Security is one of the leading concerns in developing dependable distributed systems of today, since the integration of different components in a distributed manner creates new security problems and issues. Service oriented architectures, the Web, grid computing and virtualization – form the backbone of today’s distributed systems. A lens to security issues in distributed systems is best provided via deeper exploration of security concerns and solutions in these technologies.
Distributed Systems Security provides a holistic insight into current security issues, processes, and solutions, and maps out future directions in the context of today’s distributed systems. This insight is elucidated by modeling of modern day distributed systems using a four-tier logical model –host layer, infrastructure layer, application layer, and service layer (bottom to top). The authors provide an in-depth coverage of security threats and issues across these tiers. Additionally the authors describe the approaches required for efficient security engineering, alongside exploring how existing solutions can be leveraged or enhanced to proactively meet the dynamic needs of security for the next-generation distributed systems. The practical issues thereof are reinforced via practical case studies.
Distributed Systems Security:
- Presents an overview of distributed systems security issues, including threats, trends, standards and solutions.
- Discusses threats and vulnerabilities in different layers namely the host, infrastructure, application, and service layer to provide a holistic and practical, contemporary view of enterprise architectures.
- Provides practical insights into developing current-day distributed systems security using realistic case studies.
This book will be of invaluable interest to software engineers, developers, network professionals and technical/enterprise architects working in the field of distributed systems security. Managers and CIOs, researchers and advanced students will also find this book insightful.
1.2 Distributed Systems.
1.3 Distributed Systems Security.
1.4 About the Book.
Chapter 2: Security Engineering.
2.2 Secure Development Life Cycle Processes – An Overview.
2.3 A Typical Security Engineering Process.
2.4 Important Security Engineering Guidelines and Resources.
Chapter 3. Common Security Issues and Technologies.
3.1 Security Issues.
3.2 Common Security Techniques.
Chapter 4 – Host level Threats and Vulnerabilities.
4.4 Job faults.
4.5 Resource starvation.
4.7 Privilege escalation.
4.8 Injection attacks.
Chapter 5 – Infrastructure Level Threats & Vulnerabilities.
5.2 Network Level Threats and Vulnerabilities.
5.3 Grid Computing Threats and Vulnerabilities.
5.4 Storage Threats and Vulnerabilities.
Chapter 6: Application Level Vulnerabilities and Attacks.
6.2 Application Layer Vulnerabilities.
Chapter 7 – Service Level Issues, Threats and Vulnerabilities.
7.2 SOA and Role of Standards.
7.3 Service Level Security Requirements.
7.4 Service Level Threats and Vulnerabilities.
7.5 Service Level Attacks.
7.6 Services Threat Profile.
Chapter 8: Host level Solutions.
8.4 Resource Management
8.5 Proof carrying code.
8.6 Memory firewall
8.7 Anti malware.
Chapter 9 – Infrastructure Level Solutions
9.2 Network Level Solutions.
9.3 Grid Level Solutions.
9.4 Storage Level Solutions.
Chapter 10: Application Level Solutions.
10.2 Application Level Security Solutions.
Chapter 11 – Service Level Solutions.
11.2 Services Security Policy.
11.3 SOA Security standards stack.
11.4 Standards in Depth.
11.5 Deployment Architectures for SOA Security.
11.6 Managing Service Level Threats.
11.7 Service Threat Solution Mapping.
11.8 XML Firewall Configuration-Threat Mapping.
Chapter 12 - Case Study – Compliance in Financial Services.
12.2 SOX compliance.
12.3 SOX Security Solutions.
12.4 Multi-level policy driven solution architecture.
Chapter 13 – Case Study of Grid.
13.2 Financial Application.
13.3 Security Requirements Analysis.
13.4 Final Security Architecture.
Chapter 14: Future directions and Conclusions.
14.1 Future directions.
Anirban Chakrabarti Infosys Technologies, India.
Harigopal Ponnapalli Infosys Technologies Limited.
Niranjan Varadarajan Infosys Technologies Ltd..
Srinivas Padmanabhuni Infosys Technologies Ltd..
Srikanth Sundarrajan Infosys Technologies Ltd.