EFFICIENT RUNTIME SECURITY SYSTEM FOR DECENTRALISED DISTRIBUTED SYSTEMS

Distributed systems can be defined as systems that are scattered over geographical distances and provide different activities through communication, processing, data transfer and so on. Thus, increasing the cooperation, efficiency, and reliability to deal with users and data resources jointly. For this reason, distributed systems have been shown to be a promising infrastructure for most applications in the digital world. Despite their advantages, keeping these systems secure, is a complex task because of the unconventional nature of distributed systems which can produce many security problems like phishing, denial of services or eavesdropping. Therefore, adopting security and privacy policies in distributed systems will increase the trustworthiness between the users and these systems. However, adding or updating security is considered one of the most challenging concerns and this relies on various security vulnerabilities which existing in distributed systems. The most significant one is inserting or modifying a new security concern or even removing it according to the security status which may appear at runtime. Moreover, these problems will be exacerbated when the system adopts the multi-hop concept as a way to deal with transmitting and processing information. This can pose many significant security challenges especially if dealing with decentralized distributed systems and the security must be furnished as end-to-end. Unfortunately, existing solutions are insufficient to deal with these problems like CORBA which is considered a one-to-one relationship only, or DSAW which deals with end-to-end security but without taking into account the possibility of changing information sensitivity during runtime. This thesis provides a proposed mechanism for enforcing security policies and dealing with distributed systems’ security weakness in term of the software perspective. The proposed solution utilised Aspect-Oriented Programming (AOP), to address security concerns during compilation and running time. The proposed solution is based on a decentralized distributed system that adopts the multi-hop concept to deal with different requested tasks. The proposed system focused on how to achieve high accuracy, data integrity and high efficiency of the distributed system in real time. This is done through modularising the most efficient security solutions, Access Control and Cryptography, by using Aspect-Oriented Programming language. The experiments’ results show the proposed solution overcomes the shortage of the existing solutions by fully integrating with the decentralized distributed system to achieve dynamic, high cooperation, high performance and end-to-end holistic security

Tipski sistemi za kontrolu memorije i prava pristupa

Three issues will be elaborated and disussed in the proposed thesis. The first is administration and control of data access rights in networks with XML data, with emphasis on data security. The second is the administration and control of access rights to data in computer networks with RDF data, with emphasis on data privacy. The third is prevention of errors and memory leaks, as well as communication errors, generated by programs written in Sing # language in the presence of exceptions. For all three issues, there will be presented formal models with corresponding type systems and showed the absence of undesired behavior i.e. errors in networks or programs.У тези су разматрана три проблема. Први је администрација и контрола права приступа података у рачунарској мрежи са XML подацима, са нагласком на безбедости посматраних података. Други је администрација и котрола права приступа подацима у рачунарској мрежи са RDF подацима, са нагласком на приватности посматраних података. Трећи је превенција грешака и цурења меморије, као и грешака у комуникацији генерисаним програмима написаних на језику Sing# у којима су присутни изузеци. За сва три проблема биће предложени формални модели и одговарајући типски системи помоћу којих се показује одсуство неповољних понашања тј. грешака у мрежама односно програмима.U tezi su razmatrana tri problema. Prvi je administracija i kontrola prava pristupa podataka u računarskoj mreži sa XML podacima, sa naglaskom na bezbedosti posmatranih podataka. Drugi je administracija i kotrola prava pristupa podacima u računarskoj mreži sa RDF podacima, sa naglaskom na privatnosti posmatranih podataka. Treći je prevencija grešaka i curenja memorije, kao i grešaka u komunikaciji generisanim programima napisanih na jeziku Sing# u kojima su prisutni izuzeci. Za sva tri problema biće predloženi formalni modeli i odgovarajući tipski sistemi pomoću kojih se pokazuje odsustvo nepovoljnih ponašanja tj. grešaka u mrežama odnosno programima