Research On Security Techniques Of Distributed Parallel System

Along with the development of Intemet,electronic commerce and electronicgovernment affair have rapid growth,there are pervasive requirement for highperformance computing.Distributed parallel system become more and more popularthan before.Whereas in the construction process of any distributed parallel system,there are so many vulnerabilities because of the incorrect development in the operatingsystem,network protocol and application program.So the distributed parallelcomputing system is confronted with lots of security risk,including vice code,networkwiretapping,buffer overflow,deny of service attacks.In order to prevent from thesesecurity risk,the paper has proposed three main countermeasures:identityauthentication and key agreement,distributed parallel access control system,distributedparallel intrusion detection system.First present the definition of distributed parallelsystem,and analyze the security risk and security technicques requirement.And analyzethe existent research conclusion and problem in domestic and overseas research groups,which is about security model,identity authentication and key agreement,distributedaccess control model,host based anomaly intrusion detection model,distributedintrusion detection model.Security model is the infrastructure of distributed parallel security system,and isthe collaboration and association framework which comprise security policy andsecurity mechanism also.This paper according to the P2DR security model,which ispolicy,protection,detection,response,associate the identity authentication and keyagreement,distributed parallel access control,distributed parallel intrusion detectionorganically.Identity authentication and key agreement is the base of communication securitybetween nodes in distributed parallel computing system.The paper has proposedidentity authentication and key agreement scheme base on discrete logarithm to finitefield.The scheme not only overcome the complexity of public key management basedon PKI/CA cryptography,but also eliminate the bottleneck of communication from CAauthentication center.The cryptography is applicable for fully distributed parallel system environment(AdHoc,DPLinux etc.).The analysis of security for thecryptography demonstrate:the cryptography can resist the message replay attacks andman in the middle attacks,and have nice feasibility in practice.Distributed parallel access control is the passive defense mechanism.It embody allentity of distributed parallel system is controlled state under the security policy.Alongwith the more stricter in scalability and changeability,the role based access controlmodel is applied popularly for flexible authorization.In order to express thecomplicated and dynamic access control authorization relations in the real world,weproposed a novel model——TD-RBAC(Task-based Dynamic RBAC).We describe theconcurrent transaction logic by the extended predicate task model and find out thedynamic constraint relations among the tasks by analyzing the concurrent executive netof tasks.And accordingly we extend the dynamic role constraint relations based on thetraditional RBAC.The analysis result of the performance evaluating shows that theTD-RBAC has favorable access control efficiency under the distributed parallelcomputing.In addition,the paper proposed a novel access control model:DPTRBAC(Distributed Parallel Task & Role Based Access Control).DPTRBACinosculate the virtue of RBAC and TBAC,and account for different semantic meanings.The semantic net debased the risk of access control in DPTRBAC model.Distributed parallel intrusion detection is the active defense mechanism.The paperfirstly proposed a spatial expended dimension character based intrusion detectionsystem:SEDIDS,the model abstract the access control model into multiply dimensionsecurity topology space,and the vulnerability is the channels between normal andmultiply dimension space.So the intrusion attacks will access fine granularity data thannormal.SEDIDS is more intuitionistic and exact because of detection integrity of dataentity in information system.In addition,the paper proposed a RBAC based hostanomaly intrusion detection system (ACBIDS),the analysis is the following:accesscontrol performance will descend due to better fine granularity,so access control modelhave macroscopical virtue.Meanwhile,intrusion detection will construct a normalaccess profile for complex information system,which is difficult,there are high falsepositive rate(FPR) and high false negative rate(FNR),so intrusion detection model havemicrocosmic virtue.ACBIDS solve the problem,implement low FPR and FNR.The era of distributed parallel computing,the resource is distributed,which result in vulnerability and risk is scatted.Thereby the attacks evolve distributed andcoordinated attack.The paper proposed fully distributed parallel misuse intrusiondetection model:DPACBIDS(Distributed Parallel Access Control Based IntrusionDetection System).The model constructed resource associate graph for dispatchinganomalous data among nodes in distributed parallel system.Which is constructed bymisuse distributed parallel intrusion character database and anomalous data itself.Thescheme debased the overhead of nodes communication.While the paper adapt improvedWu-Manbe match algorithm for anomalous data and intrusion character database,enhance the efficiency of matching.Consequently,the paper described computationalcomplexity analysis.The experiment show the DPACBIDS model debased thecommunication overhead between nodes,and have high response efficiency.