Wednesday, December 18, 2002

Autonomous Computing - Fiefdoms and Fortresses

Pat Helland of Microsoft has proposed the Autonomous Computing model as an application design pattern for cooperation between independent systems that do not trust each other. It has two key notions.

Fiefdom An independent computing environment that refuses to trust any outsiders and maintains tight control over a set of mission critical data 

Emissary A computing component that helps prepare requests to submit to a fiefdom. It operates exclusively on published (snapshot) reference data and single-user data. 

Helland uses the autonomous computing model to explain many of the new types of applications including offline apps, scalable web-farms, B2B apps, content syndication and content aggregation. (How secure are these then?) more

Roger Sessions of Object Watch has combined the Helland model with other elements to produce an elaborate Fortress Model of computer security. A fortress is a self-contained software system, contains business logic (grunts) and private data (strongboxes), and is surrounded by an unbreachable wall. Communication with the outside world passes through a drawbridge, and is controlled by guards and by treaties with allies

I have many reservations about these models. Here are three to be going on with. 

  • Reliance on an absolute, binary notion of trust. Anything or anybody inside the wall is trusted absolutely, anything or anybody outside the wall is mistrusted. 
  • Reliance on simple topology. A wall creates a simple enclosed space, a straightforward boundary between inside and outside. 
  • Reliance on technology. The fortress model depends on firewalls and other security mechanisms. 

 


Pat Helland, Autonomous Computing paper and blogpost (updated December 2020)

Roger Sessions, The Software Fortress Model: A Next Generation Model for Describing Enterprise Software Architectures (Object Watch Newsletter 36, 17 November 2001)

Richard Veryard and Aidan Ward, Web Service Security (CBDI Journal January 2002)


Originally published at http://www.veryard.com/sebpc/security.htm#autonomous

Links updated March 2022 to include Pat Helland's new version

No comments:

Post a Comment