New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Design Factors For Distr Sys

by: Lizeth Hegmann

Design Factors For Distr Sys ECE 6800

Lizeth Hegmann
GPA 3.61

Bradley Bazuin

Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Bradley Bazuin
Class Notes
25 ?




Popular in Course

Popular in Engineering Electrical & Compu

This 107 page Class Notes was uploaded by Lizeth Hegmann on Wednesday September 30, 2015. The Class Notes belongs to ECE 6800 at Western Michigan University taught by Bradley Bazuin in Fall. Since its upload, it has received 43 views. For similar materials see /class/216790/ece-6800-western-michigan-university in Engineering Electrical & Compu at Western Michigan University.

Similar to ECE 6800 at WMU

Popular in Engineering Electrical & Compu


Reviews for Design Factors For Distr Sys


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 09/30/15
Department of Electrical and Computer Engineering Cullewe Engineering and Applied Ecimuzes E i i i i i ii i i ECE 680 Design Factors for Distributed Systems SSH Chapter 10 Dr Bradley J Bazuin Western Michigan University College of Engineering and Applied Sciences Department of Electrical and Computer Engineering 1903 W Michigan Ave Kalamazoo MI 490085329 Chapter 10 Interfacing Systems Protocols and Standards 101 Chapter Objectives 102 Protocols for Distributed Systems 103 Layered Protocols 104 OSI Conceptual Model 105 Some Interfacing Alternatives 106 Standards 1061 Standards Organizations Related to the United States 107 Data Exchange Standards 108 Data and Information in the World at Large 1081 Security and Encryption 1082 Computerized Databases for Well Structured Data 1083 An Example of Computerized Technical Databases and Metadata ECE 680 109 Summary and Comments Layered Protocol Generic protocol level structure Implementation Strict nearest neighbor k adjacent level knowledge Similar levels in both transmit and receive paths Identical not required Unambiguous resolution is required ECE 680 Level N l Level N 2 Level 1 Information System Physical Transport Level N 1 Level N 2 Level 1 Standard Layered Protocols 1 Layers interfaces and protocols in the 081 model Application protocol Application quot 7 Presentation 6 Session 5 Trans ort rotocol Transport quotquotquotquotquot quotR39Jz quotquotquotquotquotquot quot 4 Netng pIQEQQQL Network 3 D t ir13p19t999 Data link 2 Ehrsigal prgtqwquot Physical 1 ECE 680 Network mm m n Fig 104 The OSI Layer Model Application layer Originator Inal receiver of transmitted data Presentation layer Seislnn Encryption format conversion often not present Session layer Nelwo k Establish maintain termmate session l hyslcal l hyslcal Transport layer Packetizes data assures all packets are received in order of 39 sion transm Is Requests retransmission of lost New data rmquot Rem Network layer Formats packets for the LAN oves LAN info at destination Data link layer Final preparation for transmission Low level synchronization and flow control Physical layer Wiring transmitting and receiving Signaling V The OSI Layer Model Cont d Applmmmn l rampm l hyiiral qudt ml AMI Layered Protocols 2 Data link layer header Network layer header Transport layer header Session layer header Presentation layer header if VF Application layer header l l l l Message Datalink layer trailer v Bits that actually appear on the network E CE 680 7 Fig 109 The TCPIP Protocol Stack Functionality TCPIIP functionality TanP model osx modal Erma me Lransier remote mg en Domam name Servine ESVHMML malntanx venmnate SESMOH Tr Bm S U Create datagmms xa ets Lm39m P39UmCD Ensure re e sequem u packer delwery TIP Supme my lhp e sowum 1mm mess ervdrmrend namely servme MAC addvessmg and mng m nemamn Fmngva datagvams as needed pmm Network Dala mx LOLdITalk onueummess mermp dehvery service J ATM and Internet Protocols M Denna andV recordA Integrated Senmes and Apphcauonsquot PROCEEDJNGS OF THE EEEE VOL 85 NO 12 DECEMBER 1997 P 188771914 M Mmmgumm I39an A HlIll1lIlmn Layers L gtquot ATM 1 4lumummueuwm r 7 mm Maul mumm 1 Wm Layer L Fig 4 TM pmwculs Application RTP l DNS ISNMPISMTI Telnex FTP NNTPIHTTP Irmpm Um39 TCP 1Pv4lfv6 Network Unicasl Mlxllicaxl PFKSLIP mm ms AALS quotEmquot Elhrmek Frame PSTquot 1591 Tnkenlliua Relay quotM ECE 680 Fig8 lntemet pmmcuh Middleware Protocols Application Middleware Transport Network Data link Physical ECE 680 Application protocol Trexr1 r29rijzrltzts99l NQMQLK prgtq99 D t ir1spr9t999L Eh igalprgtqqql Network Including the information system level ECE 680 SSH Modi cations to 081 Ultimate User Information System Levels Information and Data Services Application User