Designing secure and reliable applications using fragmentation-redundancy-scattering: an object-oriented approach
Security and reliability issues in distributed systems have been investigated for several years at LAAS using a technique called Fragmentation-Redundancy-Scattering (FRS). The aim of FRS is to tolerate both accidental and intentional faults: the core idea consists in fragmenting confidential information in order to produce insignificant fragments and then in scattering the fragments so obtained in a redundant fashion across a distributed system, such as a large network of workstations and servers. Of these workstations, in principle just the user's own workstation needs to be regarded as trusted, whereas from this user's viewpoint the other workstations and servers, which in all probability are under someone else's control, can be untrusted devices.
This paper describes an object-oriented approach to the use of FRS, now under development at LAAS and Newcastle. This approach greatly eases the task of application programmers who seek to ensure reliable secure processing, as well as storage, of confidential information. The approach involves fragmenting a confidential object using its composition structure, i.e., in terms of a hierarchy of sub-objects (the “is-part- of” relation of the object model), each of course with its own subsidiary operations or “methods”. The fragmentation process continues until the resulting sub-objects are as far as possible such as to be individually non-confidential. Replicas of non-confidential objects are then scattered among untrusted stations. By such means much of the processing of object methods, as well as the storing of much object state information, can be carried out safely on untrusted equipment.
Unable to display preview. Download preview PDF.
- 1.J.C. Laprie, Ed., Dependability: Basic Concepts and Terminology (in English, French, German, Italian and Japanese), series Dependable Computing and Fault-Tolerant Systems, (A. Avizienis, H. Kopetz, J.C. Laprie Eds.), Vol.5, Springer-Verlag, 1992, 265 p., ISBN 3-211-82296-8.Google Scholar
- 2.Y. Deswarte, L. Blain and J.-C. Fabre, “Intrusion Tolerance in Distributed Computing Systems”, in Proc. IEEE Symp. on Security and Privacy, Oakland California (USA), 1991, pp. 110–121.Google Scholar
- 4.R.L. Rivest, L. Adelman, M.L. Dertouzos, “On Data Bank and Privacy Homomorphisms”, in Foundations of Secure Computation, Academic Press, ISBN o-12-210350-5, pp. 169–179.Google Scholar
- 5.G. Trouessin, J.C. Fabre and Y. Deswarte, “Reliable Processing of Confidential Information”, Proc. of the 7th IFIP/Sec'91, Brighton (UK), 1991, pp. 210–221.Google Scholar
- 6.A. Shamir, “How to Share a Secret”, CACM, vol. 22, #11, pp. 612–613, 1979.Google Scholar
- 8.D. Powell, Ed., Delta-4: A Generic Architecture for Dependable Distributed Computing, series Research Reports ESPRIT, Project 818/2252, Delta-4, Vol. 1 of 1, Springer-Verlag, 1991, 484 p., ISBN 3-540-54985-4.Google Scholar
- 10.J.C. Fabre and B. Randell, “An Object-Oriented View of Fragmented Data Processing for Fault and Intrusion Tolerance in Distributed Systems”, in Proc. of ESORICS 92, LNCS nℴ 648, Springer-Verlag, Nov. 1992, pp. 193–208.Google Scholar
- 11.R. Stroud, “Transparency and Reflection in Distributed Systems”, in Proc. of the 5th. ACM SIGOPS European Workshop on Distributed Systems, Le Mont Saint-Michel, France, Sep. 1992, 5 pages.Google Scholar
- 12.S. Chiba and T. Masuda, “Designing an Extensible Distributed Language with Meta-Level Architecture”, Proceedings of the ECOOP '93, LNCS nℴ707, Springer-Verlag, July 1993, pp. 483–502.Google Scholar
- 13.NCSC TNI, “Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria”, Tech. Rept. NCSC-TG-005, NCSC, 31 July 1987.Google Scholar
- 14.R. Lea, P. Amaral, C. Jacquemot, “cool-2: an Object-Oriented support platform built above the Chorus Micro-Kernel”, in Proc. of the IEEE I-WOOOS'91, Palo Alto, CA (USA), October 1991, pp. 68–73.Google Scholar
- 15.M. Rozier et al., “Overview of the Chorus Distributed Operating System”, Chorus Systèmes Technical Report, CS-TR-90-25, 1990, 45 pages.Google Scholar