Security in distributed systems is a combination of confidentiality, integrity and availability of their components. It mainly targets the communication channels between users and/or processes located in different computers, the access control of users / processes to resources and services, and the management of keys, users and user groups. Distributed systems are more vulnerable to security threats due to several characteristics such as their large scale, the distributed nature of the control, and the remote nature of the access. In addition, an increasing number of distributed applications (such as Internet banking) manipulate sensitive information and have special security requirements. After discussing important security concepts in the Background section, this chapter addresses several important problems that are at the aim of current research in the security of large scale distributed systems: security models (which represent the theoretical foundation for solving security problems), access control (more specific the access control in distributed multi-organizational platforms), secure communication (with emphasis on the secure group communication, which is a hot topic in security research today), security management (especially key management for collaborative environments), secure distributed architectures (which are the blueprints for designing and building security systems), and security environments / frameworks.
TopBackground
Organizations and individuals expect the information held by distributed systems be available when needed, be disclosed exclusively in controlled ways, and be modified only by authorized entities. In other words, the systems must preserve the information security, which is characterized by three main attributes: availability, confidentiality, and integrity. These attributes apply not only to the information, but also to other assets that have value for the organization or individual users, such as computers, networks, software, databases, services, etc. Confidentiality refers to the concealment of information (Bishop, 2003) to be disclosed only to authorized entities (individuals or processes). Unauthorized entities will be unable, for example, to read the content of transferred messages or the data held in distributed files. Integrity means preventing improper or unauthorized change (Bishop, 2003). Assets can be modified only by authorized parties or in authorized ways. Unauthorized entities cannot, for example, modify a message in transfer or change the data in a distributed file. Integrity refers both to information (data integrity) and to the origin of the information (origin integrity, also called authentication). Availability is the ability to use the information or resource desired (Bishop, 2003). An asset is available if it can be accessed and used by the authorized entities. A message is not available to the legitimate receiver if its transfer is interrupted. Also, a file record is not available to the authorized user if the corresponding file service is denied.
The security of a distributed system can be violated. A threat is a potential event that breaches the security and can cause loss or harm to the system. Threats can be classified as malicious (such as virus, worm, Trojan horse, logic bomb, spoof, scan, snoop, scam, and spam), unintentional (hardware or software malfunction, human error), and physical (fire or water damage, power loss, vandalism, and theft or loss of computers). Some security threats that need particular attention are the spam (in particular the bandwidth-eating image spam), bots (computer programs that perform automated tasks), and viruses (Bernard, 2006).
Threats could be favored by vulnerabilities, which are weaknesses in the security system's procedures, design or implementation. An example is a vulnerability of Web application frameworks known as Cross Site Scripting (or XSS). The flow occurs when an application takes data from the user, don't validate the content, and sends it to a Web browser. This allows an attacker to execute a script in the browser and determine worms insertion, phishing attacks, etc. (OWASP, 2007). Security developers aim to identify the vulnerabilities and find solutions to eliminate them. Several organizations, foundations, and specialized companies (OWASP, SANS) publish information about the most important vulnerabilities and the areas where the organizations need to improve the security processes. Attackers are also interested to know the vulnerabilities and exploit them in preparing the attacks on the system.