Oriented Presentation Syntacnc ser Interfacrng Session End to End TWISPO Connection Oriented Net ork Network Transport Services Data Link Point to Point Link Oriented Physical Interfacing Foreign Systems Special Purpose Interfaces Standardized Format Interfaces Centralized Translator System 1 Neutral or Common Database System 6 System 5 System 2 System 3 Data Transport Network System 4 ECE 680 12 Centralized Interface A network service System 6 System 5 System 1 Data Tran aport Network Interface Machine 01 System System 4 ECE 680 13 System 2 System 3 Neutral Database System Data restructured by individual systems or by a centralized system System 1 Database usually located at a central point ECE 680 System 6 System 5 Data Tran spOI t Network System 2 System 3 System 4 14 Standards A prescribed set of rules conditions or requirements concerning de nition of terms classi cation of components speci cation of materials performance or operations delineation of procedures or measurement of quantity and quality in describing materials products systems services or practices from 1979 National Policy Standards for the United States Area Standards Acceptance Communications Wide spread Computers speci c areas industry reluctance Operating Systems Distributed OS ECE 680 user directed MS vs Linux none Classes of Standards Voluntary Regulatory Regulatory Use of Voluntary Standards Organizations ITU ISO ANSI IEEE NIST FCC ECE 680 Data Exchange Standards Passing data between two or more systems The data may be structured differently in each system Data Exchange Standard Semantic Model Specification Mapping syswm 2 Function 39 Mapping Function Proprietary System 1 Schema Physically Encoded Data Import Proprietary Schema Import Export Internal Database Export Internal Database Standards De ne a mutually agreed upon semantic model Develop mapping functions between semantics model and ECE680 the internal database STEP What is STEP a m m anu uu Eu 4 TFP is a pan 39 n 10303 Indusu izl 39 TC184SC4 Indus ial data wm 39 39 39 39 DJ 39 m rpm Pnh nn 1 777 and General Mmors exchange of pan designs u im ixs suppliers ECE 580 ha cicnist ov lantste st infost defth 18 Data and Information in the World at Large Security and Encryption Encryption Security and Access Control Computerized Databases for WellStructured Data What should be in an online database Technical Databases and Metadata Engineering and Science Data is easier What about Law Politics Economics Medicine etc ECE 680 E CE 680 Content Standard for Digital Geospatial Metadata amtmm um elemean Ihe major um nfmeladnla are a mumum 1m urgamzauun s Imem di mmmcm m geumml dmi uid brokem39 and 2m cxemai sumac i k I lnesx for use 7 data needed in deenmnc ifn set ui dma meets a Speci c need m 7 data needed 0 acquire an Identi ed nfiiut d transfer data needed in prune And use a an of dam m m qi me am element wiil um be the wine for all men Metadata Ad Hoc Working Group Federal Geographic Data Committee 20 FGDCSTD0011998 Summary A Central Issue Establishing Protocols and Standards Know their limits they are not perfect so don t expect too much Expect slow introduction and acceptance Proprietary and patent rights in uence decisions and decision makers Industry can experience high gain and loss proprietary vs open standard competition There is little or no basic research therefore there is not usually signi cant academic involvement low payoff little credit difficult work high risk ECE 680 21 Security Chapter 9 Andrew S Tanenbaum Distributed Systems Principles and Paradigm Prentice Hall 1st edition 2002 ISBN 0130888931 Security 91 INTRODUCTION TO SECURITY 911 Security Threats Policies and Mechanisms 912 Design Issues 913 Cryptography 92 SECURE CHANNELS 921 Authentication 922 Message Integrity and Con dentiality 923 Secure Group Communication 924 Example KERBEROS 93 ACCESS CONTROL 931 General Issues in Access Control 932 Firewalls 733 Secure Mobile Code 934 Denial of Service 94 SECURITY MANAGEMENT 941 Key Management 942 Secure Grou Management 943 Authorization Management 95 SUMMARY Introduction Security may be the most important and most dif cult principle for distributed systems A single desiun aw with resl ect to securitd mad render all security measures useless Security Mechanisms implement Security Policies You should understand both policies and mechanisms Introduction 2 Security in Distributed Systems may be roughly divided into two parts Communications using secure channels Authentication message integrity and con dentiality Authorization access control issues Concerns Con dentiality disclosed only to authorized parties Integrity