Vulnerabilities and Threats in Distributed Systems

We discuss research issues and models for vulnerabilities and threats in distributed computing systems. We present four diverse approaches to reducing system vulnerabilities and threats. They are: using fault tolerance and reliability principles for security, enhancing role-based access control with trust ratings, protecting privacy during data dissemination and collaboration, and applying fraud countermeasures for reducing threats.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

• Get 10 units per month
• Download Article/Chapter or eBook
• 1 Unit = 1 Article or 1 Chapter
• Cancel anytime

Buy Now

eBook EUR 42.79 Price includes VAT (France)

Softcover Book EUR 52.74 Price includes VAT (France)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Preview

Similar content being viewed by others

The Distributed Ledger Technology as Development Platform for Distributed Information Systems

TREDISEC: Trust-Aware REliable and Distributed Information SEcurity in the Cloud

Distributed Operating System Security and Protection: A Short Survey

References

1. Adam, N.R., Wortmann, J.C.: Security-Control Methods for Statistical Databases: A Comparative Study. ACM Computing Surveys 21(4) (December 1989) Google Scholar
2. The American Heritage Dictionary of the English Language, 4th edn. Houghton Mifflin (2000) Google Scholar
3. Ammann, P., Jajodia, S., Liu, P.: A Fault Tolerance Approach to Survivability. In: Computer Security, Dependability, and Assurance: From Needs to Solutions. IEEE Computer Society Press, Los Alamitos (1999) Google Scholar
4. Arbaugh, W.A., et al.: Windows of Vulnerability: A Case Study Analysis. IEEE Computer 33(12), 52–59 (2000) Google Scholar
5. Avizienis, A., Laprie, J.C., Randell, B.: Fundamental Concepts of Dependability. Research Report N01145, LAAS-CNRS, (April 2001) Google Scholar
6. Bhargava, A., Bhargava, B.: Applying fault-tolerance principles to security research. In: Proc. of IEEE Symposium on Reliable Distributed Systems, New Orleans (October 2001) Google Scholar
7. Bhargava, B.: Security in Mobile Networks. In: NSF Workshop on Context-Aware Mobile Database Management (CAMM), Brown University (January 2002) Google Scholar
8. Bhargava, B. (ed.): Concurrency Control and Reliability in Distributed Systems. Van Nostrand Reinhold, New York (1987) Google Scholar
9. Bhargava, B.: Vulnerabilities and Fraud in Computing Systems. In: Proc. Intl. Conf. IPSI, Sv. Stefan, Serbia and Montenegro (October 2003) Google Scholar
10. Bhargava, B., Kamisetty, S., Madria, S.: Fault-tolerant authentication and group key management in mobile computing. In: Intl. Conf. on Internet Comp., Las Vegas (June 2000) Google Scholar
11. Bhargava, B., Lilien, L.: Private and Trusted Collaborations. In: Proc. Secure Knowledge Management (SKM 2004): A Workshop, Amherst, NY (September 2004) Google Scholar
12. Bhargava, B., Zhong, Y.: Authorization Based on Evidence and Trust. In: Proc. Intl. Conf. on Data Warehousing and Knowledge Discovery DaWaK-2002, Aix-en-Provence, France (September 2002) Google Scholar
13. Bhargava, B., Zhong, Y., Lu, Y.: Fraud Formalization and Detection. In: Proc. Intl. Conf. on Data Warehousing and Knowledge Discovery DaWaK-2003, Prague, Czechia (September 2003) Google Scholar
14. Dacier, M., Deswarte, Y., Kaâniche, M.: Quantitative Assessment of Operational Security: Models and Tools, Technical Report, LAAS Report 96493 (May 1996) Google Scholar
15. Heintze, N., Tygar, J.D.: A Model for Secure Protocols and Their Compositions. IEEE Transactions on Software Engineering 22(1), 16–30 (1996) ArticleGoogle Scholar
16. Jonsson, E., et al.: On the Functional Relation Between Security and Dependability Impairments. In: Proc. 1999 Workshop on New Security Paradigms, pp. 104–111 (September 1999) Google Scholar
17. Krsul, I., Spafford, E.H., Tripunitara, M.: Computer Vulnerability Analysis, Technical Report, COAST TR 98-07, Dept. of Computer Sciences, Purdue University (1998) Google Scholar
18. Littlewood, B., et al.: Towards Operational Measures of Computer Security. Journal of Computer Security 2, 211–229 (1993) Google Scholar
19. Maymir-Ducharme, F., Clements, P.C., Wallnau, K., Krut, R.W.: The Unified Information Security Architecture, Technical Report, CMU/SEI-95-TR-015 (October 1995) Google Scholar
20. Mead, N.R., Ellison, R.J., Linger, R.C., Longstaff, T., McHugh, J.: Survivable Network Analysis Method, Tech. Rep. CMU/SEI-2000-TR-013, Pittsburgh, PA (September 2000) Google Scholar
21. Meadows, C.: Applying the Dependability Paradigm to Computer Security. In: Proc. Workshop on New Security Paradigms, pp. 75–81 (September 1995) Google Scholar
22. Meunier, P.C., Spafford, E.H.: Running the free vulnerability notification system Cassandra. In: Proc. 14th Annual Computer Security Incident Handling Conference, Hawaii (January 2002) Google Scholar
23. Ramakrishnan, C.R., Sekar, R.: Model-Based Analysis of Configuration Vulnerabilities. In: Proc. Second Intl. Workshop on Verification, Model Checking, and Abstract Interpretation (VMCAI 1998), Pisa, Italy (2000) Google Scholar
24. Randell, B.: Dependability—a Unifying Concept. In: Computer Security, Dependability, and Assurance: From Needs to Solutions. IEEE Computer Society Press, Los Alamitos (1999) Google Scholar
25. Rubin, A.D., Honeyman, P.: Formal Methods for the Analysis of Authentication Protocols, Tech. Rep. 93-7, Dept. of Electrical Engineering and Computer Science, University of Michigan (November 1993) Google Scholar
26. Song, G., et al.: CERIAS Classic Vulnerability Database User Manual, Technical Report 2000-17, CERIAS, Purdue University, West Lafayette, IN (2000) Google Scholar
27. Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. In: NIST Special Publication 800-30, Washington, DC (2001) Google Scholar
28. Winslett, M., et al.: Negotiating trust on the web. IEEE Internet Computing Spec. Issue on Trust Management 6(6) (November 2002) Google Scholar
29. Zhong, Y., Lu, Y., Bhargava, B.: Dynamic Trust Production Based on Interaction Sequence, Tech. Rep. CSD-TR 03-006, Dept. Comp. Sciences, Purdue Univ (March 2003) Google Scholar

