Title :
Using replication and partitioning to build secure distributed systems
Author :
Zheng, Lantian ; Chong, Stephen ; Myers, Andrew C. ; Zdancewic, Steve
Author_Institution :
Dept. of Comput. Sci., Cornell Univ., Ithaca, NY, USA
Abstract :
A challenging unsolved security problem is how to specify and enforce system-wide security policies; this problem is even more acute in distributed systems with mutual distrust. This paper describes a way to enforce policies for data confidentiality and integrity in such an environment. Programs annotated with security specifications are statically checked and then transformed by the compiler to run securely on a distributed system with untrusted hosts. The code and data of the computation are partitioned across the available hosts in accordance with the security specification. The key contribution is automatic replication of code and data to increase assurance of integrity, without harming confidentiality, and without placing undue trust in any host. The compiler automatically generates secure run-time protocols for communication among the replicated code partitions. Results are given from a prototype implementation applied to various distributed programs.
Keywords :
compiler generators; data integrity; data privacy; distributed processing; program diagnostics; protocols; automatic code replication; automatic generation; compiler; confidentiality; data confidentiality; data integrity; mutual distrust; partitioning; secure distributed systems; secure run-time protocols; security specifications; static checking; system-wide security policies; Communication system security; Computer science; Computer security; Data security; Distributed computing; Government; Information science; Information security; Information systems; Military computing;
Conference_Titel :
Security and Privacy, 2003. Proceedings. 2003 Symposium on
Print_ISBN :
0-7695-1940-7
DOI :
10.1109/SECPRI.2003.1199340