alterations only in an authorized way General Issues Threats Policies Mechanisms Types of Security Threats Interception Unauthorized access Ease dropping Interruption Data or transfer lost Denial of service attacks Modi cation Unauthorized changes Tampering Fabrication Additional data Spoo ng Security Policy The security policy establishes the security requirements for a system Based on the real possible andor perceived security threats Describes What is allowed or not allowed and the actions to be taken 1n response to securlty threats Build What is necessary not more Cost Time The perfect system does not exist and even the de nition is continuously changing The security mechanisms selected will be used to implement the security policy Security Mechanisms Encryption Implement con dentiality Check data for modi cation the integrity of the communications channel Authentication Verify the identity of the user Provide a challenge with a required response Authorization Is the requested action allowed Auditing Trace client accesses Logs are used for analysis of security breaches and attacks Example Globus Security Architecture Globus largescale distributed computation support 9 39quot Policy for a computational grid Security Policy Statements The environment consists of multiple administrative domains Local operations are subject to a local domain security policy only Global operations require the initiator to be known in each domain Where the operatlon 1s carrled out Operations between entities in different domains require mutual authentication Global authentication replaces local authentication Controlling access to resources is subject to local security only Users can delegate rights to processes A group of processes in the same domain can share credentials r N L 4 v Fquot gt1 9 Example Globus Security Architecture The enviromnent consists of multiple administrative domains Local operations are subject to a local domain security policy only Global operations require the initiator to be known in each domain where the operation is carried out Operations between entities in different domains require mutual authentication Global authentication replaces local authentication Controlling access to resources is subject to local security only Users can delegate rights to processes A group of processes in ame domain can share credentials Protocol 3 Allocation of a resource Proxy creates by a process in remote domain process Domain Domain 7 Resource proxy Process Process 7 Resource proxy Local security policy and V mechanisms V Process Process Local security policy and mechanisms Globaltolocal mapping of le User must be known in domain Globaltolocal mapping of le Protocol 4 4 Making user known in remote domain child process Protocol 2 Allocation of a resource by the user in a remote domain Protocol 1 Creation of user rox Domain p y Design Issues Focus of Control What needs to be controlled for protection Layering of Security Mechanisms On which level should security mechanisms be placed Distribution of Security Mechanisms Creating a trusted computing base TBC Centralized or distributed mechanisms Simplicity Keepitsimpie hlSS LU reduce complexity If it s hard to describe Will anyone trust it Would you Focus of Control Data is protected against Data is protected against wrong or invalid operations unauthorized invocations r a r Object r f r Invocation Method a b Three approaches for protection against security threats a Protection against invalid operations data Data is protected by checking the role of invoker C b Protection against unauthorized invocations access control 0 Protection against unauthorized users individuals and roles Layering of Security Mechanisms 1 The logical organization of a distributed system into several layers Application Application Middleware Highlevel protocols Middleware 08 Services 08 Services ransport Transport 08 kernel Network Network 08 kernel Lowlevel protocols Datalink Datalink Hardware physical physical Hardware Network If you trust the security services of a lower layer What more is required by the higher layer Are there levels of trust that might lead you to provide additional security 12 Layering of Security Mechanisms 2 Several sites connected through a widearea backbone service Encryption device Users trus 1 Trust linklevel I trust the encryption device and device S ecurity In anagernent I Encryptdecrypt at SMDS routers provide link 2 Do not trust linklevel level trust I Use Secure Sockets I All other security handled inside the sites Layer With TCO and do 13 it yourself SMDS Switched Multirnegabit Data Services I A datalink level