Distribution plays a key role in telecommunication and computing systems today. It
has become a necessity as a result of deregulation and anti-trust legislation, which has
forced businesses to move from centralised, monolithic systems to distributed systems
with the separation of applications and provisioning technologies, such as the service
and transportation layers in the Internet. The need for reliability and recovery requires
systems to use replication and secondary backup systems such as those used in ecommerce.
There are consequences to distribution. It results in systems being implemented in
heterogeneous environment; it requires systems to be scalable; it results in some loss
of control and so this contributes to the increased security issues that result from
distribution. Each of these issues has to be dealt with. A distributed processing
environment (DPE) is middleware that allows heterogeneous environments to operate
in a homogeneous manner. Scalability can be addressed by using object-oriented
technology to distribute functionality. Security is more difficult to address because it
requires the creation of a distributed trusted environment.
The problem with security in a DPE currently is that it is treated as an adjunct service,
i.e. and after-thought that is the last thing added to the system. As a result, it is not
pervasive and therefore is unable to fully support the other DPE services. DPE
security needs to provide the five basic security services, authentication, access
control, integrity, confidentiality and non-repudiation, in a distributed environment,
while ensuring simple and usable administration.
The research, detailed in this thesis, starts by highlighting the inadequacies of the
existing DPE and its services. It argues that a new management structure was
introduced that provides greater flexibility and configurability, while promoting
mechanism and service independence. A new secure interoperability framework was
introduced which provides the ability to negotiate common mechanism and service
level configurations. New facilities were added to the non-repudiation and audit
services.
The research has shown that all services should be security-aware, and therefore
would able to interact with the Enhanced Security Service in order to provide a more
secure environment within a DPE. As a proof of concept, the Trader service was
selected. Its security limitations were examined, new security behaviour policies
proposed and it was then implemented as a Security-aware Trader, which could
counteract the existing security limitations.
Date of Award | 2001 |
---|
Original language | English |
---|
Awarding Institution | |
---|
Security in a Distributed Processing Environment
Joyce, E. M. (Author). 2001
Student thesis: PhD