Back to the Insecure Future
We are in danger of reverting to a more centralized model. The current trend is to have applications (and data) that are network-aware and can span multiple systems, networks, and continents. Services like Microsoftís .NET concept seek to bring centrally distributed software functionalities to everyone and everything, and expand on the Application Service Provider (ASP) concept of the late 1990s. Under the .NET concept, most applications, user data, and user input (such as identification and authentication) will be dependent on server-side software components located on a centralized server farm instead of local desktop computers or file servers, as they are now. This presents some interesting challenges to current security models.
Todayís information environment, which generally consists of the Internet and local networks, is generally designed to be redundant and resilient. If one portion fails, itís relatively easy to fix and move on, since users have positive control over their information assets. Equally important, when a security incident takes place, it can be identified by removing the victim system from any networks it may be connected to. Under the architectures proposed in .NET, much of this built-in redundancy would be eliminated, since the centralized servers providing application and information resources for .NET users would operate from a fixed position with a finite number of network and physical infrastructures supporting it. Not only does this create single points of failure for the architecture, but users will be unable to maintain positive local control over their information resources like they do today, something thatís critical if or when problems arise.
[ Read more ]