backbone connection service Layering of Security Mechanisms 3 Several sites connected through a widearea backbone service Encryption device SMDS 0 Users 1 Trust linklevel I trust the encryption device and device management No more security for messages required 2 Do not trust linklevel security I Use Secure Sockets Layer with TCP and do it yourself I Trust the SSL implementation 14 Trusted Computing Base A TCB is the set of all security mechanisms that are needed to enforce a security policy and that need to be trusted The TCB depends on the combination of all layers in a distributed systems Security services at one layer can only be trusted if and only if the service relied upon at lower levels to be secure are indeed secure If a le server is built on to of an OS the OS must be trusted and secure If an application is built on top of middleware the middleware must be trusted and secure Ultimately this may result in the inclusion of all lower levels and the requirement for a trusted and secure distributed operating system Distributed Security Approaches Separate security services from other types of services and allow them to be distributed For example isolate the secure server to a single machine with trusted OS and other services Effectively reduce the sizeextent of the required TCB to a small number of machines and software components The concept of security vaults or safes to protect items that require security Reduced Interfaces for Secure System Components RISSC Prevent clients and client applications om directly accessing critical services All securitycritical servers are placed on separate machines They are isolated from the enduser systems using a lowlevel secure networking interface Distribution of Security Mechanisms No direct access from other machines V d i Access control i devrce Clients Servers running secured services Unsecured server The principle of RISSC as applied to secure distributed systems 7 The Reduced Interfaces for Secure System Components RISSC approach A Maj or Design Factor Simplicity The goal creating a trusted computing base TCB Simplicity will contribute to the trust that end users will put into the application and more importantly will contribute to convincing the designers that the system has no security holes Using a few simple mechanisms that are easily understood and eX lained he1 s Focus attention dedicated security services logical steps Cryptography 1 Passive intruder Active intruder Active intruder only listens to C can alter messages can insert messages Encryption Ciphertext Plaintext P 4 method C EKP Encryption key EK Decryption method gt Plaintext Decryption ke Receiver Intruders and eavesdroppers 1n commumcatlon Cryptography 2 Notation used in this chapter Notation Description KAaB Secret key shared by A and B K Public key ofA K Private key of A A DKM Elm lt13 mywe E Symmetric Cryptosystem P Asymmetric Cryptosystem P 20 Symmetric Cryptosystems DES 1 64bit blocks of data Initial permutation 64bit blocks of data 32Left and 32Right bits 56bit key V Backstage Li1fRi139Ki f mangler function partially described in text Generate 16 keys Final permutation a b a The principle of the Data Encryption Standard DES b Outline of one encryption round 21 Symmetric Cryptosystems DES 2 56bit key 28bit string 28bit string i i u df K Rotate left Rotate right gt hes roirnd 48bit key Details of perround key generation in DES Breaking DES 39 quotWIN hcml PublicKey Cryptosystems RSA l Generating6 the private and tJamie key quires we steps 1 Choose two very large prime numbers 9 and q 2 Computen luxqandz p 1xq 1 3 Choose a number d that is relatively prime to z 4 Compute the number 6 sucn tnat e x a 1 moa z 1 http world std comfranlcrvptorsagutshtml 2 PKCS 1 V20 RSA Cryptography Standard RSA Laboratories October 1 1998 From httpwwwrsasecuritycomrsalabsnodeaspid2125 23 Rivest Shamir and Adleman 2 Generating the private and public key requires four steps 1 Choose two very large prime numbers p and q 0 p7 6111 Computen pxqandz pi xq71 0 1177 260 Choose a number d that is relatively prime to z 0 d13 Compute the number 6 such that e x d 1 mod 2 0 e37 cl modmfn 1311 modcf n modmodmf my n 1311 2 ml 24 Hash Function MDS From Wikipedia the free encyclopedia In cry A tovra hy MDS MessaVeDivest algorithm 5 is a widely used cryptographic hash function with a 128bit hash value As an Internet standard RFC 1321 MDS has been employed in a Wide variety of security applications and is also commonly used to check the integrity of files However it has been shown that MDS is not collision resistant as such MDS is not suitable for applications that rely on this