This chapter discusses the need for security in a distributed
system and the basic principles of security in distributed systems.
Security is not a component of a distributed system which can be added
as an afterthought. Security is a quality that a system has with regard
to the information in the system and the processing of that information.
As such, security has to be designed into a system from the beginning.
Unfortunately, there is no readily agreed definition for security
so it is impossible to say `this system has security' in the
same way we may say 'this car is red'. This is because each
system has different requirements for security which are set out by
the of the system.
The person responsible for the security of a distributed system is
called the Security Administrator. This person will translate the
enterprise requirements for security into a security policy and ensure
that the appropriate mechanisms are used in the distributed system
to enforce the policy.
The security requirements for each system are set down in a security
policy. A security policy is a set of statements which the components
of the system must adhere to. The statements will dictate the way
the system will be run such that, if the policy is correctly maintained,
then the system will be secure as defined by the policy. Examples
of policy statements might be:
To support the implementation of the security policy a number of security
concepts have to be designed into the system, these are discussed
in this chapter. The placement and use of security mechanisms to implement
the concepts will be dictated by a model.
The problems of security in distributed systems (as opposed to stand
alone computers) are compounded by the need to protect information
during communication and by the need for the individual components
to work together. The problems of getting all of the individual components
of the distributed system to work as a single unit requires some degree
There is no such thing as an insecure network. Only end systems need
be secure. The network can do little to help with security (although users
of it could do a lot to undermine it!). This is key to understanding where
mechanisms are placed.
Only a goods inwards clerk is able to add items to the inventory
Only an accounts payable clerk can raise a cheque against
All documents which are classified as `company confidential'
must be kept on computers which are not available to non-employees.
All data transferred between company computers must be encrypted
Computers is secure computer rooms cannot be used with operator
privileges from terminals outside the computer room.