A Distributed Security Architecture for Large Scale Systems

This thesis describes the research leading from the conception, through development, to the practical implementation of a comprehensive security architecture for use within, and as a value-added enhancement to, the ISO Open Systems Interconnection (OSI) model. The Comprehensive Security System (CSS) is arranged basically as an Application Layer service but can allow any of the ISO recommended security facilities to be provided at any layer of the model. It is suitable as an 'add-on' service to existing arrangements or can be fully integrated into new applications. For large scale, distributed processing operations, a network of security management centres (SMCs) is suggested, that can help to ensure that system misuse is minimised, and that flexible operation is provided in an efficient manner. The background to the OSI standards are covered in detail, followed by an introduction to security in open systems. A survey of existing techniques in formal analysis and verification is then presented. The architecture of the CSS is described in terms of a conceptual model using agents and protocols^ followed by an extension of the CSS concept to a large scale network controlled by SMCs. A new approach to formal security analysis is described which is based on two main methodologies. Firstly, every function within the system is built from layers of provably secure sequences of finite state machines, using a recursive function to monitor and constrain the system to the desired state at all times. Secondly, the correctness of the protocols generated by the sequences to exchange security information and control data between agents in a distributed environment, is analysed in terms of a modified temporal Hoare logic. This is based on ideas concerning the validity of beliefs about the global state of a system as a result of actions performed by entities within the system, including the notion of timeliness. The two fundamenul problems in number theory upon which the assumptions about the security of the finite state machine model rest are described, together with a comprehensive survey of the very latest progress in this area. Having assumed that the two problems will remain computationally intractable in the foreseeable future, the method is then applied to the formal analysis of some of the components of the Comprehensive Security System. A practical implementation of the CSS has been achieved as a demonstration system for a network of IBM Personal Computers connected via an Ethernet L A N , which fully meets the aims and objectives set out in Chapter 1. This implementation is described, and finally some comments are made on the possible future of research into security aspects of distributed systems.

[1]  S.J. Shepherd,et al.  A comprehensive security system - the concepts, agents and protocols , 1990, Comput. Secur..

[2]  W. Leveque Fundamentals of number theory , 1977 .

[3]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[4]  Steve H. Weingart Physical Security for the μABYSS System , 1987, 1987 IEEE Symposium on Security and Privacy.

[5]  Edward L. Witzke,et al.  A security methodology for computer networks , 1988, AT&T Technical Journal.

[6]  Robert D. Silverman The multiple polynomial quadratic sieve , 1987 .

[7]  James A. Davis,et al.  Status Report on Factoring (At the Sandia National Laboratories) , 1984, EUROCRYPT.

[8]  Philip H. Enslow What is a "Distributed" Data Processing System? , 1978, Computer.

[9]  H. Riesel Prime numbers and computer methods for factorization , 1985 .

[10]  J. Dixon Factorization and Primality Tests , 1984 .

[11]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[12]  Adi Shamir,et al.  On the Generation of Cryptographically Strong Pseudo-Random Sequences , 1981, ICALP.

[13]  Gary L. Miller Riemann's Hypothesis and Tests for Primality , 1976, J. Comput. Syst. Sci..

[14]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[15]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[16]  M. Rabin DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION , 1979 .

[17]  Hikaru Morita,et al.  A Fast Modular-multiplication Algorithm based on a Higher Radix , 1989, CRYPTO.

[18]  Adi Shamir,et al.  On the generation of cryptographically strong pseudorandom sequences , 1981, TOCS.

[19]  Donald E. Knuth,et al.  The art of computer programming. Vol.2: Seminumerical algorithms , 1981 .

[20]  Sead Muftic Security Mechanisms for Computer Networks , 1988, Comput. Networks.

[21]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[22]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[23]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[24]  John Gordon,et al.  Strong Primes are Easy to Find , 1985, EUROCRYPT.

[25]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[26]  Martin E. Hellman,et al.  Hiding information and signatures in trapdoor knapsacks , 1978, IEEE Trans. Inf. Theory.

[27]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[28]  F. Javier Thayer,et al.  Stating security requirements with tolerable sets , 1988, TOCS.

[29]  Richard I. Olis European needs and attitudes towards information security , 1983 .

[30]  William D. Young,et al.  Secure Ada Target: Issues, System Design, and Verification , 1985, 1985 IEEE Symposium on Security and Privacy.

[31]  Manuel Blum,et al.  A Simple Unpredictable Pseudo-Random Number Generator , 1986, SIAM J. Comput..

[32]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[33]  Donald E. Knuth,et al.  The Art of Computer Programming, Vol. 2 , 1981 .

[34]  Michael A. Harrison,et al.  Applied Cryptology, Cryptographic Protocols, and Computer Security Models , 1983 .

[35]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[36]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[37]  SIDNEY L. HANTLER,et al.  An Introduction to Proving the Correctness of Programs , 1976, CSUR.

[38]  D. Shanks Solved and Unsolved Problems in Number Theory , 1964 .

[39]  Martín Abadi,et al.  Authentication: A Practical Study in Belief and Action , 1988, TARK.

[40]  Carl E. Landwehr,et al.  Formal Models for Computer Security , 1981, CSUR.