Distributed Software Engineering

2008 Words5 Pages
bulb-icon

Recommended: Principles of access control

4. Security

Security is a very critical issue in many systems, especially distributed systems. This is because the system is distributed across a network over many devices, and so there may be more ways for outsiders to access the system who do not have permission to do such. A security breach is considered to be any time an unsafe state is reached within the system. An unsafe state is one in which data can be illegally intercepted, interrupted, modified, or fabricated. Since a distributed system is made up of various smaller systems with the possibility of each system being managed separately, it becomes very important that all parts of the distributed system be managed uniformly and completely to prevent security breaches. Furthermore, in the case that a security breach has been made on one sub-system, it becomes very possible that the attacker can gain access to other parts of the system. In this case, the attacker may even be able to make it appear that the accesses to the other parts of the system were made legally [1, 6, 7]. Access control, bracket capabilities, and the formal protection model are methods of ensuring a secure and safe distributed system environment.

4.1 Access Control

Access control is described as “the process of regulation of the kind of access (e.g. – read access, write access, no access) an entity has to the system resources” [7]. Access control can therefore prevent and enable parts of the systems to perform certain actions and access specific files and data. Access control lists are used to store the privilege information. Entries are stored in access control lists that specify whether an entity has the right to either access, write, or execute certain sections of a system [8].

A comm...

... middle of paper ...

...a, 2008.

[6] Appelbe, Akyildiz, Benson. A FormalProtection Model of Security in Centralized, Parallel, and Distributed Systems. Georia Institute of Technology. 1990.

[7] Shreyas, Doshi. Software Engineering for Security: Towards Architecting Secure Software. University of California, Irvine, CA. 2001.

[8] Access Control Lists. Microsoft Development Network. Internet: http://msdn.microsoft.com/en-us/library/aa374872(VS.85).aspx. [Oct. 12, 2011].

[9] How Permissions Work. Microsoft TechNet. Internet: http://technet.microsoft.com/en-us/library/cc783530(WS.10).aspx. [Oct. 12, 2011].

[10] Clarskon, Michael. Access Control. Cornell University. Internet: http://www.cs.cornell.edu/courses/cs513/2007fa/NL.accessControl.html. [Oct. 12, 2011].

[11] Evered, Mark. Bracket Capabilities for Distributed Systems Security. University of New England, Armidale, Australia. 2002.

Show More
Related

  • Nt1310 Unit 3

    238 Words  | 1 Pages

    The Operating System (OS) is the heart of computer server and client systems; therefore they are the pivotal components of the Information Technology (IT) architecture. The OS contains the crucial data, information, and applications, which are vulnerable, and can be infiltrated to cripple the entire IT architecture of the organization. Therefore, it becomes mandatory to properly safeguard the OS from an internal or external intrusion (Stallings & Brown, 2012). This critical thinking report will highlight the security concerns that may impact the OS. Further, the security guidelines and best practices for the OS in general, along with the specific fundamentals regarding the Windows and Linux OS are comprehensively illustrated.

    Read More

  • Nt1330 Unit 1 Assignment

    1063 Words  | 3 Pages

    Every piece of information must be traceable back to the data input that produced it. The main action of audit trail is captures a sources of all data items at the time of getting entrance into the system. The other constituent of input control and security involves data security rules and measures to protect data from being or lost or damaged. The records retention policy is the practice of storing documents in a safe location and making sure to see to legal requirements or business needs. Input security and control also involves the process of encrypting or encryption of data so only users with the code it software can read

    Read More

  • Evaluation of Booz Allen Hamilton Cybersecurity

    2027 Words  | 5 Pages

    Kabay, M. E., & Robertson, B. (2009). Security policy guidelines. In S. Bosworth, M. E. Kabay, & E. Whyne (Eds.), Computer security handbook (5th ed.). New York, NY: John Wiley

    Read More

  • HIPAA, CIA, and Safeguards

    1633 Words  | 4 Pages

    Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.

    Read More

  • Decoy Systems for Computer Crimes: Honeypots

    923 Words  | 2 Pages

    Whitman, M. E. & Mattord, H. J. (2011) Principles of Information Security. Boston: Course Technology. (Whitman & Mattord, 2011)

    Read More

  • Why Do States Go to War?

