Tuesday, April 28, 2009
Many large distributed systems have on success criterion in common – identity (management). This is true for social networks (we all love to be part of), e-commerce platforms, systems operated in the clouds as well as for networks in the realm of automated demand/supply operation (aka Smart Grids). The requirements are not new at all: the identity of a large number of participants must be handled in a way that peers can trust each other based on one or more identity providers. Identity is needed for authentication in order to enforce access control to a resource (a website with profile information, a virtual shopping cart, a database table, a data point, whatever). It’s about the identity of the subject (the source) which has initiated the request to get access to a resource. Before the access rules can be applied (authorization), this authentication must be handled in a trustworthy way. This is complex to achieve, especially in case of multiple domains that operate their own realm of trust. This kind of trust is a precious thing that needs to be protected and maintained. Beside all theory and technical details, it (the precious thing of digital identities in an existing community) is an important asset. A social network identity could be used to get access granted to other resources like a virtual shopping mall or a booking engine for last minute flights. More scenarios are obvious ….
Sunday, April 19, 2009
Friday, April 17, 2009
I recognized recently that I blog a lot about computer security (because of several reasons). This is definitely not a boring topic. On the contrary, it’s complex, fascinating and a fast moving target. You need a decent understanding in computer science to keep up with all the things going on out there. On the other hand, the area of system security (comprising computer and network security) is full of misconceptions. Too many people still believe that a firewall is the silver bullet to keep out attackers, worms and other malware. I don’t comment on that anymore. But this never ending discussion leads me to one of my core competences – software architecture and all the team, communication and development related aspects. A software architect needs to understand stakeholder needs. Typical stakeholders are end user, developer, test stuff, marketing folks, project manager, just to name a couple of them. But understanding and documenting is not enough. A stable and successful architecture balances stakeholder needs and reflects this in all their lifecycle stages, from requirement management until testing, delivery and maintenance. I know this happens just in theory, in an ideal world somewhere in a software glasshouse. But we should strive to come closer. Achieving tradeoffs is an important success criterion in the process of creating a stable and lasting architecture. These tradeoffs should be the result of negotiations with the ultimate goal to come to a win-win situation for all participants (àstakeholders). From the technical perspective, most of the tradeoffs must be achieved between functional and non-functional requirements (aka quality attributes). From this we see that there is s strong link to security as an essential quality attribute in a connected world of ubiquitous computing and routed protocols. Many design decisions in the scope of security architecture are in marked contrast to the ideas of usability folks and the needs of project management. But these contradictions must be addressed and resolved, which might be a tough job. Anyhow, for the sake of a successful product achieving broad market acceptance, failing in balancing stakeholders needs is not option.
Wednesday, April 01, 2009
The current issue of ACM Queue puts Web Security in focus. One article is titled Cybercrime 2.0: When the Cloud Turns Dark. In essence, it is really hard to disagree. I could just add a couple of web attack scenarios based on update services or instant messaging. A lack of security in the design of web applications and the underlying infrastructure is the root cause, as stated in the conclusion of the article. But it is really hard to see some kind of remedy in the near future. On the contrary, new solutions like offline web-applications, cloud computing and the so called Web-OS are all based on vulnerable technologies but connect a large number of users and machines. This will increase the attack surface because each single hole in the system might give an attacker access to a large network of assets and services. Some people call these new applications and architecture already Web 3.0. Unfortunately, nothing has changed in terms of security.