Distributed security in closed distributed systems

Publication: ResearchPh.D. thesis – Annual report year: 2012

Standard

Distributed security in closed distributed systems. / Hernandez, Alejandro Mario; Nielson, Flemming (Main supervisor); Nielson, Hanne Riis (Supervisor).

Kgs. Lyngby : Technical University of Denmark (DTU), 2012. 198 p. (IMM-PHD-2012; No. 274).

Publication: ResearchPh.D. thesis – Annual report year: 2012

Harvard

Hernandez, AM, Nielson, F & Nielson, HR 2012, Distributed security in closed distributed systems. Ph.D. thesis, Technical University of Denmark (DTU), Kgs. Lyngby. IMM-PHD-2012, no. 274

APA

Hernandez, A. M., Nielson, F., & Nielson, H. R. (2012). Distributed security in closed distributed systems. Kgs. Lyngby: Technical University of Denmark (DTU). (IMM-PHD-2012; No. 274).

CBE

Hernandez AM, Nielson F, Nielson HR 2012. Distributed security in closed distributed systems. Kgs. Lyngby: Technical University of Denmark (DTU). 198 p. (IMM-PHD-2012; No. 274).

MLA

Hernandez, Alejandro Mario, Flemming Nielson, and Hanne Riis Nielson Distributed security in closed distributed systems Kgs. Lyngby: Technical University of Denmark (DTU). 2012. (IMM-PHD-2012; Journal number 274).

Vancouver

Hernandez AM, Nielson F, Nielson HR. Distributed security in closed distributed systems. Kgs. Lyngby: Technical University of Denmark (DTU), 2012. 198 p. (IMM-PHD-2012; No. 274).

Author

Hernandez, Alejandro Mario; Nielson, Flemming (Main supervisor); Nielson, Hanne Riis (Supervisor) / Distributed security in closed distributed systems.

Kgs. Lyngby : Technical University of Denmark (DTU), 2012. 198 p. (IMM-PHD-2012; No. 274).

Publication: ResearchPh.D. thesis – Annual report year: 2012

Bibtex

@book{f980893dd7b44902afa6f3ab4915ecc6,
title = "Distributed security in closed distributed systems",
publisher = "Technical University of Denmark (DTU)",
author = "Hernandez, {Alejandro Mario} and Flemming Nielson and Nielson, {Hanne Riis}",
year = "2012",
series = "IMM-PHD-2012",

}

RIS

TY - BOOK

T1 - Distributed security in closed distributed systems

A1 - Hernandez,Alejandro Mario

AU - Hernandez,Alejandro Mario

A2 - Nielson,Flemming

A2 - Nielson,Hanne Riis

ED - Nielson,Flemming

ED - Nielson,Hanne Riis

PB - Technical University of Denmark (DTU)

PY - 2012

Y1 - 2012

N2 - The goal of the present thesis is to discuss, argue and conclude about ways to provide security to the information travelling around computer systems consisting of several known locations.<br/>When developing software systems, security of the information managed by these plays an important role in their design. There should always exist techniques for ensuring that the required security properties are met. This has been thoroughly investigated through the years, and many varied methodologies have come through.<br/>In the case of distributed systems, there are even harder issues to deal with. Many approaches have been taken towards solving security problems, yet many questions remain unanswered. Most of these problems are related to some of the following facts: distributed systems do not usually have any central controller providing security to the entire system; the system heterogeneity is usually reflected in heterogeneous security aims; the software life cycle entails evolution and this includes security expectations; the distribution is useful if the entire system is “open” to new (a priori unknown) interactions; the distribution itself poses intrinsically more complex security-related problems, such as communication, cryptography, performance and reliability. We do not expect to solve all of these, but we shall approach the first three.<br/>In this dissertation, we take the view of a distributed system from a high-level of abstraction. We then focus on the interactions that can take place between the locations, and aim at providing security to each of these individually. The approach taken is by means of access control enforcement mechanisms, providing security to the locations they are related to. We provide a framework for modelling so. All this follows techniques borrowed from the aspect-orientation community.<br/>As this needs to be scaled up to the entire distributed system, we then focus on ways of reasoning about the resulting composition of these individual access control mechanisms. We show how, by means of relying on the semantics of our framework, we can syntactically guarantee some limited set of global security properties. This is also restricted to distributed systems in which the set of locations is known a priori. All this follows techniques borrowed from both the model checking and the static analysis communities.<br/>In the end, we reach a step towards solving the problem of enforcing security in distributed systems. We achieve the goal of showing how this can be done, though we restrict ourselves to closed systems and with a limited set of enforceable security policies. In this setting, our approach proves to be efficient. <br/>Finally, we achieve all this by bringing together several fields of Computer Science. These include aspect orientation, model checking and static analysis, and of course some ingredients of logics and formal methods as well. All this is in an attempt to approach a software engineering problem, such as security in distributed systems. This shows how the full field of Computer Science can benefit from combining its subfields.

AB - The goal of the present thesis is to discuss, argue and conclude about ways to provide security to the information travelling around computer systems consisting of several known locations.<br/>When developing software systems, security of the information managed by these plays an important role in their design. There should always exist techniques for ensuring that the required security properties are met. This has been thoroughly investigated through the years, and many varied methodologies have come through.<br/>In the case of distributed systems, there are even harder issues to deal with. Many approaches have been taken towards solving security problems, yet many questions remain unanswered. Most of these problems are related to some of the following facts: distributed systems do not usually have any central controller providing security to the entire system; the system heterogeneity is usually reflected in heterogeneous security aims; the software life cycle entails evolution and this includes security expectations; the distribution is useful if the entire system is “open” to new (a priori unknown) interactions; the distribution itself poses intrinsically more complex security-related problems, such as communication, cryptography, performance and reliability. We do not expect to solve all of these, but we shall approach the first three.<br/>In this dissertation, we take the view of a distributed system from a high-level of abstraction. We then focus on the interactions that can take place between the locations, and aim at providing security to each of these individually. The approach taken is by means of access control enforcement mechanisms, providing security to the locations they are related to. We provide a framework for modelling so. All this follows techniques borrowed from the aspect-orientation community.<br/>As this needs to be scaled up to the entire distributed system, we then focus on ways of reasoning about the resulting composition of these individual access control mechanisms. We show how, by means of relying on the semantics of our framework, we can syntactically guarantee some limited set of global security properties. This is also restricted to distributed systems in which the set of locations is known a priori. All this follows techniques borrowed from both the model checking and the static analysis communities.<br/>In the end, we reach a step towards solving the problem of enforcing security in distributed systems. We achieve the goal of showing how this can be done, though we restrict ourselves to closed systems and with a limited set of enforceable security policies. In this setting, our approach proves to be efficient. <br/>Finally, we achieve all this by bringing together several fields of Computer Science. These include aspect orientation, model checking and static analysis, and of course some ingredients of logics and formal methods as well. All this is in an attempt to approach a software engineering problem, such as security in distributed systems. This shows how the full field of Computer Science can benefit from combining its subfields.

BT - Distributed security in closed distributed systems

T3 - IMM-PHD-2012

T3 - en_GB

ER -