Secure Application Development in Distributed Environments: Integrating Advanced OS and Data Security Principles
DOI:
https://doi.org/10.63282/3050-9246.IJETCSIT-V2I1P105Keywords:
Distributed Systems, Secure Development, OS-Level Security, Data Protection, Zero Trust, Application Hardening, Threat Modeling, Secure SDLC, Encryption, Multi-TenancyAbstract
Nowadays, with software not being fixed on a single server or data center anymore, securing the application for distributed environments has become the challenge of utmost importance. It is obvious that the infrastructure has rapidly changed, and the applications went worldwide by accessing many geographically spread databases. However, the protection concept stayed the same it started with the endpoint, the next layer was the node operating systems, and ended at the encryption of the data transportation. This paper unfolds the conundrum of double-layered perseverance in software architecture concerning the operating system and application-level security coupled with preventing the untrusted party from unauthorized data access. The first section, the reasons why orthodox notions of cybersecurity are unable to secure a consistent network infrastructure currently, illustrates the problem. The argument outlines the transition from microservices to container orchestration and edge computing as causing distributed environments. The new outline of security starts with more preventive measures focused on the operating system, such as mandatory access controls, kernel-level isolation, and secure boot. Following that, the focus leads to details on distributed systems, which is to say, encryption, integrity, access rights, and endpoint checks are the keys to reliable data storage and transmission. One of the key points that the author is trying to bring home is that incorporating these security measures during the software development lifecycle (SDLC) stage is not just an alternative but rather the bedrock. Besides the use of the most effective methodologies and good practices, including threat modeling, DevSecOps workflows, and automated compliance checks, the article also instructs the readers to embed security in each development stage without killing the spirit of innovation
Downloads
References
[1] Belapurkar, Abhijit, et al. Distributed systems security: issues, processes and solutions. John Wiley & Sons, 2009.
[2] Satyanarayanan, Mahadev. "Integrating security in a large distributed system." ACM Transactions on Computer Systems (TOCS) 7.3 (1989): 247-280.
[3] Kleidermacher, David, and Mike Kleidermacher. Embedded systems security: practical methods for safe and secure software and systems development. Elsevier, 2012.
[4] Ren, Jianbao, et al. "Appsec: A safe execution environment for security sensitive applications." Proceedings of the 11th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments. 2015.
[5] Kupunarapu, Sujith Kumar. "AI-Enabled Remote Monitoring and Telemedicine: Redefining Patient Engagement and Care Delivery." International Journal of Science And Engineering 2.4 (2016): 41-48.
[6] Elser, Amy. Reliable distributed systems: technologies, web services, and applications. Springer Science & Business Media, 2005.
[7] Blaze, Matt, et al. "The role of trust management in distributed systems security." Secure Internet programming: security issues for mobile and distributed objects (1999): 185-210.
[8] Chong, Stephen, et al. "Secure web applications via automatic partitioning." ACM SIGOPS Operating Systems Review 41.6 (2007): 31-44.
[9] Krutz, Ronald L., Ronald L. Krutz, and Russell Dean Vines Russell Dean Vines. Cloud security a comprehensive guide to secure cloud computing. Wiley, 2010.
[10] Whitman, Michael E., and Herbert J. Mattord. Principles of information security. Boston, MA: Thomson Course Technology, 2009.
[11] Ward, Peter, and Clifton L. Smith. "The development of access control policies for information technology systems." Computers & Security 21.4 (2002): 356-371.
[12] Liu, Jing, et al. "Cyber security and privacy issues in smart grids." IEEE Communications surveys & tutorials 14.4 (2012): 981-997.
[13] Anusha Atluri, and Teja Puttamsetti. “The Future of HR Automation: How Oracle HCM Is Transforming Workforce Efficiency”. JOURNAL OF RECENT TRENDS IN COMPUTER SCIENCE AND ENGINEERING ( JRTCSE), vol. 7, no. 1, Mar. 2019, pp. 51–65
[14] Blobel, Bernd. "Advanced and secure architectural EHR approaches." International journal of medical informatics 75.3-4 (2006): 185-190.
[15] Anusha Atluri. “The Security Imperative: Safeguarding HR Data and Compliance in Oracle HCM”. JOURNAL OF RECENT TRENDS IN COMPUTER SCIENCE AND ENGINEERING ( JRTCSE), vol. 7, no. 1, May 2019, pp. 90–104
[16] Varma, Yasodhara. “Secure Data Backup Strategies for Machine Learning: Compliance and Risk Mitigation Regulatory Requirements (GDPR, HIPAA, etc.)”. International Journal of Emerging Trends in Computer Science and Information Technology, vol. 1, no. 1, Mar. 2020, pp. 29-38
[17] De Win, Bart, et al. "On the secure software development process: CLASP, SDL and Touchpoints compared." Information and software technology 51.7 (2009): 1152-1171.
[18] Stephenson, Peter, et al. Information security architecture: an integrated approach to security in the organization. Auerbach Publications, 2006.
[19] Viega, John, and Gary R. McGraw. Building secure software: how to avoid security problems the right way. Pearson Education, 2001.
