Research Student Profile

Home People Profile...

Prof. Simon J Shepherd PhD

Brief biographical information

Access thesis on-line

A Distributed Security Architecture for large scale systems

This thesis describes the research leading from the conception, through development, to the practical implementation of a comprehensive security architecture for use within, and as a value-added enhancement to, the ISO Open Systems Interconnection (OSI) model. The Comprehensive Security System (CSS) is arranged basically as an Application Layer service but can allow any of the ISO recommended security facilities to be provided at any layer of the model. It is suitable as an 'add-on' service to existing arrangements or can be fully integrated into new applications. For large scale, distributed processing operations, a network of security management centres (SMCs) is suggested, that can help to ensure that system misuse is minimised, and that flexible operation is provided in an efficient manner. The background to the OSI standards are covered in detail, followed by an introduction to security in open systems. A survey of existing techniques in formal analysis and verification is then presented. The architecture of the CSS is described in terms of a conceptual model using agents and protocols, followed by an extension of the CSS concept to a large scale network controlled by SMCs. A new approach to formal security analysis is described which is based on two main methodologies. Firstly, every function within the system is built from layers of provably secure sequences of finite state machines, using a recursive function to monitor and constrain the system to the desired state at all times. Secondly, the correctness of the protocols generated by the sequences to exchange security information and control data between agents in a distributed environment, is analysed in terms of a modified temporal Hoare logic. This is based on ideas concerning the validity of beliefs about the global state of a system as a result of actions performed by entities within the system, including the notion of timeliness. The two fundamental problems in number theory upon which the assumptions about the security of the finite state machine model rest are described, together with a comprehensive survey of the very latest progress in this area. Having assumed that the two problems will remain computationally intractable in the foreseeable future, the method is then applied to the formal analysis of some of the components of the Comprehensive Security System. A practical implementation of the CSS has been achieved as a demonstration system for a network of IBM Personal Computers connected via an Ethernet LAN, which fully meets the aims and objectives set out in Chapter 1. This implementation is described, and finally some comments are made on the possible future of research into security aspects of distributed systems.

Prof. Simon J Shepherd

Director of studies: Prof Peter Sanders
Other supervisors: Dr Colin T Stockel

Journal papers

The Quadratic Residue Cipher and some Notes on Implementation
Shepherd SJ, Sanders P, Stockel CT
Cryptologia, June, 1993
More details

A Comprehensive Security System - the Concepts, Agents and Protocols
Shepherd SJ, Sanders P, Patel A
Computers & Security, vol. 9, pp631-643, 1990
More details

2 Journal papers

Conference papers

A Distributed Security Architecture for Large Scale Systems
Shepherd SJ, Sanders P
Proceedings of the International Federation of Information Processing (IFIP) International Workshop on Distributed Systems Operations and Management, Berlin, 22-23 October, 1990
More details

1 Conference papers

3 publication(s) - all categories.