Securing Distributed Computing

Organizations worldwide have come to rely on open systems to help manage and expand the way they transact business. Open systems provide the flexibility needed to get the right information to the right person at the right time, regardless of that user's location or computing platform.

Open computing standards have enabled the Internet to take on a major commercial role. Because clients and servers from different vendors can "talk" to each other, companies can market and sell a range of products through online catalogs.

Corporations have embraced the Internet as a means of inexpensively increasing business, communicating with customers and potential customers, and reducing marketing and distribution costs. Within their corporate networks they have set up "Intranets," which combine key capabilities of distributed computing and low-cost Internet communications. Corporate Intranets support enterprise communications, boost individual and team performance, and improve customer relations.

For more information on The Open Group's security initiatives, see the following articles in this supplement:
  • Joe Maloney's "DCE: Focus on Security, the Internet and the Future,"
  • Steve Lewontin's "Securing the Web: An Infrastructure Based on DCE," and
  • Dean Adams' "Security: It's Not Just About Keeping the Bad Guys Out."

With the growing use of public and private networks, however, comes the threat of security breaches, both those that are malicious in nature and the unintentional mistake. Because public networks provide limited security, data stored on servers as well as transactions conducted over the Internet are vulnerable. Until technology initiatives and standards for security are agreed on and implemented, companies and individuals will not be able to conduct business confidently. Only widely implemented security standards will allow people to feel comfortable exchanging contracts; buying and selling goods and services; and issuing delivery notes, receipts, and invoices on the Internet.

In short, without security, the Internet will not live up to the expectations the industry has set for it.

Fortunately, the industry is taking action. The Open Group is leading the effort in research and development of technology and in defining define standards that will secure Internet commerce.

Open, secure communications

The Open Group is an international consortium of system vendors, software suppliers, and computer users from industry, government, and academia. Under The Open Group umbrella, Open Software Foundation and X/Open work together to deliver technology innovations and promote wide-scale adoption of open systems standards. Other organizations work on specific types of security issues that affect commerce on the Internet, but The Open Group is the only consortium to broadly address security standards for distributed computing, public and private networks, platforms, applications, transactions, and data.

The Open Group works with the global computing community to evaluate widely used technologies and achieve consensus on which technologies should become standards. It also examines recently introduced technology that may eventually form the basis of future standards.

The market is focused on innovation, and The Open Group is positioned to move with the market.

A tough challenge

The diversity of distributed computing environments makes their security very complex. Multiple platforms, supplied by different vendors, complicate the process of implementing different security policies, and in the absence of standards, proprietary security applications do not interoperate. The result is uneven, uncertain security.

Through several initiatives, The Open Group is taking on the most difficult challenges of securing open environments. Much of its work is with the Distributed Computing Environment (DCE), one of the most rigorous secure distributed environments available. DCE incorporates Kerberos security technology, a highly-trusted, well-managed, and well-understood means of protecting open computing. In addition, The Open Group's secure web technology project is a full-featured, high-performance project that pairs the security and naming capabilities of DCE with the flexibility and breadth of the World Wide Web.

The security initiatives of the Open Group include:

  • Distributing Computing Environment
  • DCE secure web technology
  • OSMOSIS
  • WISE
  • Adage
  • B3 level operating system
  • Baseline Security 96
  • Secure Communications Services
  • Internet Firewall standard
  • Cryptography services specification
  • Single Sign-On
  • Distributed auditing specification
  • Backup and restore standard

OSMOSIS, another Open Group project, is researching improvements to Java security, specifically policies to deal with applets as they are loaded on computers. In addition, efforts at The Open Group will allow Java to be used as a first-class programming language for DCE, along with other conventional languages. With WISE (Web Integrated with Security enhancements), The Open Group plans to test the utility of its secure web and collaborative webware technologies by setting up a distributed worldwide environment for collaborative projects with its membership.

Government-funded, the Adage project is advanced authorization work that prototypes mechanisms that accept high-level security policy descriptions and produce low-level access-control privileges. The B3 level operating system project produces software-development techniques in C++ that yield high-assurance software.

The Open Group further addresses system-level security with Baseline Security 96, which applies to any computing platform and provides a standard, safe configuration when systems are first installed. Secure Communications Services is a platform-neutral component based on conformance to the X/Open GSS-API specification, providing mutual of distributed software components and protection of the ongoing communications between them. These specifications are being widely adopted as procurement standards for purchasing a high-level security system. In addition, suppliers that carry the X/Open brand for security from The Open Group guarantee that their products conform to these specifications.

The Open Group also has work underway on the Internet Firewall standard, which addresses the leading approach to protecting Internet-based communications. An effective firewall reduces risks by ensuring a limited number of well-managed choke points for corporate connections with the Internet, which guard against harmful intruders and programs and prevent leakage of corporate information as well as eavesdropping. The Internet Firewall standard will provide features for using the Internet for virtual private networking, which allows companies to replace expensive leased lines with Internet connections and send encrypted information over the Internet as though it were a private network.

The Open Group has also defined a Generic Cryptographic Services specification. Today there is no international standard for cryptography. Countries have varying laws regarding the export of encryption technology, and some even forbid its use. In response, The Open Group has promoted the use of strong cryptography to protect the assets and communications of organizations that rely on distributed computing. The consortium is working with other organizations to evaluate mechanisms that allow for access to encryption by law enforcement agencies, subject to due legal process and implemented in a way that does not compromise corporate or private security.

A specification for Single Sign-On composed by The Open Group will ease the burden of system managers who must control access to distributed systems, and of end users who, using current systems, must remember multiple passwords to access multiple systems. Single Sign-On provides a secure, transparent login to a mainframe from UNIX® and PC systems, significantly simplifying user identification. In addition, a specification for distributed auditing services defines a mechanism for enabling a centralized archiving and analysis of audit trails in a distributed computing environment. Finally, The Open Group is working on a product standard that addresses customer concerns for confidentiality and integrity of information when systems are backed up or restored in a distributed environment.

What's ahead?

New distributed computing technology is being introduced at an ever-accelerating rate. On the Internet, complexity will increase as companies such as Microsoft and Netscape present users with different alternatives. International and national laws will further drive the need for common policies and technologies that ensure safe communications. The Open Group will continue to work with industry through cooperative initiatives to define and promote appropriate standards. Only with open, safe communications will the Internet, and the Intranet communications based on it, achieve its ambitious goals.


RETURN TO TABLE OF CONTENTS