Information Technology Reference
In-Depth Information
3.4.2.3 Secure Method Invocation
Firstly, let's clarify the concept of secure method invocation. A method invocation
M
issued by a user
U
and to be executed on a replica object
R
is said to be secure if the
following conditions are met [11]:
-
U
is allowed to invoke
M
under the DSO's security policy,
-
R
is allowed to execute
M
under the DSO's security policy, and
-
all the network communication between U and R takes place through a channel that
preserves data integrity origin and destination authenticity and, possibly, also con-
fidentiality.
Users can invoke methods on a DSO by simply calling those methods on their corre-
sponding proxies. Then the replication, communication and security sub objects of
their proxies work together to transform the users' requests into remote method invo-
cations, send them to appropriate replicas allowed to handle them, wait for the re-
turned values and present these values to the users.
3.5
CRISIS
CRISIS is the security component for WebOS, a system that extends OS services such
as security, remote process execution, resource management, and named persistent
storage to support wide area distributed application.
3.5.1 Web OS
WebOS is a system developed at the University of Berkeley in order to extend con-
ventional OS functionality in such a way as to simplify the use of geographically
dispersed resources. The main features of WebOS are [12]:
-
Resource discovery.
Includes mapping a service name to multiple servers, balanc-
ing load among available servers, and maintaining enough state to perform fail over
if a server becomes unavailable.
-
Wide area file system.
Extension of existing distributed file systems to wide area
applications running in a secure HTTP name space.
-
Security and authentication.
Define a trust model providing both security guaran-
tees and an interface for authenticating the identity of principals.
-
Process control.
Authenticate the identity of the requester and determine if the
proper access rights are held while, at the same time, ensure that the process does
not violate local system integrity and it does not consume more resources than the
local system administrator permits
.
3.5.2 Proposed Security Architecture
CRISIS assumes the presence of three basic entities, namely,
principals
, sources for
requests such as machines or users,
objects
, representing global recourses, and
refer-
ence monitors
, processes that determine whether or not to grand a given request. [13]
All statements in CRISIS, including statements of identity, statements of privilege,
and transfer of privilege are encoded in X.509 certificates. These certificates are
