Distributed Systems Security : Issues, Processes and Solutions.
Title:
Distributed Systems Security : Issues, Processes and Solutions.
Author:
Belapurkar, Abhijit.
ISBN:
9780470751770
Personal Author:
Edition:
1st ed.
Physical Description:
1 online resource (335 pages)
Contents:
Distributed Systems Security -- Contents -- List of Figures -- List of Tables -- Foreword -- Preface -- Chapter 1 Introduction -- 1.1 Background -- 1.2 Distributed Systems -- 1.2.1 Characteristics of Distributed Systems -- 1.2.2 Types of Distributed System -- 1.2.3 Different Distributed Architectures -- 1.2.4 Challenges in Designing Distributed Systems -- 1.3 Distributed Systems Security -- 1.3.1 Enterprise IT - A Layered View -- 1.3.2 Trends in IT Security -- 1.4 About the Book -- 1.4.1 Target Audience -- References -- Chapter 2 Security Engineering -- 2.1 Introduction -- 2.2 Secure Development Lifecycle Processes - An Overview -- 2.2.1 Systems Security Engineering Capability Maturity Model (SSE-CMM) -- 2.2.2 Microsoft's Security Development Lifecycle (SDL) -- 2.2.3 Comprehensive Lightweight Application Security Process (CLASP) -- 2.2.4 Build Security In -- 2.3 A Typical Security Engineering Process -- 2.3.1 Requirements Phase -- 2.3.2 Architecture and Design Phase -- 2.3.3 Development (Coding) Phase -- 2.3.4 Testing Phase -- 2.4 Important Security Engineering Guidelines and Resources -- 2.4.1 Security Requirements -- 2.4.2 Architecture and Design -- 2.4.3 Secure Coding -- 2.4.4 Security Testing -- 2.5 Conclusion -- References -- Chapter 3 Common Security Issues and Technologies -- 3.1 Security Issues -- 3.1.1 Authentication -- 3.1.2 Authorization -- 3.1.3 Data Integrity -- 3.1.4 Confidentiality -- 3.1.5 Availability -- 3.1.6 Trust -- 3.1.7 Privacy -- 3.1.8 Identity Management -- 3.2 Common Security Techniques -- 3.2.1 Encryption -- 3.2.2 Digital Signatures and Message Authentication Codes -- 3.2.3 Authentication Mechanisms -- 3.2.4 Public Key Infrastructure (PKI) -- 3.2.5 Models of Trust -- 3.2.6 Firewalls -- 3.3 Conclusion -- References -- Chapter 4 Host-Level Threats and Vulnerabilities -- 4.1 Background.
4.1.1 Transient Code Vulnerabilities -- 4.1.2 Resident Code Vulnerabilities -- 4.2 Malware -- 4.2.1 Trojan Horse -- 4.2.2 Spyware -- 4.2.3 Worms/Viruses -- 4.3 Eavesdropping -- 4.3.1 Unauthorized Access to Confidential Data - by Users -- 4.3.2 Unauthorized Access to Protected or Privileged Binaries - by Users -- 4.3.3 Unauthorized Tampering with Computational Results -- 4.3.4 Unauthorized Access to Private Data - by Jobs -- 4.4 Job Faults -- 4.5 Resource Starvation -- 4.6 Overflow -- 4.6.1 Stack-Based Buffer Overflow -- 4.6.2 Heap-Based Buffer Overflow -- 4.7 Privilege Escalation -- 4.8 Injection Attacks -- 4.8.1 Shell/PHP Injection -- 4.8.2 SQL Injection -- 4.9 Conclusion -- References -- Chapter 5 Infrastructure-Level Threats and Vulnerabilities -- 5.1 Introduction -- 5.2 Network-Level Threats and Vulnerabilities -- 5.2.1 Denial-of-Service Attacks -- 5.2.2 DNS Attacks -- 5.2.3 Routing Attacks -- 5.2.4 Wireless Security Vulnerabilities -- 5.3 Grid Computing Threats and Vulnerabilities -- 5.3.1 Architecture-Related Issues -- 5.3.2 Infrastructure-Related Issues -- 5.3.3 Management-Related Issues -- 5.4 Storage Threats and Vulnerabilities -- 5.4.1 Security in Storage Area Networks -- 5.4.2 Security in Distributed File Systems -- 5.5 Overview of Infrastructure Threats and Vulnerabilities -- References -- Chapter 6 Application-Level Threats and Vulnerabilities -- 6.1 Introduction -- 6.2 Application-Layer Vulnerabilities -- 6.2.1 Injection Vulnerabilities -- 6.2.2 Cross-Site Scripting (XSS) -- 6.2.3 Improper Session Management -- 6.2.4 Improper Error Handling -- 6.2.5 Improper Use of Cryptography -- 6.2.6 Insecure Configuration Issues -- 6.2.7 Denial of Service -- 6.2.8 Canonical Representation Flaws -- 6.2.9 Overflow Issues -- 6.3 Conclusion -- References -- Further Reading -- Chapter 7 Service-Level Threats and Vulnerabilities -- 7.1 Introduction.
