Principles of Isolation – Part 1
October 19th, 2010 By shazkhan

This is part 1 in a series of 3 short essays to introduce the reader to the principles of isolation in distributed information systems.

Any typical information system is by nature a distributed application/system. Therefore we have a client side, a server side and a means of communication. As an information security professional you have to consider how to isolate different trust engines from being affected in a way that causes failure in security objectives of the trust engine and still provide sufficient interfaces to the engine so that business integrations can evolve without starting from scratch!

Trust Engine: Technically it is a protected logical unit of a set of activities that can be classified by its purpose/services, stakeholders, resources and the software stack it uses. Its classical meaning is associated with trust management for authorizing cross domain subjects.

In widely distributed systems where the computation or usage is done by systems that are beyond the authoritative domain of more then one stakeholder. Such application frameworks and systems need to provide something more than the conventional ACL used inside protected or closed systems. Cryptography is used with an equivalence mechanism to map subject attributes to certificates (X.509). This gets complicated as more and more applications and tiers are involved.

In part 2 of this article we will look closer at different end points with respect to the integration of security mechanisms. There might be some ambiguity when considering the word platform. Platform literally means a base for some particular activities. Normally it would be associated with hardware and operating system. For a distributed application it would include the application framework that spans one machine. A framework is conceptualization and and organization for a middleware (abstracting the OS and device) in this case.

1 Responses to " Principles of Isolation – Part 1 "
November 24th, 2010

I love google because they have a lot to offer in thing you can find

Leave a Reply