Practical issues in the development of

secure distributed systems

Prof. Valentin Cristea

 First definition

A distributed system is defined as

one in which components at
networked computers
communicate and coordinate
their actions only by passing
messages.

Coulouris, Dollimore & Kindberg

Addison Wesley/Pearson Education, June 2005
 Examples
• Web
– client-server
– retrieval, download and presentation of Web pages
– search engines, index databases, crawlers
– semantic Web – machines can "understand" the meaning
of the information
– social Web– collaborative content production and sharing
(MySpace, Twitter, Facebook, LinkedIn, YouTube, Flickr)
• Web-based Systems
– browser is the interface
– application placed behind the Web server
• management systems
• e-commerce, etc.
– RIA – Rich Internet Applications
 Examples (cont.)
• Grid Systems
– used in virtual organizations (VO)
– high dynamicity
– administrate shared resources
• owner constraints
• user requirements
• Clouds
– resources in data centers
– accessible through Internet
– used "on demand"
– pay "as you go"
 Example (cont.)
• peer-to-peer systems
– compute intensive
• SETI@home (Search for Extraterrestrial Intelligence)
• application executed as set of distributed tasks
• on each computer the execution is similar to "screen saver"
– collaborative
• real time collaboration among users:
– chat (Internet Relay Chat)
– instant messaging (Jabber.org )
– collaborative workspace (Groove Workspace)
– content distribution
• Napster, Gnutella, Freenet, BitTorrent
 Second definition
• A distributed system is a
collection of independent
computers that appear to
its users as a single
coherent system.

Tanenbaum, van Steen

Prentice Hall 2007
• A distributed system is organized around a
paradigm (e.g. "anything is a file")

• Examples
– distributed file systems (NFS)
– distributed object based systems (CORBA, DCOM)
– distributed document based systems (Web)
– distributed coordination based systems (Jini)
 Advantages of distributed systems
• reduced execution time through parallelism and
distribution,
• increased fault tolerance,
• functional specialization
• reduces cost / performance ratio,
• easy access to remote resources,
• incremental system growth.
 Design Problems
Heterogeneity – diversity of components:
network – solved by using Internet protocols for communication
hardware – various data representations (e.g. big endian, little endian)
operating systems – different implementations of Internet protocols;
calls for message transfers in Unix differ from Windows NT
programming languages – use different representations for
characters and data structures (arrays, records)
implementations from different developers – not respecting
standards

Solutions for solving problems with heterogeneity

middleware
virtual machine (for mobile code)
• Openness – the system can be extended and re-
implemented in various ways.
Solutions:
• main interfaces are public (e.g. available in IDL)
• components obey to open standards
– Notion related with interoperability and portability

• Security –refers to:

– confidentiality
– integrity
– availability
Solutions
• cryptographic algorithms, mechanisms, protocols and services
• Scalability – the system doesn't loss performance
for the increase of:
– the number of users (size)
– maximum distance between nodes (geography)
– number of administrative domains (administration)

• Solutions
– asynchronous communication
• avoids long blockings found in synchronous communication
– task distribution
• e.g. DNS
– replication of components (in particular caching)
• introduces consistency problems
• Failure handling – detect, hide, prevent, or recover
from fails.
– fails are partial

Solutions
– detection (e.g. control sum)
– mask (e.g. repeat the operation)
– fault tolerance
• design for failure recovery
• redundancy
• Concurrency – simultaneous execution of tasks
– problems when accessing common resources
Solutions
– synchronization

• Transparency – the system presents as a single

unit to users and applications.
– high level – hide the distribution to users
– low level – hide distribution to programs.
• Distribution transparency:
– access (Hides differences in data representation and
invocation mechanisms)
– location (Hides where an object resides)
– concurrency (Hides the coordination of activities
between objects to achieve consistency at a higher level)
– replication (Hides the fact that an object or its state may
be replicated and that replicas reside at different
locations)
– failure (Hides failure and possible recovery of objects)
– migration (Hides from an object the ability of a system to
change that object’s location)
Implementation as middleware

[Tanenbaum 2007]
 Distributed Systems Architectures
• Describe components and their relations
– software architectures
• logical components and links
– system architectures
• include implementation details
• Two fundamental models
– client-server
• Two component types with different roles
– peer-to-peer
• components with same rights that share resources and services
through direct exchanges
• each component is client and server at the same time
• in hybrid networks, super-peer with special functions
 Client - Server Model
• Processing is distributed
between client and server
dedicated machines
• Server = process that
implements a specific
service (e.g. file server,
name server, print server)

