Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2004-5 Ravi Sandhu www.list.gmu.edu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University.

Published byMary Weeks Modified over 10 years ago

Similar presentations

Presentation on theme: "© 2004-5 Ravi Sandhu www.list.gmu.edu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University."— Presentation transcript:

1 © 2004-5 Ravi Sandhu www.list.gmu.edu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University www.list.gmu.edu sandhu@gmu.edu

2 © 2004 Ravi Sandhu www.list.gmu.edu 2 Mainframe Client-Server P2P Mainframe era: 1970s Dumb terminals connected to a big mainframe Mainframes possibly networked together Client-server: Late 1980s Many clients, 1 user per client Dedicated servers Single client can access multiple servers Significant computing resources on client Peer-to-Peer (P2P) Late 1990s Each computer is a client and a server Takes on whatever role is appropriate for a given task at a given time Harnesses computing and communication power of the entire network

3 © 2004 Ravi Sandhu www.list.gmu.edu 3 P2P versus Client-Server: Idealized View From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

4 © 2004 Ravi Sandhu www.list.gmu.edu 4 No Clear Border From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

5 © 2004 Ravi Sandhu www.list.gmu.edu 5 Hybrid P2P Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

6 © 2004 Ravi Sandhu www.list.gmu.edu 6 P2P Perspective From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

7 © 2004 Ravi Sandhu www.list.gmu.edu 7 Napster From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

8 © 2004 Ravi Sandhu www.list.gmu.edu 8 Power Server From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

9 © 2004 Ravi Sandhu www.list.gmu.edu 9 Power Server Coordinator From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

10 © 2004 Ravi Sandhu www.list.gmu.edu 10 Comparison of Different P2P Models From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003

11 © 2004 Ravi Sandhu www.list.gmu.edu 11 Taxonomy of Computer Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

12 © 2004 Ravi Sandhu www.list.gmu.edu 12 Taxonomy of P2P Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

13 © 2004 Ravi Sandhu www.list.gmu.edu 13 Classification of P2P Systems From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

14 © 2004 Ravi Sandhu www.list.gmu.edu 14 Taxonomy of P2P Applications From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

15 © 2004 Ravi Sandhu www.list.gmu.edu 15 Taxonomy of P2P Markets From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

16 © 2004 Ravi Sandhu www.list.gmu.edu 16 P2P Markets versus P2P Applications From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

17 © 2004 Ravi Sandhu www.list.gmu.edu 17 P2P System Architecture From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

18 © 2004 Ravi Sandhu www.list.gmu.edu 18 Security Issues in P2P Systems Many old issues carry over New issues emerge Old issues are re-emphasized

19 © 2004 Ravi Sandhu www.list.gmu.edu 19 Security Protection against malicious downloaded P2P application code Enabling technologies Java sandboxing Trusted computing From THE FUTURE OF PEER-TO-PEER COMPUTING, Loo, CACM Sept 2003 Old issue re-emphasized

20 © 2004 Ravi Sandhu www.list.gmu.edu 20 Security (claimed to be new issues) Multi-key encryption Annonymity requirement for Publius Sandboxing Digital Rights Management Reputation and Accountability Firewall Traversal and Hidden Peers From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

21 © 2004 Ravi Sandhu www.list.gmu.edu 21 Annonymity (is this a security issue?) From Peer-to-Peer Computing, Milojicic et al, HP Laboratories, HPL-2002-57, March 8th, 2002

22 © 2004 Ravi Sandhu www.list.gmu.edu 22 Security in Data Sharing Systems Availability DOS attack, e.g., chosen-victim attack –Use amplification mechanism of P2P system File availability File authenticity How do I know this is the file I am looking for? Anonymity Lots of work in this area Need anonymity at all layers of the network stack Access Control DRM Usage Control From Open Problems in Data-Sharing Peer-to-Peer Systems, Neil Daswani, Hector Garcia-Molina, and Beverly Yang, LNCS 2572, pp. 1–15, 2003.

