GLOBALBASE MANUALS
>>
Protocol Reference Model of GLOBALBASE Architecture: The Autonomous Decentralized GIS
>>
Security Consideration
Edition 2007-11-04
Security Consideration
Author:
Hirohisa MORI joshua at globalbase.org +
*
Abstract
*
[1] Technical Security -- Address Storm
*
[2] Management Security
Abstract
[UP]
Go To Page Top
[1] Technical Security -- Address Storm
This architecture has just been created and, to be honest, nothing has been established with respect to the security.
There are two types of security that should be built into the architecture. The first type of security is purely technical, i.e., protection of the XL protocol so that it is not cracked and server data is not stolen or tampered with. The other type of security relates to human factor of management of the system ( s) and contents of GLOBALBASE, such that image or map data that threatens human rights or gives people unpleasant feelings can be prevented from being published.
A frequently asked question regarding the technical security is that of ACRP. Since it automatically assigns addresses to resources according to the surrounding conditions, it can be feared that a large number of resources with addresses that overlap with resources provided by other information providers may be generated intentionally to force the address arbitration protocol to reassign the overlapping addresses and drive the network into congestion. Such an attack will be called an address storm here.
A situation similar to an address storm may also be generated unintentionally. If two big overlay networks are integrated into one overlay network, their addresses will inevitably overlap. In this case, it may be necessary to take a measure to assign addresses of different values to the most significant digit of each of the overlay networks to prevent the address storm. When we experimented with the actual implementation, however, it appears that there is little effect, because in actuality it is possible to search for mapping paths even if some of the addresses are not assigned.
To generate an address storm intentionally, it is necessary to simulate or create an overlay network of the same size as the current overlay network. Moreover, since addresses are changed dynamically to prevent duplication, it is necessary to track the changes and create several overlay networks of the same scale, one after another. This is not an easy task.
This, however, does not mean that there is no possibility of occurrence of address storms. It will be necessary to investigate the possibility of occurrence of address storms through various simulations.
[UP]
Go To Page Top
[2] Management Security
Next, security against delivery of unpleasant information is considered. With the current GLOBALBASE architecture, anyone can launch a server and provide geographical information as far as one has the technical capabilities, and map and overlap any geographical information one wishes to provide with geographical information provided by other people.
The original purpose of GLOBALBASE is to share geographical information in this way. It is not impossible, for example, to create software that automatically places signs at 1km intervals all over the virtual world, thus abusing GLOBALBASE. Fortunately, doing so requires considerable technical capabilities and, even if one succeeds, there is no effect to be gained. Such signs will be removed by people who think they are unpleasant. For this reason, we have not put any effort into implementing a mechanism to regulate such behaviors in the protocol.
However, as GLOBALBASE is diffused and becomes popular in the future, there will most likely be people who will want to disrupt or take over the virtual Earth. If such things happen, then, we who joined the GLOBALBASE project can discuss how to prevent them.
There will be many technologies available for preventing such problems, such as employment of a license system for linking and delivering resources. The essential issue that remains is how we define unpleasant information and who should regulate it. There is no way that such a line can be drawn on a global scale. Such a line can only be determined by people who joined in the actual project management of this virtual space called GLOBALBASE.
This problem is similar to a problem that occurs on the actual Earth. Originally, the collection of lands of the Earth did not belong to anyone. Humans appeared to live there and started to own lands for living; basically, a piece of land belonged to the person who cultivated it first. However, as the population grew and many people required lands, conflicts over ownership of lands started to occur. As a means to prevent such conflicts, laws and agreements were made to make people's behaviors toward each other more civil. Such laws and agreements, however, are neither perfect nor universally obeyed; we see many images of ugly, dismal conflicts broadcast on the TV news every day.
GLOBALBASE is currently in a phase equivalent to the initial period of the Earth. We are the first people who colonized here. We have a space too big to handle by ourselves now. It is an homogeneous, bleak space where there is no culture or religion. We expect that people with various cultures will start to live here sooner or later. As we have feelings, it is natural that there will be conflicts and other problems. We hope to take measures to reconcile such problems in a democratic manner and avoid making the same mistakes as were made on the actual Earth. The dream we pursue is to create an Earth that provides more freedom than the actual Earth -- if such a thing is possible.
[UP]
Go To Page Top