property An MD5 hash is typically expressed as a 32 digit hexadecimal number Message Digest used for Digital signature or ngerprints Checksums or le integrity Message authentication code 25 Hash Functions MDS 1 128bit constant I Dig V Digest est V I Padded message multiple of 512 bits 512 bits k phases Where k is the number 0f512 bit blocks Message digest The structure of MDS 512 bits Hash Functions MDS 2 128 bit 3 4x32 bit variablespqrs 512 bit gt b0 15 32 bitblocks lterations18 plt pFqrsb0C1 7 slt 5 Fpqrb1 7C3lt 12 rlt rFSpqb2C3ltl7 q qFrspb3C4lt22 plt pFqrsb4C5lt7 SSs1391quot pqr1 39DsIC a12 ir rFSqub6C7ltlt17 q qFrspb C8 22 Iterations 9 16 plt pFqrsb8 0 7 slt s Fpqrb9 C10lt 12 rlt rF5pqb10C11 17 qlt qFrsp bn C13 22 plt pFqrs bmC13 7 1 Slt1SFpqrb13CHltK12 rlt rFSpqb14C15lt qlt qFrSp b15C16 22 Ci are prede ned constants Functions used per each of 4 rounds F G H I For a total of 64 iterations per phase The 16 iterations during the first round in a phase in MDS Secure Channel How to make communications between a client and server secure Authenticate the Parties Establishing communications Insure Message Integrity and Con dentiality Maintaining the channel security against modi cation What about Secure Group Communications Con dential groups Secure replicated servers Using keys Use the highest security key as few times as possible Generate a session key once authentication complete 28 Authentication 1 1 A Authentication based on a shared secret key 7 Bob challenves Alice Alice res onds usinv key 4 Bob validates result to know it is Alice Authentication 2 1 ARA W Authentication based on a shared secret key but using three instead of five messages Alice Bob Authentication 3 1 First session Q i no JSecond session First session The re ection attack 7 Chuck gets Bob to encrypt his own challenge Chuck could care less about Bob s response to his own challenge Authentication Using a Key Distribution Center 1 KA KDC KAB m lt X m 9 m a c a on O D X The principle of using a KDC The KDC generates a session key which can only be decrypted with each individuals key with the KDC 32 Authentication Using a Key Distribution Center 2 Alice Using a ticket and letting Alice set up a connection to Bob Authentication Using a Key Distribution Center 3 KAKDC RA139 B KAB39 KBKDCA KABD 3 KABRA2KBKDCAIKAB lt 4m The Needham Schroeder authentication protocol 7 A nonce a random number that is only used once 7 Attackable if a nonce not used and old key cracked with old Bob Alice copied transmissions Authentication Using a Key Distribution Center 4 1 A Protection against malicious reuse or a preV1ous1y generated session key in the NeedhamSchroeder protocol 35 Authentication Using PublicKey CIyptography Mutual authentication in a publickey cry A tosy stem Bob Alice Message Integrity and Con dentiality Message con dentiality ensures that messages cannot be intercepted nd c 4 ve r Provided by session encryptiondecryption Message integrit means that messages are 1 rotected from modi cation A logical extension of con dentiality but Can the parties at both ends validate the information received Can A verify that B didn t change As message after receipt Can B prove that A really sent a message 37 Digital Signatures 1 Alice39s computer Bob39s computer Alice39s Alice39s private key K Digital signing a message using publickey cryptography Digital Signatures 2 Alice39s computer Bob39s computer m m Hash r functlon l H Hash Alice39s Alice39s function private key 7 public key Compare OK H K T K2 l l Hm KLHm Hm Digitally signing a message using a message digest Session Keys After authentication parties generally switch to a unique shared seson m dentiality Limits use of highsecurity keys eventual compromise Reduce computation time Only use once so key must be immediately computed yrorecr Irom replay attaCKS tumque keys Limit exposure if key is hacked one session only Authentication Keys expensive secure Session Keys cheaper moderately secure 40 Secure Group Communications More than two Ouch Con dential Group Communication All must have the same key 1 key Key pairs for each member nlxn2 keys Public Key Cryptosystem All know public key N key pairs needed Secure Replicated Servers Authenticate all Lose replication transparency Require secret sharing 41 Secure Replicated Services v Server group Client39s computer 39 r1 Q r Hash mdr Hr 1 r3 function S2 quot9 r4 H r5 Sesn er r3sigS3r3 gt sigs1lr1 v m Si9321r2 Decryption AEQKSA sigsslr3 function Server 38 Sig8439r4 f DW 34 96gt sigS5r5 3 Set of three signatures V Select other rV combination Server S5 risOK Sharing a secret signature in a group of replicated