Strongbox : a self-securing protection system for distributed programs
نویسندگان
چکیده
We introduce a new method of approaching security in distributed systems: self-securing programs. These programs run securely on distributed operating systems which provide only minimal security facilities. We have built a system called Strongbox to support self-securing programs on Mach, a distributed operating system, and Camelot, a distributed transaction facility. Strongbox uses negligible overhead and is relatively small, making the task of verification easier. Our paper presents the implementation of self-securing programs on Mach and Camelot and an overview of the algorithms used. We describe the performance and the current status of Strongbox. This research was sponsored by IBM and the Defense Advanced Research Projects Agency (DOD), ARPA Order No 4864 (Amendment 20), under contract F33615-87-C-1499 monitored by the Avionics Laboratory Air Force Wright Aeronautical Laboratories, Wright-Patterson AFB. The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of any of the sponsoring agencies or the US government.
منابع مشابه
Strongbox: A System for Self-Securing Programs
Security is a pressing problem for distributed systems. Distributed systems exchange data among a variety of users over a variety of sites, which may be geographically separated. A user who stores important data on processor A must trust not just processor A but also the processors B C D . . . with which A communicates. The distributed security problem is difficult, and few major distributed sy...
متن کاملSecuring Knowledge Queries Using Code Striping
Remote execution of programs raises security concerns for both server that executes the program and the program itself. We propose a solution, called code striping. Striping uniquely provides simultaneous protection of the server from the client query and the client query from the server using a single mechanism. By combining striping and distributed voting, we provide protection for code not c...
متن کاملAdaptive Protection Based on Intelligent Distribution Networks with the Help of Network Factorization in the Presence of Distributed Generation Resources
Factorizing a system is one of the best ways to make a system intelligent. Factorizing the protection system, providing the right connecting agents, and transmitting the information faster and more reliably can improve the performance of a protection system and maintain system reliability against distributed generation resources. This study presents a new method for coordinating network protect...
متن کاملScenarios for Securing Content Delivery in the DRM Environment
In the DRM environment, content is usually distributed in an encrypted form. Typically, a secure encryption algorithm is utilized to accomplish such protection. However, executing this algorithm in an insecure environment may allow adversaries to compromise the system and obtain information about the decryption key. Keeping such a key secret is a major challenge for content distribution systems...
متن کاملCliSeAu: Securing Distributed Java Programs by Cooperative Dynamic Enforcement
The original publication is available at www.springerlink.com Abstract CliSeAu is a novel tool for hardening distributed Java programs. CliSeAu takes as input a specification of the desired properties and a Java bytecode target program, i.e. the format in which Java programs are usually provided. CliSeAu returns hardened Java bytecode that provides the same functionality as the original code, u...
متن کامل