Distributed Systems Security Issues, Processes and Solutions

How to solve security issues and problems arising in distributed systems. Security is one of the leading concerns in developing dependable distributed systems of today, since the integration of different components in a distributed manner creates new security problems and issues. Service oriented ar...

Full description

Saved in:
Bibliographic Details
Main Authors: Belapurkar, Abhijit, Chakrabarti, Anirban, Ponnapalli, Harigopal, Varadarajan, Niranjan, Padmanabhuni, Srinivas, Sundarrajan, Srikanth
Format: eBook Book
Language:English
Published: Hoboken, NJ Wiley 2009
John Wiley & Sons
John Wiley & Sons, Incorporated
Wiley-Blackwell
Edition:1
Subjects:
Computer security
Computing and Processing
Distributed processing
Electronic data processing
Electronic data processing > Distributed processing
Internet
Internet > Security measures
Security measures
ISBN:0470519886, 9780470519882, 9780470751787, 0470751789
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Table of Contents:
  • Chapter 1: Introduction 1.1 Background 1.2 Distributed Systems. 1.3 Distributed Systems Security. 1.4 About the Book.   Chapter 2: Security Engineering. 2.1 Introduction. 2.2 Secure Development Life Cycle Processes – An Overview. 2.3 A Typical Security Engineering Process. 2.4 Important Security Engineering Guidelines and Resources. 2.5 Conclusion.   Chapter 3. Common Security Issues and Technologies. 3.1 Security Issues. 3.2 Common Security Techniques. 3.3 Summary.   Chapter 4 – Host level Threats and Vulnerabilities. 4.1 Background. 4.2 Malware. 4.3 Eavesdropping. 4.4 Job faults. 4.5 Resource starvation. 4.6 Overflow. 4.7 Privilege escalation. 4.8 Injection attacks. 4.9 Conclusion.   Chapter 5 – Infrastructure Level Threats & Vulnerabilities. 5.1 Introduction. 5.2 Network Level Threats and Vulnerabilities. 5.3 Grid Computing Threats and Vulnerabilities. 5.4 Storage Threats and Vulnerabilities.   Chapter 6: Application Level Vulnerabilities and Attacks. 6.1 Introduction. 6.2 Application Layer Vulnerabilities. 6.3 Conclusion.   Chapter 7 – Service Level Issues, Threats and Vulnerabilities. 7.1 Introduction. 7.2 SOA and Role of Standards. 7.3 Service Level Security Requirements. 7.4 Service Level Threats and Vulnerabilities. 7.5 Service Level Attacks. 7.6 Services Threat Profile. 7.7 Conclusions.   Chapter 8: Host level Solutions. 8.1 Background. 8.2 Sandboxing. 8.3 Virtualization. 8.4 Resource Management 8.5 Proof carrying code. 8.6 Memory firewall 8.7 Anti malware. 8.8 Conclusions.   Chapter 9 – Infrastructure Level Solutions 9.1 Introduction. 9.2 Network Level Solutions. 9.3 Grid Level Solutions. 9.4 Storage Level Solutions.   Chapter 10: Application Level Solutions. 10.1 Introduction. 10.2 Application Level Security Solutions. 10.3 Conclusion.   Chapter 11 – Service Level Solutions. 11.1 Introduction. 11.2 Services Security Policy. 11.3 SOA Security standards stack. 11.4 Standards in Depth. 11.5 Deployment Architectures for SOA Security. 11.6 Managing Service Level Threats. 11.7 Service Threat Solution Mapping. 11.8 XML Firewall Configuration-Threat Mapping. 11.9 Conclusions.   Chapter 12 - Case Study – Compliance in Financial Services. 12.1 Introduction. 12.2 SOX compliance. 12.3 SOX Security Solutions. 12.4 Multi-level policy driven solution architecture. 12.5 Conclusions.   Chapter 13 – Case Study of Grid. 13.1 Background. 13.2 Financial Application. 13.3 Security Requirements Analysis. 13.4 Final Security Architecture.   Chapter 14: Future directions and Conclusions. 14.1 Future directions. 14.2 Conclusions.
