Security for Automated, Distributed Configuration Management
نویسندگان
چکیده
Installation, configuration, and administration of desktop software is a non-trivial process. Even a simple application can have numerous dependencies on hardware, device drivers, operating system versions, dynamically linked libraries, and even on other applications. These dependencies can cause surprising failures during the normal process of installations, updates and re-configurations. Diagnosing and resolving such failures involves detailed knowledge of the hardware and software installed in the machine, configuration manifests of particular applications, version incompatibilities, etc. This is usually too hard for end-users, and even for technical support personnel, specially in small businesses. It may be necessary to involve software vendors and outside consultants or laboratories. Employees working on sensitive, proprietary projects may even have to resort to calling the help line of an application vendor and discussing details of their desktop configuration. In order establish valid licensing, the user may be forced to disclose additional details such as the user’s identity, machine identification, software serial number, etc. This type of disclosure may reveal proprietary information or (worse) security vulnerabilities, and increase the risk of attack by hackers or cyber-criminals. An adequate solution to the distributed configuration management problem needs to address the security concerns of users, administrators, software vendors and outside consultants: keeping details of installations private, authenticating licensed users and software vendors, protecting the integrity of software, secure delegation across administrative boundaries, and protecting proprietary information. Existing commercial and research systems [12, 8] provide distributed configuration management by distributing configuration information and software over local and wide-area networks. They provide flexible, automated, distributed configuration management. However, many or most of the security issues listed above remain to be addressed. These issues are the central focus of our research. ∗Address for the first two authors: Dept. of Computer Science, Room 2063, Engineering Unit II, Davis, CA 95616. Last author: CertCo Inc., 55 Broad St., Suite 22, New York City, NY 10004
منابع مشابه
Techniques for security configuration management in distributed information systems. (Approches pour la gestion de configurations de sécurité dans les systèmes d'information distribués)
THE security of nowadays IT services significantly depends on the correct configuration of increasingly distributed information systems. At the same time, the management of security configurations is still heavily centered on human activities, which are costly and prone to error. Over the last decade it has been repeatedly reported that a significant share of security incidents and data breache...
متن کاملDynamic configuration and collaborative scheduling in supply chains based on scalable multi-agent architecture
Due to diversified and frequently changing demands from customers, technological advances and global competition, manufacturers rely on collaboration with their business partners to share costs, risks and expertise. How to take advantage of advancement of technologies to effectively support operations and create competitive advantage is critical for manufacturers to survive. To respond to these...
متن کاملFully Distributed Service Configuration Management
Configuration management in today’s data centers is largely a human activity. Where automation does exist it is usually implemented by centralized management tools that coordinate configuration actions across the entire infrastructure and applications. These systems are limited in scale, reliability, and security. We propose that dependable service configuration management is more naturally imp...
متن کاملScalable model-based configuration management of security services in complex enterprise networks
Security administrators face the challenge of designing, deploying and maintaining a variety of configuration files related to security systems, especially in large-scale networks. These files have heterogeneous syntaxes and follow differing semantic concepts. Nevertheless, they are interdependent due to security services having to cooperate and their configuration to be consistent with each ot...
متن کاملTowards Self-Configuring Networks
Current networks require ad-hoc operating procedures by expert administrators to handle changes. These configuration management operations are costly and error prone. Active networks[2, 3] involve particularly fast dynamics of change that cannot depend on operators and must be automated. This paper describes an architecture called NESTOR that seeks to replace labor-intensive configuration manag...
متن کامل