I am looking at the security implications of distributed systems, and am trying to simplify the way that I can model individual machines within a distributed system interacting.
The importance of the way they interact is with regard to the data within each machine, and what they do with it. In a regular system, the main actions a machine will perform will be to either create data, move data, or destroy data. (I hope I haven't foolishly left anything obvious out). In security, it is pretty clear that each of these will have associated security implications.
What I was wondering about was a couple more actions which machines may perform, which I am unsure whether to differentiate from the functions I have already named, for reasons that I will explain.
Modifying data is one example of something which I am not sure whether to include or not. Modifying data can be considered to be creating data, and/or destroying data. The destroying part is optional but I cannot think of a reason to include it as a separate consideration for the model I intend to produce. As someone who keeps everything to the maximum simplification, I would only include it if there is a specific security implication which demonstrates that it is a different action to the creation of data, and I was wondering if anybody could think of a reason it could demonstrate that.
The other one I was unsure about was whether or not to differentiate between alternative instances of moving data. Lets name these actions sending data, and requesting the sending of data. Between two machines A and B, with B receiving data from A, upon finding they have been encrypted with the correct credentials, B accepts the data and considers it to be from A, and stores this data. If B also receives data from A, and this data is a command which requests data to be forwarded from B to either A or an outside party, should this be considered the same as B receiving data (but not as a command), or are there significant enough differences that I should consider them different to each other?
It seems that the second instance is more likely to be justifiable to differentiate, but at the same time any data which carries the right credentials can be a threat (if sent from a malicious attacker who has broken into the system).
What are people's thoughts on these questions please?
Aucun commentaire:
Enregistrer un commentaire