Security architecture for heterogeneous distributed computing systems

Distributed systems face a proliferation of users, applications, networked devices, and their interactions on a scale never experienced before. The advent of reliable spontaneous networking technologies has ostensibly raised the stakes for the design of computing intensive environments using intelligent devices. As environmental intelligence grows, so will the number of heterogeneous devices connected to the environment. The creation of security and trust paradigms for such technology rich environments is today's great challenge. If the intelligent devices present in a smart environment act as gateways to some huge distributed computing system, then it is indispensable to sweep the threats out from these smart environments, so as to protect not only the local environment, but also the entire distributed system. This article proposes a design of consistent but fine-grained levels of trust and security in distributed systems, open to pervasive, mobile, heterogeneous networks featuring ambient intelligence by gradually virtualizing their security functions. These systems interact in various ways, with floating semantic interoperability between applications, interoperability of communications depending on shared links between those systems, and versatile interconnections. Threats and vulnerability vary according to different systems, objects, applications, and communication links. The salient features of this design include: consideration of duration and time factors in cryptographic protocols by introducing a trusted clock in the network; space for the security of distributed environments by context awareness in the system; mobility (security of mobile code, mobile agents and speed of movement); virtualization of security services.

[1]  Gaetano Borriello,et al.  Location Systems for Ubiquitous Computing , 2001, Computer.

[2]  Thomas Phan,et al.  Challenge: integrating mobile wireless devices into the computational grid , 2002, MobiCom '02.

[3]  M.E. Hellman,et al.  An overview of public key cryptography , 1978, IEEE Communications Magazine.

[4]  Gaurav S. Sukhatme,et al.  Connecting the Physical World with Pervasive Networks , 2002, IEEE Pervasive Comput..

[5]  Franco Zambonelli,et al.  The Cloak of Invisibility: Challenges and Applications , 2002, IEEE Pervasive Comput..

[6]  Stephan Olariu,et al.  Towards a new paradigm for securing wireless sensor networks , 2003, NSPW '03.

[7]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[8]  He Huang,et al.  ISCP: design and implementation of an inter-domain security management agent (SMA) coordination protocol , 2000, NOMS 2000. 2000 IEEE/IFIP Network Operations and Management Symposium 'The Networked Planet: Management Beyond 2000' (Cat. No.00CB37074).

[9]  Ian T. Foster,et al.  The anatomy of the grid: enabling scalable virtual organizations , 2001, Proceedings First IEEE/ACM International Symposium on Cluster Computing and the Grid.

[10]  Ian T. Foster,et al.  Security for Grid services , 2003, High Performance Distributed Computing, 2003. Proceedings. 12th IEEE International Symposium on.

[11]  Cynthia E. Irvine,et al.  Quality of security service , 2001, NSPW '00.

[12]  Vijay Varadharajan,et al.  A multilevel security model for a distributed object-oriented system , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[13]  Gregory D. Abowd,et al.  A Context-Based Infrastructure for Smart Environments , 2000 .

[14]  E. Ferrari,et al.  Trust negotiations: concepts, systems, and languages , 2004, Computing in Science & Engineering.