  • 13.3.11 Denial of Service Requirement Analysis
  • 7.2 SOA and Role of Standards -- 7.2.1 Standards Stack for SOA -- 7.3 Service-Level Security Requirements -- 7.3.1 Authentication -- 7.3.2 Authorization and Access Control -- 7.3.3 Auditing and Nonrepudiation -- 7.3.4 Availability -- 7.3.5 Confidentiality -- 7.3.6 Data Integrity -- 7.3.7 Privacy -- 7.3.8 Trust -- 7.3.9 Federation and Delegation -- 7.4 Service-Level Threats and Vulnerabilities -- 7.4.1 Anatomy of a Web Service -- 7.5 Service-Level Attacks -- 7.5.1 Known Bug Attacks -- 7.5.2 SQL Injection Attacks -- 7.5.3 XPath and XQuery Injection Attacks -- 7.5.4 Blind XPath Injection -- 7.5.5 Cross-Site Scripting Attacks -- 7.5.6 WSDL Probing -- 7.5.7 Enumerating Service from WSDL -- 7.5.8 Parameter-Based Attacks -- 7.5.9 Authentication Attacks -- 7.5.10 Man-in-the-Middle Attacks -- 7.5.11 SOAP Routing Attacks -- 7.5.12 SOAP Attachments Virus -- 7.5.13 XML Signature Redirection Attacks -- 7.5.14 XML Attacks -- 7.5.15 Schema-Based Attacks -- 7.5.16 UDDI Registry Attacks -- 7.6 Services Threat Pro.le -- 7.7 Conclusion -- References -- Further Reading -- Chapter 8 Host-Level Solutions -- 8.1 Background -- 8.2 Sandboxing -- 8.2.1 Kernel-Level Sandboxing -- 8.2.2 User-Level Sandboxing -- 8.2.3 Delegation-Based Sandboxing -- 8.2.4 File-System Isolation -- 8.3 Virtualization -- 8.3.1 Full-System Virtualization -- 8.3.2 Para Virtualization -- 8.3.3 Shared-Kernel Virtualization -- 8.3.4 Hosted Virtualization -- 8.3.5 Hardware Assists -- 8.3.6 Security Using Virtualization -- 8.3.7 Future Security Trends Based on Virtualization -- 8.3.8 Application Streaming -- 8.4 Resource Management -- 8.4.1 Advance Reservation -- 8.4.2 Priority Reduction -- 8.4.3 Solaris Resource Manager -- 8.4.4 Windows System Resource Manager -- 8.4.5 Citrix ARMTech -- 8.4.6 Entitlement-Based Scheduling -- 8.5 Proof-Carrying Code -- 8.6 Memory Firewall -- 8.7 Antimalware
  • 11.4.13 Status of Standards -- 11.5 Deployment Architectures for SOA Security -- 11.5.1 Message-Level Security and Policy Infrastructure -- 11.5.2 XML Firewalls -- 11.6 Managing Service-Level Threats -- 11.6.1 Combating SQL and XPath Injection Attacks -- 11.6.2 Combating Cross-Site Scripting Attacks -- 11.6.3 Combating Phishing and Routing Attacks -- 11.6.4 Handling Authentication Attacks -- 11.6.5 Handling Man-in-the-Middle Attacks -- 11.6.6 Handling SOAP Attachment Virus Attacks -- 11.6.7 Handling Parameter-Tampering Attacks -- 11.6.8 XML Attacks -- 11.6.9 Known-Bug Attacks -- 11.7 Service Threat Solution Mapping -- 11.8 XML Firewall Configuration-Threat Mapping -- 11.9 Conclusion -- References -- Further Reading -- Chapter 12 Case Study: Compliance in Financial Services -- 12.1 Introduction -- 12.2 SOX Compliance -- 12.2.1 Identity Management -- 12.2.2 Policy-Based Access Control -- 12.2.3 Strong Authentication -- 12.2.4 Data Protection and Integrity -- 12.3 SOX Security Solutions -- 12.3.1 People -- 12.3.2 Process -- 12.3.3 Technology -- 12.4 Multilevel Policy-Driven Solution Architecture -- 12.4.1 Logical Architecture and Middleware -- 12.5 Conclusion -- References -- Further