Gunn, Ewan (2007) Authorisation and authentication of processes in distributed systems. Other thesis, Edinburgh Napier University.
Available under License Creative Commons Attribution Non-commercial.
Download (720kB) | Preview
Communications over a network from a specific computer have become increasingly more suspect, with the increase of various security breaches in operating systems. This has allowed malicious programs such as worms, trojans, zombies and bots to be developed that exploit these security holes and run without the user being any wiser about the infection on their computer.
The current work in the field of anti-virus protection focuses on detecting and removing any malicious software or spyware from a computer. This is proving effective, however it is merely a way of treating the symptoms instead of the illness. This project presents a hypothesis based on these situations, and attempts to prove the effectiveness of a protocol developed specifically to provide preventative measures to stop the spread of malicious software, based on authentication and subsequent authorisation.
Tools such as encryption, hashing, and digital certificates were investigated and marked for use in providing the protocol to prove the hypothesis, and a further investigation took place of the common principles in security in the computing paradigm such as the CIA and AAA sets of principles, which provided a specific context within which a protocol could be constructed. A discussion was made of the only protocol that was close to a solution to the hypothesis, Kerberos, along with any usefulness that that protocol might have in the situations the hypothesis is based in.
This was followed by a design of a new protocol, consisting of a methodology of protocol design used heavily in industry – that of communication analysis and finite state machines. A further proof-of-concept program was designed as well, to provide a facility to test the effectiveness and efficiency of the protocol. In all design considerations, the evaluation of such a system was a priority, and steps were taken at the design stage to provide an easy method to collect data results.
The system was implemented in a proof-of-concept program using an open-source alternative to the .NET framework developed by Microsoft, called mono. This development environment is cross platform and fully compliant with all versions of .NET provided by Microsoft, thereby providing a cross-platform solution to the problem described above. Specific concerns faced in implementation of such a protocol were raised, and measures taken to overcome these concerns presented, along with decisions made on options available in the implementation.
An analysis was made of the efficiency of the resulting system, by taking measurements of the time taken between request conception and the subsequent request completion. Baseline measures were made on this using a simple client/server program developed during mplementation that had the option of using the system or not, with the option not to use the system. These were compared to measurements made of the same system, however with the option to use the authorisation service enabled. A conclusion and discussion of the surprising results followed.
Lastly a critque of the project is made, along with a discussion of a theoretical situation where this system might prove beneficial; a general discussion on the benefits of promoting preventative measures for malicious software spread and any further work that could be carried out specifically on the id.
|Item Type:||Thesis (Other)|
|Uncontrolled Keywords:||Anti-virus protection; data security; security holes; malicious software; spyware; worms;trojans; zombies; bots; encryption; hashing; protocol; Kerberos; communication analysis; authorisation;|
|University Divisions/Research Centres:||Faculty of Engineering, Computing and Creative Industries > School of Computing|
|Dewey Decimal Subjects:||000 Computer science, information & general works > 000 Computer science, knowledge & systems > 005 Computer programming, programs & data > 005.8 Data security|
|Library of Congress Subjects:||Q Science > QA Mathematics > QA75 Electronic computers. Computer science|
|Depositing User:||Professor Bill Buchanan|
|Date Deposited:||06 Jan 2011 13:07|
|Last Modified:||12 Jan 2011 04:57|
Actions (login required)