Documente Academic
Documente Profesional
Documente Cultură
Hewlett-Packard Laboratories
Physical security
Has the hardware or software been corrupted?
Is someone reading my keystrokes?
Is my private key safe from a sledgehammer?
Authentication
Who am I talking to?
Authorization
How do I decide what this party is allowed to do?
Non-repudiation
Can I pretend I never made this deal?
Privacy
Can someone I dont know about see this thing?
Secure Distributed Systems
Anonymity
Who can know Ive seen this thing?
Auditing
How do I know who did what to whom when?
Access control
Should I honor this request?
Denial of service
Assumptions
Modest scale Extremely large scale
Relatively static Wildly dynamic
Trusted remote systems Malicious remote systems
Reasonably homogeneous Heterogeneity rules the day
Patterns
Enhances scalability
Eases crossing administrative boundaries
Pattern 1
Separate Authorization
From
Access Control
Existing Systems
User
Service
User
Service
Request +
Credentials
Secure Distributed Systems
Problem
Problems
Access Pattern
Service
Access Rule
Authorizer
Access Rule
User
Service
Request + Rights
Secure Distributed Systems
HP responsibilities
Benefits
Pattern 2
Mediate between
Client and Service
Existing Systems
Use
Service
User
Find
Register
Locator
Control points
Problems
authenticate users
make authorization decisions
produce audit trail
protect against malicious or erroneous users
Mediation Pattern
Service
User
Register
Use
Mediator
Locator
Find
Use
Mediation Pattern
Locator
Find
Register
Service
User
Use
Use
Mediator
Benefits
Mediator provides
trusted path
additional metadata
mutual anonymity
audit information
turns N*M problem into N+M
Pattern 3
Existing Systems
User
Use
Use
Service
User
Find
Find
Register
Find
Locator
Locator
Register
Problems
Proxy Pattern
Service
User
User
Proxy
Proxy
User
Service
User
User
Proxy
User
Benefits
Example of Use
E-speak E-xplained
Monitor
Naming
Permission
Protection
Domain
Service
Provider
Router
Repository
Host OS
Protection
Domain
= Core
Key Features
Design Principles
Separation of responsibility
Separation of control
Summary
Fundamental Idea
Design patterns
Others
connection manager
your favorite here
A Definition