• Client = process that invokes a service through sending a

request and waiting for the result.
• Client types
• thin – implements the user interface
• fat – implements part of the application as well
• ex: RIA, Rich Internet Application
• Architecture two-tiered
 REST Architecture
• REST = Representational State Transfer
• client-server architecture for hypermedia distributed
systems, e.g. Web
• composed as a set of addressable resources, e.g.
through URI
• as response to a client request (including the URI of
a resource), the system returns a representation of
the resource (e.g. the HTML page)
• when receiving, the client goes into a new state of
the application, in which it has access to other URI-s
 Multi-tiered Model
• Web Application – client / server application in which the
client is a browser
• Multi-tiered Architecture – a server can be client for
another server; each server-client pair adds a new tier;
• e.g. 3-tier
– client
– application server
– database server
 Hierarchical Models
• Based on composing functionalities in several layers
• e.g. protocol oriented Grid Architecture
 SOA - Service Oriented Architecture
• Service
"A well-defined, self-contained function, which does not depend on the
context or state of other services".
• Service Oriented Architecture
– A system is a collection of services that coordinate with each other
– A service (supplier) can be used by another service (customer)
– Services do not know each other explicitly
– Services need find out how to communicate; e.g. publish / subscribe
• a description of the service is published when it becomes available
• another service passes a subscription describing what it needs
• if the two descriptions match the requesting service is notified
• SOA is not tied to a specific technology
– SOA implemented with REST, RPC, CORBA, DCOM, Web Services
• OASIS elaborated the SOA Reference Model
WEB Service Interface
described in WSDL - Web
Service Description
Language.

WEB services are invoked

using the SOAP protocol

Discovery service is an
alternative to
publish/subscribe.
 Example: Grid SOA
OGSA (Open Grid Service Architecture)
• Standardize common services in Grid based applications: job
management, data transfer, security, …
• Implementation based on Web services – WSRF (Web Services Resource
Framework)
• WSRF: uses WS-Resource (web service + resource)
• Resources represent a mechanism to preserve the state
 Peer-to-Peer Architectures
• Based on the direct access among peers
• Peer offers and consumes (by contrast to client - server)
• Categories
– distributed computation
• SETI@home, genome@home
– collaborative
• Jabber.org for instant messaging, Internet Relay Chat (IRC),
Groove Workspace
– content distribution
• Napster, Gnutella, Freenet, BitTorrent
 Peer-to-Peer Architectures

• Purely Decentralized
– Nodes with similar capabilities “servents” = SERVers+clieENTS
• offer and consume the same type of resources (CPU cycles,
memory, content)
• special services
– bootstrapping,
– add and delete peers,
– maintain index for peer searching,
– connect and disconnect neighbors
– encrypting/decrypting content
– e.g.: Gnutella, Freenet, Chord, CAN
– Example: Gnutella, Freenet, Chord, CAN
 Peer-to-Peer Architectures

– Partially Centralized Architectures

• Several super-peers keep the local central indexes for files shared
by local peers
• Each super-peer manages local peers
• and is a proxy for requests generated by local peers
• e.g. Kazaa, Gnutella (new)
– Hybrid Decentralized Architectures
• One central server offers the lookup service (information about
peers)
• e.g. Napsters
 Network structure
– unstructured
• no rules to establish links between peers
• nodes can add anywhere
• inefficient lookup
• e.g. Napster, Publius, Gnutella, Kazaa, Edutella
– structured
• rules for links function of content
• systematic search
• upper bound for the number of hops when searching peers
• e.g. Chord, CAN, Tapestry, PAST
 Cloud Architecture

• Collection (cloud) of resources (hardware, software,

connections, services) accessible in the network, on demand,
for simple terminals (workstations, laptop, i-phone, etc.)
• Offers services: processing, files, database, data storage,
messaging, etc. structured on three levels:
– infrastructure as a service (IaaS),
– platform as a service (PaaS), and
– software as a service (SaaS).
 Based on:
– clustering
– virtualization
– parallel / distributed
processing, etc.

Architecture inspired from Grid

and P2P
• small number of networked data
centers
• trend: high number of networked
micro-centers

Source: http://static.howstuffworks.com/gif/cloud-computing-1.gif
END part 1
 References
[Erl06] Thomas Erl, “Service Oriented Architecture” (Prentice Hall, 2006)

[Fielding00] Roy Fielding, Architectural Styles and the Design of Network-

based Software Architectures -
http://www.ics.uci.edu/~fielding/pubs/dissertation/top.htm
[Foster01] Ian Foster, “The Anatomy of the Grid”
[Keahey05] Katarzyna Keahey, Ian Foster, Timothy Freeman, Xuehai Zhang,
Daniel Galron, “Virtual Workspaces in the Grid”
[Tanenbaum07] Andrew Tanenbaum, M. van Steen, “Distributed Systems:
Principles and Paradigms”, 2nd edition (Prentice Hall, 2007)