COMP 9243 — Lecture 11 ( 19 T 3 )

An important aspect of dependability in distributed systems relates to security. There are two security related aspects of dependability: confidentiality and integrity. In a system that offers confidentiality, information will only be disclosed to (and services will only be provided to) authorised parties. A system that provides integrity will ensure that alterations (to data or services) can only be made in an authorised way. Furthermore, improper alterations will be detectable and recoverable. Confidentiality and integrity are generally provided through a combination of secure communication and authorisation. Secure communication is concerned with providing a secure communication channel between entities (such as users and processes) in a distributed system. A secure channel provides confidentiality in that data sent over such a channel will not be disclosed to unauthorised third parties. Likewise the integrity of data being sent over secure channels is protected because it cannot be tampered with by unauthorised third parties. Authorisation is concerned with allowing entities to only access those resources that they are entitled to access. This requires determining the identity of entities in the system and keeping track of which resources they are allowed to access, as well as monitoring which resources they attempt to access and preventing access to unauthorised resources. By definition authorisation is required for both confidentiality and integrity.