Reading -- Chapter 13 Case Study: Grid -- 13.1 Background -- 13.2 The Financial Application -- 13.3 Security Requirements Analysis -- 13.3.1 Confidentiality Requirement Analysis -- 13.3.2 Authentication Requirement Analysis -- 13.3.3 Single Sign-On and Delegation Requirement Analysis -- 13.3.4 Authorization Requirement Analysis -- 13.3.5 Identity Management Requirement Analysis -- 13.3.6 Secure Repository Requirement Analysis -- 13.3.7 Trust Management Requirement Analysis -- 13.3.8 Monitoring and Logging Requirement Analysis -- 13.3.9 Intrusion Detection Requirement Analysis -- 13.3.10 Data Protection and Isolation Requirement Analysis
  • 4.1.1 Transient Code Vulnerabilities -- 4.1.2 Resident Code Vulnerabilities -- 4.2 Malware -- 4.2.1 Trojan Horse -- 4.2.2 Spyware -- 4.2.3 Worms/Viruses -- 4.3 Eavesdropping -- 4.3.1 Unauthorized Access to Confidential Data - by Users -- 4.3.2 Unauthorized Access to Protected or Privileged Binaries - by Users -- 4.3.3 Unauthorized Tampering with Computational Results -- 4.3.4 Unauthorized Access to Private Data - by Jobs -- 4.4 Job Faults -- 4.5 Resource Starvation -- 4.6 Overflow -- 4.6.1 Stack-Based Buffer Overflow -- 4.6.2 Heap-Based Buffer Overflow -- 4.7 Privilege Escalation -- 4.8 Injection Attacks -- 4.8.1 Shell/PHP Injection -- 4.8.2 SQL Injection -- 4.9 Conclusion -- References -- Chapter 5 Infrastructure-Level Threats and Vulnerabilities -- 5.1 Introduction -- 5.2 Network-Level Threats and Vulnerabilities -- 5.2.1 Denial-of-Service Attacks -- 5.2.2 DNS Attacks -- 5.2.3 Routing Attacks -- 5.2.4 Wireless Security Vulnerabilities -- 5.3 Grid Computing Threats and Vulnerabilities -- 5.3.1 Architecture-Related Issues -- 5.3.2 Infrastructure-Related Issues -- 5.3.3 Management-Related Issues -- 5.4 Storage Threats and Vulnerabilities -- 5.4.1 Security in Storage Area Networks -- 5.4.2 Security in Distributed File Systems -- 5.5 Overview of Infrastructure Threats and Vulnerabilities -- References -- Chapter 6 Application-Level Threats and Vulnerabilities -- 6.1 Introduction -- 6.2 Application-Layer Vulnerabilities -- 6.2.1 Injection Vulnerabilities -- 6.2.2 Cross-Site Scripting (XSS) -- 6.2.3 Improper Session Management -- 6.2.4 Improper Error Handling -- 6.2.5 Improper Use of Cryptography -- 6.2.6 Insecure Configuration Issues -- 6.2.7 Denial of Service -- 6.2.8 Canonical Representation Flaws -- 6.2.9 Overflow Issues -- 6.3 Conclusion -- References -- Further Reading -- Chapter 7 Service-Level Threats and Vulnerabilities -- 7.1 Introduction
  • Intro -- Distributed Systems Security -- Contents -- List of Figures -- List of Tables -- Foreword -- Preface -- Chapter 1 Introduction -- 1.1 Background -- 1.2 Distributed Systems -- 1.2.1 Characteristics of Distributed Systems -- 1.2.2 Types of Distributed System -- 1.2.3 Different Distributed Architectures -- 1.2.4 Challenges in Designing Distributed Systems -- 1.3 Distributed Systems Security -- 1.3.1 Enterprise IT - A Layered View -- 1.3.2 Trends in IT Security -- 1.4 About the Book -- 1.4.1 Target Audience -- References -- Chapter 2 Security Engineering -- 2.1 Introduction -- 