servers 42 924 Example Kerberos 1 1 H 2 g KAAS KATGS39 KASTGS A39 KATGS Alice39s workstation 6 KASTGS A KATGS B KATGSG U H 9 AB K KATGS B39 K BTGS A39 KAB Authentication in Kerberos 7 AS Authentication Server 7 TGS Ticket Granting Server 7 t timestamp 43 Example Kerberos 2 1 KBTGS A KAB39 KABt I KABt1 Setting up a secure channel in Kerberos 93 Access Control After a secure channel has been established does the client or proxy have acc gh Authorization The granting of access rights Access Control Verifying the access rights of a process client proxy etc 45 General Issues in Access Control Subject Reference Object monitor Request for Authorized operation request General model of controlling access to objects Access Control Matrix Subject ObjectA Object B Object C A m1 m2 m1 m4 B m2 m3 m1 C m1 m2 m3 D m3 m1 m3 m2 E m1 m2 F One option for the Reference Monitor Access Control Matrix Comparison between ACLs and capabilities for protecting objects aUsing an ACL bUsing capabilities ACL similar to a column of an ACM server control Capability similar to a subject row of an ACM client control Ciient Create access request r as subjects Sit Server Create access request r for object 0 Pass capability C 39 Object 39 it s appears in AOL if r appears in ACLs grant access Server j Object 39 if r appears in C grant access Protection Domains 0 Groups 0 Hierarchical Groups 0 Certificate World 0 Roles Employee Anonymous EmployeeAMS EmployeeNYC EmployeeSF m Dick Kees The hierai uiuvcu U1 summation or pruection domains as groups of users Firewalls Packet Application Packet filtering ateway fllterlng router router Connections Connections to internal to outside networks networks Firewall A common implementatwu w u we mul Secure Mobile Code Code migration must be allowed Detection of modi ed agents or code Controlled access to local resources for code Both Hosts and Mobile Code must be protected from malicious activity Topics Protecting an Agent Protecting the Target 51 Protecting an Agent Agents with owner information initially provide or collected must be protected Full protection is likely impossible but something must be done Designs for detecting modi cations ReadOnly State Data items signed by owner allowing hosts to verify signature Use a signed message digest AppendOnly Log Provide successive checksums encoded with owner s public key Server provide data the server signature of the data the server ID and new checksum including old checksum signature server ID Extract in a backwards processes until done or checksum violated Selective Revealing of State Array entries target to servers using their public keys Array signed by owner to allow detection of tampering 52 Protecting the Target 1 Loaded Class verifier Select appropriate loader Local site Remote site The organmauon w u my a galluuuzx Protecting the Target 2 U t t d d Trusted cede untrusted COde Only trusted code n ms e CO e 5 a mil Sandbox I I Local network Local network Playground a b a A sandbox b Aplayground Code Signing Approach An alternative to sandboxes Require downloadeu code to be able L0 be authenticated A code signature my provide authentication Apply a security policy based on authentication 55 Enforcing Security Policy in JAVA Three mechanisms in JAVA 1 Object References If no object reference is provided the local objects are effectively inaccessible 2 Extended Stack Introspection Enforce a call to enable privi1ege to check for authorization If OK call and then force a return through disable privi1ege pushed onto return stack to guarantee execution Can be automatically called by the JVM interpreter 3 Name Space Management Class loader modi cation that allows names to be resolved to different classes based on where the downloaded program came from If classes implementing resources are not present after name resolution the resource is not available 56 Security Policy 1 oca resources accessible through objects OQOQQWW Reference handed out at loading time U nprotected area Downloaded program The principle of using Java object references as capabilities Security Policy 2 Stack frame 02 disabepriviege Stack frame 01 disabepriviege Stack frame first method call disabepriviege Call enabepriviege Check access rights The principle or stack introspection 94 Security Management Key Management How are keys obtained and stored Secure Gru at management Adding a new group member building trust Authorization Management Attribute certi cates Delegation of access rights 59 Key Establishment Alice Bob picks x PiCkS Y Alice computes Bob computes mod nX gX mod ny gxy mod n gquoty mod n The principle ofDif eHellman key exchange