《分布式系统原理与范型：第2版》原书课件第9章.pptVIP

DISTRIBUTED SYSTEMSPrinciples and ParadigmsSecond EditionANDREW S. TANENBAUMMAARTEN VAN STEENChapter 9Security Security Threats, Policies, and Mechanisms Types of security threats to consider: Interception Interruption Modification Fabrication Example: The Globus Security Architecture (1) The environment consists of multiple administrative domains. Local operations are subject to a local domain security policy only. Global operations require the initiator to be known in each domain where the operation is carried out. Example: The Globus Security Architecture (2) Operations between entities in different domains require mutual authentication. Global authentication replaces local authentication. Controlling access to resources is subject to local security only. Users can delegate rights to processes. A group of processes in the same domain can share credentials. Example: The Globus Security Architecture (2) Figure 9-1. The Globus security architecture. Focus of Control (1) Figure 9-2. Three approaches for protection against security threats. (a) Protection against invalid operations Focus of Control (2) Figure 9-2. Three approaches for protection against security threats. (b) Protection against unauthorized invocations. Focus of Control (3) Figure 9-2. Three approaches for protection against security threats. (c) Protection against unauthorized users. Layering of Security Mechanisms (1) Figure 9-3. The logical organization of a distributed system into several layers. Layering of Security Mechanisms (2) Figure 9-4. Several sites connected through a wide-area backbone service. Distribution of Security Mechanisms Figure 9-5. The principle of RISSC as applied to secure distributed systems. Cryptography (1) Figure 9-6. Intruders and eavesdroppers in communication. Cryptography (2) Figure 9-7. Notation used in this chapter. Symmetric Cryptosystems: DES (1) Figure 9-8. (a) The principle of DES.  Symmetric Cryptosystems: DES (2) Figure 9-8. (b) Outline of one