7.2 SOA and Role of Standards -- 7.2.1 Standards Stack for SOA -- 7.3 Service-Level Security Requirements -- 7.3.1 Authentication -- 7.3.2 Authorization and Access Control -- 7.3.3 Auditing and Nonrepudiation -- 7.3.4 Availability -- 7.3.5 Confidentiality -- 7.3.6 Data Integrity -- 7.3.7 Privacy -- 7.3.8 Trust -- 7.3.9 Federation and Delegation -- 7.4 Service-Level Threats and Vulnerabilities -- 7.4.1 Anatomy of a Web Service -- 7.5 Service-Level Attacks -- 7.5.1 Known Bug Attacks -- 7.5.2 SQL Injection Attacks -- 7.5.3 XPath and XQuery Injection Attacks -- 7.5.4 Blind XPath Injection -- 7.5.5 Cross-Site Scripting Attacks -- 7.5.6 WSDL Probing -- 7.5.7 Enumerating Service from WSDL -- 7.5.8 Parameter-Based Attacks -- 7.5.9 Authentication Attacks -- 7.5.10 Man-in-the-Middle Attacks -- 7.5.11 SOAP Routing Attacks -- 7.5.12 SOAP Attachments Virus -- 7.5.13 XML Signature Redirection Attacks -- 7.5.14 XML Attacks -- 7.5.15 Schema-Based Attacks -- 7.5.16 UDDI Registry Attacks -- 7.6 Services Threat Pro.le -- 7.7 Conclusion -- References -- Further Reading -- Chapter 8 Host-Level Solutions -- 8.1 Background -- 8.2 Sandboxing -- 8.2.1 Kernel-Level Sandboxing -- 8.2.2 User-Level Sandboxing -- 8.2.3 Delegation-Based Sandboxing -- 8.2.4 File-System Isolation -- 8.3 Virtualization -- 8.3.1 Full-System Virtualization -- 8.3.2 Para Virtualization -- 8.3.3 Shared-Kernel Virtualization -- 8.3.4 Hosted Virtualization -- 8.3.5 Hardware Assists -- 8.3.6 Security Using Virtualization -- 8.3.7 Future Security Trends Based on Virtualization -- 8.3.8 Application Streaming -- 8.4 Resource Management -- 8.4.1 Advance Reservation -- 8.4.2 Priority Reduction -- 8.4.3 Solaris Resource Manager -- 8.4.4 Windows System Resource Manager -- 8.4.5 Citrix ARMTech -- 8.4.6 Entitlement-Based Scheduling -- 8.5 Proof-Carrying Code -- 8.6 Memory Firewall -- 8.7 Antimalware.
8.7.1 Signature-Based Protection -- 8.7.2 Real-Time Protection -- 8.7.3 Heuristics-Based Worm Containment -- 8.7.4 Agent Defense -- 8.8 Conclusion -- References -- Chapter 9 Infrastructure-Level Solutions -- 9.1 Introduction -- 9.2 Network-Level Solutions -- 9.2.1 Network Information Security Solutions -- 9.2.2 Denial-of-Service Solutions -- 9.2.3 DNS Solution - DNSSEC -- 9.2.4 Routing Attack Solutions -- 9.2.5 Comments on Network Solutions -- 9.3 Grid-Level Solutions -- 9.3.1 Architecture Security Solutions -- 9.3.2 Grid Infrastructure Solutions -- 9.3.3 Grid Management Solutions -- 9.3.4 Comments on Grid Solutions -- 9.4 Storage-Level Solutions -- 9.4.1 Fiber-Channel Security Protocol (FC-SP) - Solution for SAN Security -- 9.4.2 Distributed File System (DFS) Security -- 9.4.3 Comments on Storage Solutions -- 9.5 Conclusion -- References -- Chapter 10 Application-Level Solutions -- 10.1 Introduction -- 10.2 Application-Level Security Solutions -- 10.2.1 Input Validation Techniques -- 10.2.2 Secure Session Management -- 10.2.3 Cryptography Use -- 10.2.4 Preventing Cross-Site Scripting -- 10.2.5 Error-Handling Best Practices -- 10.3 Conclusion -- References -- Chapter 11 Service-Level Solutions -- 11.1 Introduction -- 11.2 Services Security Policy -- 11.2.1 Threat Classification -- 11.3 SOA Security Standards Stack -- 11.3.1 Inadequacy of SSL for Web Services -- 11.4 Standards in Depth -- 11.4.1 XML Signature -- 11.4.2 XML Encryption -- 11.4.3 Web-Services Security (WS Security) -- 11.4.4 Security Assertions Mark-Up Language (SAML) -- 11.4.5 WS Policy -- 11.4.6 WS Trust -- 11.4.7 WS Security Policy -- 11.4.8 WS Secure Conversation -- 11.4.9 XKMS (XML Key Management Speci.cation) -- 11.4.10 WS Privacy and P3P -- 11.4.11 Federated Identity Standards - Liberty Alliance Project and WS Federation -- 11.4.12 WS-I Basic Security Profile.
