provide an in-depth coverage of security threats and issues across these tiers. Additionally the authors describe the approaches required for efficient security engineering, alongside exploring how existing solutions can be leveraged or enhanced to proactively meet the dynamic needs of security for the next-generation distributed systems. The practical issues thereof are reinforced via practical case studies.

Distributed Systems Security:

•Presents an overview of distributed systems security issues, including threats, trends, standards and solutions.

•Discusses threats and vulnerabilities in different layers namely the host, infrastructure, application, and service layer to provide a holistic and practical, contemporary view of enterprise architectures.

•Provides practical insights into developing current-day distributed systems security using realistic case studies.

This book will be of invaluable interest to software engineers, developers, network professionals and technical/enterprise architects working in the field of distributed systems security. Managers and CIOs, researchers and advanced students will also find this book insightful.

Auszug. © Genehmigter Nachdruck. Alle Rechte vorbehalten.

Distributed Systems Security

John Wiley & Sons

Chapter One

1.1 Background

In the 1960s, the great science-fiction writer Isaac Asimov predicted a future full of robots, protecting and sometimes controlling human destiny. Fifty years later, a human-like and all-purpose robot still remains a dream of the robotics research community. However, technological progress in the last couple of decades have ensured that human lifestyle, human interactions and collaboration patterns have changed so dramatically that if anyone like Asimov had written about today's world 50 years back, it would have seemed like science fiction. If we compare the interaction and collaboration patterns of today with those of a decade back, we will find stark differences between the two. E-mails, blogs, messengers and so on are common tools used nowadays which were unknown ten years ago. People seldom stand in a queue in a bank; automated teller machines (ATMs) have become an essential commodity. Similarly, credit cards have taken over from cash and cheques as the new mode of transaction. Internets have become the de facto source of information for millions of people. The new technologies have redefined the ways in which interaction and collaboration between different individuals take place, which in turn are creating a new social-interaction methodology. For example, English is fast becoming a lingua franca for the technical community across the world and the interactions of that community are redefining the English language in a significant way. In addition, geographical and cultural borders are slowly disappearing as social networking sites like Orkut, Facebook and so on change the ways people interact. Similar changes are also taking place in the enterprise-computing scenario. Until recently, application developers could safely assume that the target environment was homogeneous, secure, reliable and centrally-managed. However, with the advent of different collaborative and data-sharing technologies, new modes of interaction are evolving. These evolutionary pressures generate new requirements for distributed application development and deployment. Enterprises are now witnessing increasing collaboration and data sharing among the different participating entities, resulting in the need for and use of distributed resources and computing. Another important element that has increased the complexity of IT operations is the need for integration of different applications, with middleware developed in different platforms and by different vendors. We are also seeing a spurt of mergers and acquisitions which require integration of technologies across enterprises. Moreover, the enterprises are outsourcing the nonessential elements of the IT infrastructure to various forms of service provider. The technologies that have transformed the world so significantly fall under the bracket of distributed computing technologies.

Distributed computing technologies follow a similar pattern of interaction, where disparate and sometimes heterogeneous systems interact with one another over a common communication platform. Initiated by the academic and research community to fulfill the need to connect and collaborate, slowly this technology was adopted by enterprises. Finally, enterprises and user communities cannot live without some application of distributed computing. However, with the widespread adoption of distributed computing, experts are pointing out security issues that can hurt the enterprises and user communities in a huge way. Analyzing the security issues and solutions in distributed computing is not simple as there is a need to identify the interactions between different layers of the distributed computing environment. Different solutions exist and it is necessary to identify the different layers of the distributed computing environment and analyze the security issues in a holistic manner. This book is an effort in that direction.

1.2 Distributed Systems

Distributed systems involve the interaction between disparate independent entities, bounded by common language and protocols and working toward a common goal. Different types of distributed systems are found in real life. One of the biggest and perhaps the most complex distributed system is human society itself. In the digital world, the Internet has become a very important distributed environment for everybody.

1.2.1 Characteristics of Distributed Systems

If we look at any distributed system, for example the Internet, there are several mandatory characteristics, in addition to `good-to-have' or desirable characteristics. Mandatory characteristics determine the basic nature of distributed systems, such as having multiple entities, heterogeneity, concurrency and resource sharing.

(1) Multiple entities: One of the key characteristics of a distributed system is the presence of multiple - in many cases a great many - entities participating in the system. The entities can be users or subsystems which compose the distributed system.

(2) Heterogeneity: Another key characteristic is the heterogeneous nature of the entities involved. The heterogeneity may lie in the type of system or user, underlying policies and/or the data/resources that the underlying subsystems consume. The heterogeneity of distributed systems can be best observed in the Internet, where multitudes of systems, protocols, policies and environments interact to create a scalable infrastructure.

(3) Concurrency: Another important characteristic that distinguishes any distributed system from a centralized one is concurrency. Different components of distributed systems may run concurrently as the components may be loosely coupled. Therefore there is a need to understand the synchronization issues during the design of distributed systems.

(4) Resource sharing: Sharing of resources is another key characteristic of distributed systems.

In addition to the above mandatory characteristics, there are several desirable characteristics for a distributed system.

(1) Openness: A desirable characteristic for a distributed system is openness of the underlying architecture, protocols, resources and infrastructure, where they can be extended or replaced without affecting the system behavior. If we look at the Internet, this issue is nicely handled through the use of open standards: we can see the interplay between different protocols, standards, infrastructures and architectures without affecting the activities of the Internet as a whole.

(2) Scalability: One of the key motivations for going from a centralized system to a distributed one is to increase the overall scalability of the system. Hence to have a highly scalable system is desirable in any form of distributed system.

(3) Transparency: Another desirable characteristic is to have transparency in the operation. From the user's and the subsystem's point of view, the underlying systems should be transparent. Primarily, transparency can be of two types - location transparency and system transparency. The first type talks about the need to be transparent regarding the location disparity between different systems. The second talks...