Distribution is the essential characteristic of the resource, user, computing task and management in a Large Distributed System (LDS). Due to this characteristic, the frequent interactions between entities tends to serve as the foundational approaches to implement the basic operations and security mechanisms in LDS. In this paper, we propose a new approach, to formally characterize the entity interaction vulnerabilities in LDS which results from the absence of necessary security mechanisms. We also construct a general interaction security mechanism description language. By introducing the finite state machine, this language analyzes the key resources in LDS to detect and validate the entity interaction vulnerabilities. In this way, our approach provides the capability to find out the negative influence on the resource confidentiality, integrity and availability incurred by the deficiency of security mechanisms, and to identify the interaction vulnerabilities along with the attack patterns.

• 出版日期2011
• 单位清华大学