11.4.13 Status of Standards -- 11.5 Deployment Architectures for SOA Security -- 11.5.1 Message-Level Security and Policy Infrastructure -- 11.5.2 XML Firewalls -- 11.6 Managing Service-Level Threats -- 11.6.1 Combating SQL and XPath Injection Attacks -- 11.6.2 Combating Cross-Site Scripting Attacks -- 11.6.3 Combating Phishing and Routing Attacks -- 11.6.4 Handling Authentication Attacks -- 11.6.5 Handling Man-in-the-Middle Attacks -- 11.6.6 Handling SOAP Attachment Virus Attacks -- 11.6.7 Handling Parameter-Tampering Attacks -- 11.6.8 XML Attacks -- 11.6.9 Known-Bug Attacks -- 11.7 Service Threat Solution Mapping -- 11.8 XML Firewall Configuration-Threat Mapping -- 11.9 Conclusion -- References -- Further Reading -- Chapter 12 Case Study: Compliance in Financial Services -- 12.1 Introduction -- 12.2 SOX Compliance -- 12.2.1 Identity Management -- 12.2.2 Policy-Based Access Control -- 12.2.3 Strong Authentication -- 12.2.4 Data Protection and Integrity -- 12.3 SOX Security Solutions -- 12.3.1 People -- 12.3.2 Process -- 12.3.3 Technology -- 12.4 Multilevel Policy-Driven Solution Architecture -- 12.4.1 Logical Architecture and Middleware -- 12.5 Conclusion -- References -- Further Reading -- Chapter 13 Case Study: Grid -- 13.1 Background -- 13.2 The Financial Application -- 13.3 Security Requirements Analysis -- 13.3.1 Confidentiality Requirement Analysis -- 13.3.2 Authentication Requirement Analysis -- 13.3.3 Single Sign-On and Delegation Requirement Analysis -- 13.3.4 Authorization Requirement Analysis -- 13.3.5 Identity Management Requirement Analysis -- 13.3.6 Secure Repository Requirement Analysis -- 13.3.7 Trust Management Requirement Analysis -- 13.3.8 Monitoring and Logging Requirement Analysis -- 13.3.9 Intrusion Detection Requirement Analysis -- 13.3.10 Data Protection and Isolation Requirement Analysis.
13.3.11 Denial of Service Requirement Analysis.
Abstract:
How to solve security issues and problems arising in distributed systems. Security is one of the leading concerns in developing dependable distributed systems of today, since the integration of different components in a distributed manner creates new security problems and issues. Service oriented architectures, the Web, grid computing and virtualization - form the backbone of today's distributed systems. A lens to security issues in distributed systems is best provided via deeper exploration of security concerns and solutions in these technologies. Distributed Systems Security provides a holistic insight into current security issues, processes, and solutions, and maps out future directions in the context of today's distributed systems. This insight is elucidated by modeling of modern day distributed systems using a four-tier logical model -host layer, infrastructure layer, application layer, and service layer (bottom to top). The authors provide an in-depth coverage of security threats and issues across these tiers. Additionally the authors describe the approaches required for efficient security engineering, alongside exploring how existing solutions can be leveraged or enhanced to proactively meet the dynamic needs of security for the next-generation distributed systems. The practical issues thereof are reinforced via practical case studies. Distributed Systems Security: Presents an overview of distributed systems security issues, including threats, trends, standards and solutions. Discusses threats and vulnerabilities in different layers namely the host, infrastructure, application, and service layer to provide a holistic and practical, contemporary view of enterprise architectures. Provides practical insights into developing current-day distributed systems security using realistic case studies. This book will be of invaluable
interest to software engineers, developers, network professionals and technical/enterprise architects working in the field of distributed systems security. Managers and CIOs, researchers and advanced students will also find this book insightful.
Local Note:
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2017. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Genre:
Electronic Access:
Click to View