Skip to Main Content
It is observed that a direct mapping exists between a distributed system's physical configuration and the security threats that can be mounted against interprocess communication in that system. A systematic methodology is presented which implements that mapping for a large class of distributed systems. The methodology includes a model of threats to interprocess communication as well as a model of distributed system security configurations. This methodology is useful in situations where certain major characteristics of the distributed system physical configuration will remain stable over a long time.