Key Distribution 1 Decryption method Decryption key K Plaintext P Plaintext Encryption key K Symmetric key generator Secure channels with confidentiality and authentication 3 Secretkey distribution Key Distribution 2 Plaintext P Decryption method Plaintext PUbliC Private key K key K7 Asymmetric key generator Secure channel with Secure channel with authentication only confidentiality and authentication b Publickey distribution see also menezesa96 Lifetime of Certi cates Nothing is secure forever Certi cate Revocation List Lease certificates and renew lease before it expires Always check certi cation auLhOI39lLy LU uucck lUl vmluuy authority must always be accessible 63 Secure Group Management G P T KERR KRGHP P1 K31 R N CKGeRP CKGK39GQ KRGN Securely admitting a new Eroup member Authorization Management Establishing initial access lights on a distributed system is signi cantly more dif cult than providing a locally de ned ACL to a new user Assign ACL on every machine in the entire system Use a centralized access server for a distributed system Access every time the user requests resources For distributed systems another approach involves the use of capabilities and attribute certi cates 65 Capabilities and Attribute Certi cates 1 48 bits 24 bits 8 bits 48 bits Server port Object Rights Check A capability in Amoeba 66 Capabilities and Attribute Certificates 2 Proposed Capability new rights Port Object 11111111i 00000001 c i Oneway function Restricted capability i Port i Object i00000001i fC 00000001 i Generation of a restricted capabilibY from an owner capabiluj 67 Delegation 1 Certificate t R t stray t sigrA R straw t i saw access rights public part of secret signature private part of secret The general structure of a proxy as used for delegation Delegation 2 R S roxy 1A KA B SBroxy 92 O m Using a proxy to delegate and prove ownership of access rights Old Text Slides 86 SESAME Components Client39Side components Doman Security Server Serverside components User Sponsor Server Application Client Application Security Manager Overview 0 components in SESAME Privilege Attribute Certi cates PAC SI Field Description Issuer domain Name the security domain of the issuer Issuer identity Name the lquotb in the issuer39s domain Serial number A unique number forthis PAC generated by the PAS Creation time UTC time when this PAC was created Validity Time interval when this PAC is valid Time periods Additional time periods outside which the PAC is invalid Algorithm ID Identifier of the algorithm used to sign this PAC Signature value The signature placed on the PAC Privileges A list of attribute valuepairs describing privileges Certificate information Additional information to be used by the PVF Miscellaneous Currently used for auditing purposes only Protection methods Fields to control how the PAC i 5 used The organization of a SESAME Privilege Attribute Certi cate 72 87 Electronic Payment Systems 1 Payment systems based on direct payment between customer and merchant aPaying in cash bUsing a check cUsing a credit card transfer aceshcheck Creditcard 1 transfer alnstruction Electronic Payment Systems 2 Debit transfer a b Payment systems based on money transfer between banks a Payment by money order b Payment through debit order Privacy 1 Merchant Customer Date Amount Item Merchant Full Partial Full Full Full Customer Full Full Full Full Full Bank None None None None None Observer Full Partial Full Full Full Information hiding in a traditional cash payment 75 Privacy 2 Information Merchant Customer Date Amount Item Merchant Full Full Full Full Full Party Customer Full Full Full Full Full Bank Full Full Full Full None Observer Full Partial Full Full Full Information hiding in a traditional creditcard s stem see also camA 196a 76 O Unblinded unsigned Blinded unsigned Blinded signed 0 Unblindedsigned Ecash Bank Generate coin Sign Verify blinded coin validity O i H Blinding HUnblinding Payer OK 0 V gt1 Receive Payment Payee The pn39nciple of anonymous electronw WU wmb bLnd signatures Secure Electronic Transactions SET 1 orderl payinfoA KAbank pay info K gank KAbank Alice 2 KB1bankaUth39 KgankKB1bank39 KAbank Pay info K gank KAbank 3 KB2bankauth OKbank39 KE KB2bank39 KB3bankCap bank39 KE KB3bank 5 K34bankpaV me B39 KgankKB4bank39 KB3bankcapbank39 Kizankmasbank 6 K35 bank cap OK bank KE K35bank Bob 4 payOK B The different steps in SET bank Department of Electrical and Computer Engineering Culltege EngineeringT and Applied Ecimuzes L E E l ii39lli illf ii r ECE 680 Design Factors for Distributed Systems SSH Chapter 2 Dr Bradley J Bazuin Western Michigan University College of Engineering