-
Essay / Distributed Software Engineering - 2008
4. SecuritySecurity is a very critical issue in many systems, especially distributed systems. This is because the system is distributed across a network across many devices, and so there may be more ways for outsiders to access the system without authorization to do so. A security breach is considered any time a dangerous state is reached within the system. A dangerous state is one in which data can be illegally intercepted, disrupted, modified or fabricated. Since a distributed system is composed of several smaller systems with the possibility of each system being managed separately, it becomes very important that all parts of the distributed system are managed uniformly and comprehensively to avoid security breaches. Furthermore, in the event that a security breach has been committed on a subsystem, it becomes very possible that the attacker can access other parts of the system. In this case, the attacker may even be able to make it appear that access to other parts of the system was carried out legally [1, 6, 7]. Access control, media capabilities, and the formal protection model are methods of ensuring a secure distributed system environment.4.1 Access ControlAccess control is described as "the process of regulating the type of access (for example – read access, write access, unauthorized access). access) that an entity has to the resources of the system” [7]. Access control can therefore prevent and allow certain parts of systems to perform certain actions and access specific files and data. Access control lists are used to store privilege information. Entries are stored in access control lists that specify whether an entity has the right to access, write, or execute certain sections of a system [8]. , 2008.[6] Appelbe, Akyildiz, Benson. A model for formal security protection in centralized, parallel, and distributed systems. Georia Institute of Technology. 1990.[7] Shreyas, Doshi. Software engineering for security: towards a secure software architecture. University of California, Irvine, California. 2001.[8] Access control lists. Microsoft Developer Network. Internet: http://msdn.microsoft.com/en-us/library/aa374872(VS.85).aspx. [October. 12, 2011].[9] How permissions work. Microsoft TechNet. Internet: http://technet.microsoft.com/en-us/library/cc783530(WS.10).aspx. [October. 12, 2011].[10] Clarkon, Michael. Access control. Cornell University. Internet: http://www.cs.cornell.edu/courses/cs513/2007fa/NL.accessControl.html. [October. 12, 2011].[11] Evered, Mark. Support capabilities for distributed systems security. University of New England, Armidale, Australia. 2002.