23 © 2004 Ravi Sandhu www.list.gmu.edu 23 Security in Data Sharing Systems (P2P Overlay Networks) Routing Secure nodeId assignment Robust routing primitives Ejecting misbehaving nodes Storage Quota architectures Distributed auditing Other forms of fairness Trust From A Survey of Peer-to-Peer Security Issues, Dan S.Wallach, LNCS 2609, pp. 42–57, 2003..

Download ppt "© 2004-5 Ravi Sandhu www.list.gmu.edu Security Issues in P2P Systems Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University."

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Delta Confidential 1 5/29 – 6/6, 2001 SAP R/3 V4.6c PP Module Order Change Management(OCM)

Delta Confidential 1 5/29 – 6/6, 2001 SAP R/3 V4.6c PP Module Order Change Management(OCM)
You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…

You have been given a mission and a code. Use the code to complete the mission and you will save the world from obliteration…
Kapitel 21 Astronomie Autor: Bennett et al. Galaxienentwicklung Kapitel 21 Galaxienentwicklung © Pearson Studium 2010 Folie: 1.

Kapitel 21 Astronomie Autor: Bennett et al. Galaxienentwicklung Kapitel 21 Galaxienentwicklung © Pearson Studium 2010 Folie: 1.
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
Cyber-Identity, Authority and Trust in an Uncertain World

Cyber-Identity, Authority and Trust in an Uncertain World
1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,

1 ACSAC 2002 © Mohammad al-Kahtani 2002 A Model for Attribute-Based User-Role Assignment Mohammad A. Al-Kahtani Ravi Sandhu George Mason University SingleSignOn.net,
© 2004 Ravi Sandhu www.list.gmu.edu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.

© 2004 Ravi Sandhu The Schematic Protection Model (SPM) Ravi Sandhu Laboratory for Information Security Technology George Mason University.
© 2004-5 Ravi Sandhu www.list.gmu.edu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.

© Ravi Sandhu Cyber-Identity, Authority and Trust in an Uncertain World Prof. Ravi Sandhu Laboratory for Information Security Technology.
© 2004 Ravi Sandhu www.list.gmu.edu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.

© 2004 Ravi Sandhu The Safety Problem in Access Control HRU Model Ravi Sandhu Laboratory for Information Security Technology George Mason.
1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.

1 Framework for Role-Based Delegation Models (RBDMs) By: Ezedin S.Barka and Ravi Sandhu Laboratory Of Information Security Technology George Mason University.
© 2004 Ravi Sandhu www.list.gmu.edu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.

© 2004 Ravi Sandhu A Perspective on Graphs and Access Control Models Ravi Sandhu Laboratory for Information Security Technology George.
INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.

INFS 767 Fall 2003 The RBAC96 Model Prof. Ravi Sandhu George Mason University.
Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.

Towards Usage Control Models: Beyond Traditional Access Control 7 th SACMAT, June 3, 2002 Jaehong Park and Ravi Sandhu Laboratory for Information Security.
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
© 2006 Ravi Sandhu www.list.gmu.edu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)

© 2006 Ravi Sandhu Secure Information Sharing Enabled by Trusted Computing and PEI * Models Ravi Sandhu (George Mason University and TriCipher)
SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University

SECURING CYBERSPACE: THE OM-AM, RBAC AND PKI ROADMAP Prof. Ravi Sandhu Laboratory for Information Security Technology George Mason University
Gail-Joon Ahn and Ravi Sandhu George Mason University Myong Kang and Joon Park Naval Research Laboratory Injecting RBAC to Secure a Web-based Workflow.

Gail-Joon Ahn and Ravi Sandhu George Mason University Myong Kang and Joon Park Naval Research Laboratory Injecting RBAC to Secure a Web-based Workflow.
A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.

A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University

© Ravi Sandhu HRU and TAM Ravi Sandhu Laboratory for Information Security Technology George Mason University

Similar presentations

Ads by Google