Author information

Authors and Affiliations

1. Department of Computer Sciences and Center for Education, and Research in Information Assurance and Security (CERIAS), Purdue University, West Lafayette, IN, 47907, USA Bharat Bhargava & Leszek Lilien

1. Bharat Bhargava

Editor information

Editors and Affiliations

1. Department of Computer Science and Engineering, Indian Institute of Technology, Kanpur, India R. K. Ghosh
2. Department of Computer and Information Science, University of Hyderabad, Central University PO, 500 046, AP, India Hrushikesha Mohanty

Rights and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bhargava, B., Lilien, L. (2004). Vulnerabilities and Threats in Distributed Systems. In: Ghosh, R.K., Mohanty, H. (eds) Distributed Computing and Internet Technology. ICDCIT 2004. Lecture Notes in Computer Science, vol 3347. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30555-2_18

Download citation

• .RIS
• .ENW
• .BIB

• DOI : https://doi.org/10.1007/978-3-540-30555-2_18
• Publisher Name : Springer, Berlin, Heidelberg
• Print ISBN : 978-3-540-24075-4
• Online ISBN : 978-3-540-30555-2
• eBook Packages : Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Get shareable link

Sorry, a shareable link is not currently available for this article.

Copy to clipboard

Provided by the Springer Nature SharedIt content-sharing initiative