What are open and closed data sets


1. Basic problems of data protection and data security

1.6 Open systems and reliability


Information technology today: Open and distributed systems

  • Hardware (PCs - also as servers, workstations)
  • Operating systems (UNIX, MS-Windows, MacOS)
  • Networks (local and global networks)

Goals of openness:

  • Manufacturer independence,
  • Interchangeability of components,
  • Compliance with standards,
  • Integrability.

Disadvantage:

  • Lack of security,
  • no protection through ignorance - the systems are generally known down to the last bit -,
  • easy accessibility,
  • unprotected data storage and transmission.

Open and closed systems

[no exact definition]

Closed system:

  • At every level it is effectively and reliably prevented that unauthorized persons can manipulate the system.
  • Everything is forbidden and also impossible that is not expressly allowed.
  • The principle of minimum rights (`need to know ') prevails.

Open system:

  • Tampering is not effectively prevented.
  • Everything is allowed that is not expressly forbidden,
  • ... and even a lot more is possible - there are no significant obstacles in the way of criminal energy.

Distributed Systems

Programs and data distributed over several computers.

Examples:

  • Client-server architectures,
  • Network file systems (NFS, MS Shares), SAN = Storage Area Networks, Internet file system, outsourcing of data storage or backups to Internet service providers,
  • distributed databases,
  • electronic patient files in the hospital information system or doctor network,
  • Groupware,
  • World Wide Web,
  • Mobile agents,
  • Microsoft's ".NET".

Problems:

  • Data transmission over the network.
  • Authenticity of the communication partner.
  • Insufficient technical protection of the "property":
    • Where is the data physically located?
    • The further the information is distributed, the more difficult it becomes to protect it.
  • Complicated trust relationships (weakest link principle).

... and even more problems:

With the distribution of information processing across multiple systems, security responsibility is also distributed and becomes more difficult to keep track of.

The attempt to improve the performance of the overall system through closer coupling of the subsystems inevitably leads to an increase in complexity and thus to lower reliability.

Error handling in a distributed system is very complex.

Distributed systems are very susceptible to DoS = "Denial-of-Service" attacks (attacks on availability).
Leslie Lamport: A distributed system is one in which the failure of a computer you didn't even know existed can render your own computer unusable.

Distributed systems are very susceptible to the spread of malware (»worms«, »viruses«, »Trojan horses«).

See also:


Security requirements in open and distributed systems

  • Encrypted data storage.
  • Encrypted communication (data transmission).
  • Verifiable access control:
    • system-wide defined access matrix,
    • decentralized role assignment.
  • Commitment and Integrity of
    • Information generation and storage,
    • Server performance requirements,
    • Communication relationships.
  • Tap-proof and forgery-proof authentication of communication partners (people and machines).
  • Control of internal and external network connections.
  • Minimizing the assumptions of trust.
  • Security architecture (e.g. based on CORBA):
    • Distributed objects and services that
    • communicate with objects that offer security services
    • based on cryptographic protocols

Scenario:

  • A server object receives a request for a data record from a client object.
  • The client object identifies itself with the help of a cryptographic »credential«.
  • The server object checks whether the »credential« has been issued by a trustworthy entity (TTP = Trusted Third Party Service) and whether the client is authentic.
  • The server object queries an authorization service as to whether the client has the necessary rights based on the access matrix and role assignment (e.g. doctor on duty)
  • ... fetches the requested data from its encrypted data storage if necessary
  • ... and issues it via an encrypted communication link.

Summary

Today, data and information processing as well as communication are predominantly found in open systems instead of. These systems are initially without further action completely unsure.

The processing and storage of data in such open systems cannot be reconciled with data protection regulations and the concept of reliability.

The essential basis for solving these problems lies in cryptology.


Threats to PC security

Dangers in NT systems

Dangers in Unix systems

Network security threats

Passwords

Security in standard software


Lecture on data protection and data security, Johannes Gutenberg University Mainz
Author: Klaus Pommerening, March 31, 1999; last change: November 16, 2001.
email to
.