The Nature of Security

<#816#>#tex2html_wrap3850#<#816#> This chapter discusses the need for security in a distributed system and the basic principles of security in distributed systems. Security is not a component of a distributed system which can be added as an afterthought. Security is a quality that a system has with regard to the information in the system and the processing of that information. As such, security has to be designed into a system from the beginning. Unfortunately, there is no readily agreed definition for security so it is impossible to say `this system has security' in the same way we may say 'this car is red'. This is because each system has different requirements for security which are set out by the of the system. The person responsible for the security of a distributed system is called the Security Administrator. This person will translate the enterprise requirements for security into a security policy and ensure that the appropriate mechanisms are used in the distributed system to enforce the policy. The security requirements for each system are set down in a security policy. A security policy is a set of statements which the components of the system must adhere to. The statements will dictate the way the system will be run such that, if the policy is correctly maintained, then the system will be secure as defined by the policy. Examples of policy statements might be: To support the implementation of the security policy a number of security concepts have to be designed into the system, these are discussed in this chapter. The placement and use of security mechanisms to implement the concepts will be dictated by a model. The problems of security in distributed systems (as opposed to stand alone computers) are compounded by the need to protect information during communication and by the need for the individual components to work together. The problems of getting all of the individual components of the distributed system to work as a single unit requires some degree of trust. <#817#>#tex2html_wrap3852#<#817#> There is no such thing as an insecure network. Only end systems need be secure. The network can do little to help with security (although users of it could do a lot to undermine it!). This is key to understanding where security mechanisms are placed. <#818#>#tex2html_wrap3854#<#818#>