    793 Words  | 2 Pages

    Glaser , C. L. (1997). The Security Dilemma Revisited. Cambridge University press, 50(1), 171-201. Retrieved from http://www.gwu.edu/~iscs/assets/docs/cg-docs/SecurityDilemma-WP-1997.pdf

    Read More

  • Historical Events in Codes and Cryptography

    1328 Words  | 3 Pages

    Diffie, Whitfield. (2008). Information Security: 50 Years Behind, 50 Years Ahead. Communications of the ACM. 51(1), 55-57.

    Read More

  • The Home Depot Data Breach Case Study

    1138 Words  | 3 Pages

    For an in-depth defence approach, case study provides a series of things that describe about what is working nowadays for a secure data.

    Read More

  • What are Attack Trees?

    1082 Words  | 3 Pages

    Attack trees are visual representations of security loopholes. They are models representing of security loopholes. They are model representing the likelihood of dangers by using the branch model. From the branch model we can also estimate prevention from the threats. These attacks attack trees have wide applications in various fields. The IT & security advisors use these attack trees among other prevention techniques for finding loopholes in the model and correcting them.

    Read More

  • Health Information System Vulnerabilities

    1264 Words  | 3 Pages

    Understanding the access control is the first step to secure any system, following

    Read More

  • Network Security

    1526 Words  | 4 Pages

    Without proper protection, any part of any network can be susceptible to attacks or unauthorized activity. Routers, switches, and hosts can all be violated by professional hackers, company competitors. In fact, according to several studies, more than half of all network attacks are waged internally. To determine the best ways to protect against attacks, we should understand the many types of attacks that can be instigated and the damage that these attacks can cause to data. The most common types of attacks include Denial of Service (DoS), password, an...

    Read More

  • Analysis Of Silver Star Mines Risk Assessment

    1317 Words  | 3 Pages

    530). The risks assessment suggests to identify and manage critical documents and store them on a centralized application and file servers. Moreover, it proposes to use applicable controls. To further explain the applicable controls, role based control (RBAC) should be enabled to regulate access to the files resources based on the roles of individual users within the company. In this structure, access is the ability of an individual user to perform a specific task, such as view, create, or modify a file. Roles are defined according to job proficiency, authority, and responsibility within the business. In fact, role describes the level of access that users have for their account. For example, by assigning roles to users, administrators can allow multiple users to complete tasks securely. Also, RBAC limits risk by ensuring that users do not have access beyond their training or level of control. Thus, an employee 's role determines the level of permissions granted and ensures that junior level employees are not able to access sensitive information or perform high level tasks. Additionally, an employee education and security awareness program should be implemented to improve employee behavior, hold employees accountable for their actions, complying with rules, and improve employee knowledge base on

    Read More

  • Network Security Monitoring Tools

    877 Words  | 2 Pages

    It has been demonstrated that a number of interoperable systems must be implemented to fully protect a network; a strategy known as Defense in Depth. Due to the multitude of security devices and device categories available, it can be very difficult to identify the correct tools for meeting security goals. Using the Defense in Depth strategy will require an understanding of the interactions between devices occuring within the network.

    Read More

  • Statement of Purposefor a Masters in Cybersecurity

    1114 Words  | 3 Pages

    My strong curiosity towards the field of Cybersecurity dates back to my pre-university days when I started reading sci-fi novels. Digital Fortress, a techno-thriller novel written by Dan Brown, explored the theme of government surveillance, security and civil liberties. This theme is brought out in the book by portraying cryptographic techniques, security policies and implications of these policies. This gravitated me towards the field of security. With little programming experience, I was eager to begin my nascent adventure in the field of Cybersecurity. Although I’ve gained exposure in the field of security during the course of my Bachelor’s degree, I believe pursuing a master’s degree in Cybersecurity will allow me to explore the field of security in greater depth and utilize it effectively to address more real-world challenges.

    Read More

  • Chief Information Officer Essay

    1378 Words  | 3 Pages

    These controls are logical access controls that are used for “identification, authentication, authorization and accountability” (Whitman & Mattord, 2013). As with many systems proper preparedness documents are crucial. There has to be a plan in the event of a disaster such as an

    Read More

More about Distributed Software Engineering

Open Document