Abstract
We discuss research issues and models for vulnerabilities and threats in distributed computing systems. We present four diverse approaches to reducing system vulnerabilities and threats. They are: using fault tolerance and reliability principles for security, enhancing role-based access control with trust ratings, protecting privacy during data dissemination and collaboration, and applying fraud countermeasures for reducing threats.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Adam, N.R., Wortmann, J.C.: Security-Control Methods for Statistical Databases: A Comparative Study. ACM Computing Surveys 21(4) (December 1989)
The American Heritage Dictionary of the English Language, 4th edn. Houghton Mifflin (2000)
Ammann, P., Jajodia, S., Liu, P.: A Fault Tolerance Approach to Survivability. In: Computer Security, Dependability, and Assurance: From Needs to Solutions. IEEE Computer Society Press, Los Alamitos (1999)
Arbaugh, W.A., et al.: Windows of Vulnerability: A Case Study Analysis. IEEE Computer 33(12), 52–59 (2000)
Avizienis, A., Laprie, J.C., Randell, B.: Fundamental Concepts of Dependability. Research Report N01145, LAAS-CNRS, (April 2001)
Bhargava, A., Bhargava, B.: Applying fault-tolerance principles to security research. In: Proc. of IEEE Symposium on Reliable Distributed Systems, New Orleans (October 2001)
Bhargava, B.: Security in Mobile Networks. In: NSF Workshop on Context-Aware Mobile Database Management (CAMM), Brown University (January 2002)
Bhargava, B. (ed.): Concurrency Control and Reliability in Distributed Systems. Van Nostrand Reinhold, New York (1987)
Bhargava, B.: Vulnerabilities and Fraud in Computing Systems. In: Proc. Intl. Conf. IPSI, Sv. Stefan, Serbia and Montenegro (October 2003)
Bhargava, B., Kamisetty, S., Madria, S.: Fault-tolerant authentication and group key management in mobile computing. In: Intl. Conf. on Internet Comp., Las Vegas (June 2000)
Bhargava, B., Lilien, L.: Private and Trusted Collaborations. In: Proc. Secure Knowledge Management (SKM 2004): A Workshop, Amherst, NY (September 2004)
Bhargava, B., Zhong, Y.: Authorization Based on Evidence and Trust. In: Proc. Intl. Conf. on Data Warehousing and Knowledge Discovery DaWaK-2002, Aix-en-Provence, France (September 2002)
Bhargava, B., Zhong, Y., Lu, Y.: Fraud Formalization and Detection. In: Proc. Intl. Conf. on Data Warehousing and Knowledge Discovery DaWaK-2003, Prague, Czechia (September 2003)
Dacier, M., Deswarte, Y., Kaâniche, M.: Quantitative Assessment of Operational Security: Models and Tools, Technical Report, LAAS Report 96493 (May 1996)
Heintze, N., Tygar, J.D.: A Model for Secure Protocols and Their Compositions. IEEE Transactions on Software Engineering 22(1), 16–30 (1996)
Jonsson, E., et al.: On the Functional Relation Between Security and Dependability Impairments. In: Proc. 1999 Workshop on New Security Paradigms, pp. 104–111 (September 1999)
Krsul, I., Spafford, E.H., Tripunitara, M.: Computer Vulnerability Analysis, Technical Report, COAST TR 98-07, Dept. of Computer Sciences, Purdue University (1998)
Littlewood, B., et al.: Towards Operational Measures of Computer Security. Journal of Computer Security 2, 211–229 (1993)
Maymir-Ducharme, F., Clements, P.C., Wallnau, K., Krut, R.W.: The Unified Information Security Architecture, Technical Report, CMU/SEI-95-TR-015 (October 1995)
Mead, N.R., Ellison, R.J., Linger, R.C., Longstaff, T., McHugh, J.: Survivable Network Analysis Method, Tech. Rep. CMU/SEI-2000-TR-013, Pittsburgh, PA (September 2000)
Meadows, C.: Applying the Dependability Paradigm to Computer Security. In: Proc. Workshop on New Security Paradigms, pp. 75–81 (September 1995)
Meunier, P.C., Spafford, E.H.: Running the free vulnerability notification system Cassandra. In: Proc. 14th Annual Computer Security Incident Handling Conference, Hawaii (January 2002)
Ramakrishnan, C.R., Sekar, R.: Model-Based Analysis of Configuration Vulnerabilities. In: Proc. Second Intl. Workshop on Verification, Model Checking, and Abstract Interpretation (VMCAI 1998), Pisa, Italy (2000)
Randell, B.: Dependability—a Unifying Concept. In: Computer Security, Dependability, and Assurance: From Needs to Solutions. IEEE Computer Society Press, Los Alamitos (1999)
Rubin, A.D., Honeyman, P.: Formal Methods for the Analysis of Authentication Protocols, Tech. Rep. 93-7, Dept. of Electrical Engineering and Computer Science, University of Michigan (November 1993)
Song, G., et al.: CERIAS Classic Vulnerability Database User Manual, Technical Report 2000-17, CERIAS, Purdue University, West Lafayette, IN (2000)
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. In: NIST Special Publication 800-30, Washington, DC (2001)
Winslett, M., et al.: Negotiating trust on the web. IEEE Internet Computing Spec. Issue on Trust Management 6(6) (November 2002)
Zhong, Y., Lu, Y., Bhargava, B.: Dynamic Trust Production Based on Interaction Sequence, Tech. Rep. CSD-TR 03-006, Dept. Comp. Sciences, Purdue Univ (March 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bhargava, B., Lilien, L. (2004). Vulnerabilities and Threats in Distributed Systems. In: Ghosh, R.K., Mohanty, H. (eds) Distributed Computing and Internet Technology. ICDCIT 2004. Lecture Notes in Computer Science, vol 3347. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30555-2_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-30555-2_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24075-4
Online ISBN: 978-3-540-30555-2
eBook Packages: Computer ScienceComputer Science (R0)