and Applied Sciences Department of Electrical and Computer Engineering 1903 W Michigan Ave Kalamazoo MI 490085329 Chapter 2 Industrial Technology Trends 21 Chapter Objectives 22 Relevant Computer Industry Trends 23 Relevant Trends in the Communications Industry 24 Summary and Comments 25 Problems Technology a the application of science especially to industIial or commercial objectives b the scienti c method an material used to achieve a commercial or industIial objective American Heritage Dictionary for Windows SSH p 15 Computer Industry Trends 0 Integrated Circuits 0 Computer Advancement Realizing the Potential of Large Multiprocessor Computers Memory management Internal communications 0 There are customeruser opportunities and needs for active multilateral interactions between computer systems ECE 680 Computer Industry Observations and Challenges There has been a continuing increase in performance accompanied by a companion decrease in hardware cost Dramatic Reductions in the size of the logic and memory portions 0 Due to the cost reductions computers are all pervasive in society ECE 680 Additional Computer Industry Observations Companion improvements in software are essential and will play an important role 0 Communications are important at all levels of a computer or information system from the single processor to the multiprocessor to the computer network 0 Memory management is important at all levels of a computer or information system 0 The network and its components more than the node computers often define and determine the performance of a distributed system 0 The open system philosophy is widely accepted 0 The creation of a widely agreed upon set of standards is necessary if the open system concept is to be implemented 0 The major technical and business investment has shifted to the PC or workstation size machine 0 The human component is vital 0 There must be a realization that the merger of a computer viewpoint with that of a communications perspective is necessary ECE 680 Communication Industry Trends The Communication Industry based on historical businesses that provide communications transport and related services common carriers or the phone company 0 The common carriers have digitizing the national network 0 The common carriers are dedicated to using the network to transmit all types of data 0 There is increasing emphasis on mobile communications 0 The communications industry understands that the future emphasis will be on multimedia systems and services 0 Most of the common carriers would like to play a wider role in the information industry ECE 680 Communication Industry Observations The common carriers have been digitizing the national network for more than twenty years The driving forces have been economic and cost savings 0 The digitization of the national network is well underway Complete 0 Fiber optic lines are being widely installed for long lines and trunk services 0 The common carriers are dedicated to using the network to transmit all types of data 0 Communications costs continue to drop less rapidly than computing costs 0 There is increasing emphasis on mobile communications 0 Regulatory and legal actions have resulted in confusion and constraints 0 Governmentsupported programs may be important 0 The communications industry understands that the future emphasis will be on multimedia systems and services 0 Most of the common carriers would like to play a wider role in the information industry ECE 680 Summary Chapter 2 The Computer and Communications Sectors have many common trends and problems Shared Technology 0 The Computer and Communications Sectors have many historical differences and previously regulated divisions Networking considerations Structural assignments Regulations and standards 0 The Computer and Communications Sectors have significantly different cultures Challenge 1 The management of technological change within their own sector Challenge 2 A shift in culture so that they can have a merged View ECE 680


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

Jennifer McGill UCSF Med School

"Selling my MCAT study guides and notes has been a great source of side revenue while I'm in school. Some months I'm making over $500! Plus, it makes me happy knowing that I'm helping future med students with their MCAT."

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Parker Thompson 500 Startups

"It's a great way for students to improve their educational experience and it seemed like a product that everybody wants, so all the people participating are winning."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.