2.2 Secure Development Lifecycle Processes - An Overview -- 2.2.1 Systems Security Engineering Capability Maturity Model (SSE-CMM) -- 2.2.2 Microsoft's Security Development Lifecycle (SDL) -- 2.2.3 Comprehensive Lightweight Application Security Process (CLASP) -- 2.2.4 Build Security In -- 2.3 A Typical Security Engineering Process -- 2.3.1 Requirements Phase -- 2.3.2 Architecture and Design Phase -- 2.3.3 Development (Coding) Phase -- 2.3.4 Testing Phase -- 2.4 Important Security Engineering Guidelines and Resources -- 2.4.1 Security Requirements -- 2.4.2 Architecture and Design -- 2.4.3 Secure Coding -- 2.4.4 Security Testing -- 2.5 Conclusion -- References -- Chapter 3 Common Security Issues and Technologies -- 3.1 Security Issues -- 3.1.1 Authentication -- 3.1.2 Authorization -- 3.1.3 Data Integrity -- 3.1.4 Confidentiality -- 3.1.5 Availability -- 3.1.6 Trust -- 3.1.7 Privacy -- 3.1.8 Identity Management -- 3.2 Common Security Techniques -- 3.2.1 Encryption -- 3.2.2 Digital Signatures and Message Authentication Codes -- 3.2.3 Authentication Mechanisms -- 3.2.4 Public Key Infrastructure (PKI) -- 3.2.5 Models of Trust -- 3.2.6 Firewalls -- 3.3 Conclusion -- References -- Chapter 4 Host-Level Threats and Vulnerabilities -- 4.1 Background
  • 8.7.1 Signature-Based Protection -- 8.7.2 Real-Time Protection -- 8.7.3 Heuristics-Based Worm Containment -- 8.7.4 Agent Defense -- 8.8 Conclusion -- References -- Chapter 9 Infrastructure-Level Solutions -- 9.1 Introduction -- 9.2 Network-Level Solutions -- 9.2.1 Network Information Security Solutions -- 9.2.2 Denial-of-Service Solutions -- 9.2.3 DNS Solution - DNSSEC -- 9.2.4 Routing Attack Solutions -- 9.2.5 Comments on Network Solutions -- 9.3 Grid-Level Solutions -- 9.3.1 Architecture Security Solutions -- 9.3.2 Grid Infrastructure Solutions -- 9.3.3 Grid Management Solutions -- 9.3.4 Comments on Grid Solutions -- 9.4 Storage-Level Solutions -- 9.4.1 Fiber-Channel Security Protocol (FC-SP) - Solution for SAN Security -- 9.4.2 Distributed File System (DFS) Security -- 9.4.3 Comments on Storage Solutions -- 9.5 Conclusion -- References -- Chapter 10 Application-Level Solutions -- 10.1 Introduction -- 10.2 Application-Level Security Solutions -- 10.2.1 Input Validation Techniques -- 10.2.2 Secure Session Management -- 10.2.3 Cryptography Use -- 10.2.4 Preventing Cross-Site Scripting -- 10.2.5 Error-Handling Best Practices -- 10.3 Conclusion -- References -- Chapter 11 Service-Level Solutions -- 11.1 Introduction -- 11.2 Services Security Policy -- 11.2.1 Threat Classification -- 11.3 SOA Security Standards Stack -- 11.3.1 Inadequacy of SSL for Web Services -- 11.4 Standards in Depth -- 11.4.1 XML Signature -- 11.4.2 XML Encryption -- 11.4.3 Web-Services Security (WS Security) -- 11.4.4 Security Assertions Mark-Up Language (SAML) -- 11.4.5 WS Policy -- 11.4.6 WS Trust -- 11.4.7 WS Security Policy -- 11.4.8 WS Secure Conversation -- 11.4.9 XKMS (XML Key Management Speci.cation) -- 11.4.10 WS Privacy and P3P -- 11.4.11 Federated Identity Standards - Liberty Alliance Project and WS Federation -- 11.4.12 WS-I Basic Security Profile