Please enable JavaScript.
Coggle requires JavaScript to display documents.
Lecture 9: Naming and Security (Naming (Generic Unique Identifier (=>…
Lecture 9: Naming and Security
Naming
Uniform Resource Locator
address scheme
References to web resource that specify it location on a computer network
and
Protocol
: Mechanism for retrieving it
Access method
://
node name
/resource
Mixture of host-based and resource-based access
Generic Unique Identifier
Hash value structured fields to identify objects
Free to include additional info e.g
timestamp
or
process id
Need to define explicit
name space
concept and stuck to it
Mostly used to identify data in Unix file system
ext2/ext3/ext4
Also used in database key.
=>>
Represent Data objects by a random
hash value
only depend on object and hash method, not on location, OS and other circumstances
Security
Data-in-flight, data-in-rest
Encryption
Data-in computation
3 principles of security
Segregation
:a process can handle very few tasks and is limited to very few operations
Locality
: data have to process there, where generated, not pass over entire network
Least privileges
: a process operate and have access to data in its regime, while having minimum access privileges
Kerberos
: network authentication protocols
Components
Key Distribution Center
Ticket Granting Server
Use Ticket-Granting Ticket to obtains
Application-SessionKey
Authentication Server
One time login to the
Realm
Obtain Ticket-Granting Ticket
Kerberos clients
Kerberized Service
Application caches request alongside with the lease period.