ESPRIT ’90 pp 355-370 | Cite as

Intrusion-Tolerant Security Servers for Delta-4

  • Laurent Blain
  • Yves Deswarte

Abstract

This paper describes a new approach for security in open distributed systems. This approach is currently developed in the framework of the Delta4 project. After a few reminders about two existing distributed security architectures, the proposed “intrusion-tolerant” approach is specified. It is based on a fragmentation-scattering technique applied to a security server running on several security sites. These sites are such that intrusions into a number of sites less than a given threshold have no consequence on the global security. The different security services provided are then presented.

Keywords

Security Service Recovery Service Threshold Scheme Local Security Security Site 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [BELL 74]
    BELL D. E. and LAPADULA L. J, “Secure Computer Systems: Mathematical Foundations and Model”, M74-244, MITRE Co., October 1974.Google Scholar
  2. [BLAK 79]
    BLAKLEY G. R, “Safeguarding Cryptographic Keys”, Proc. NCC, Vol. 48, AFIPS Press, Montvale N. J., 1979, pp. 313–317.Google Scholar
  3. [DENN 86]
    DENNING D. E., “An Intrusion-Detection Model”, Proc. of IEEE Symp. on Security and Privacy, Oakland, April 1986, pp. 118–132.Google Scholar
  4. [DoD 85]
    D.o.D., “Department of Defense Trusted Computer System Evaluation Criteria”, DOD 5200.28-STD, December 1985.Google Scholar
  5. [FIAT86]
    FIAT A., SHAMIR A., “How to Prove Yourself: Practical Solutions of Identification and Signature Problems”, Advances in Cryptology — CRYPTO’86. Santa Barbara, August 1986, Lecture Notes in Computer Science Vol. 263, Springer Verlag, ISBN 0-387-18047-8, pp.186–194.Google Scholar
  6. [FRAG 85]
    FRAGA J., POWELL D., “A Fault and Intrusion-Tolerant file System”, in Computer Security: the practical issues in a troubled world, Proc. 3rd Int. Cong, on Comp. Security (IFIP/SEC’85), Dublin, Ireland, August 1985, ISBN 0-1-87801-7, pp. 203–218.Google Scholar
  7. [FRAY 86]
    FRAY J.M., DESWARTE Y., POWELL D., “Intrusion-Tolerance using Fine-Grain Fragmentation Scattering”, Proc. on the 1986 IEEE Symp. on Security and Privacy, Oakland, April 1986, pp. 194–201.Google Scholar
  8. [GUIL 88]
    GUILLOU L.C., QUISQUATER J.J., “A Practical Zero-knowledge Protocol Fitted to Security Microprocessor Minimizing both Transmission and Memory”, Advances in Criptology - Eurocrypt 88, Davos, Switzerland, May 1988, Lecture Notes in Computer Science Vol. 330, Springer Verlag, ISBN 0-387-50251-3, pp. 123–128.Google Scholar
  9. [HARR76]
    HARRISON M. A., RUZZO W. L. and ULLMAN J. D., “Protection in Operating Systems”, Comm. of ACM, Vol. 19, no 8, August 1976, pp. 461–471.MathSciNetMATHCrossRefGoogle Scholar
  10. [ISO 7498-2]
    I.S.O., International Standard 7498-2: Information processing systems - OSI Reference model - Part 2: Security Architecture, Tech. Rept. no 2890, ISO/IEC JTCI/SC21, July 1988.Google Scholar
  11. [LAP 90]
    LAPRIE J.C., “Dependability: Basic Concepts and Associated Terminology”, in Dependability Concepts and Terminology, ESPRIT BRA PROJECT 3092 Predictably Dependable Computing Systems, First Year Report, Task A, Vol. 1, May 1990.Google Scholar
  12. [MILL 87]
    MILLER S.P., NEUMAN B.C., SCHILLER J.I. and SALTZER J.H., “Kerberos Authentication and authorization System”, MIT Proj. Athena Technical Plan, Sect. E. 2. 1, December 1987.Google Scholar
  13. [NCSC 87a]
    N.C.S.C., “Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria”, NCSC-TG-OOS, July 1987.Google Scholar
  14. [RAN 88]
    RANEA P.G., DESWARTE Y., FRAY J.M., POWELL D., “The Security Approach in Delta-4”, Research into Networks and Distributed Applications EUTECO’88, Vienna, Austria, April 1988, ISBN 0111-70428-0, pp. 455–466.Google Scholar
  15. [SHA 79]
    SHAMIR A., “How to Share a Secret”, Comm. of ACM, Vol. 22, no 11, November 1979, pp. 612–613.MathSciNetMATHCrossRefGoogle Scholar
  16. [STEIN 88]
    STEINER J. G., NEUMAN C. and SCHILLER J.I., “Kerberos: An Authentication Service for Open Network Systems”, USENIX Winter Conf., Dallas, February 1988.Google Scholar

Copyright information

© ECSC, EEC, EAEC, Brussels and Luxembourg 1990

Authors and Affiliations

  • Laurent Blain
    • 1
  • Yves Deswarte
    • 2
  1. 1.LAAS-CNRSTOULOUSE CedexFrance
  2. 2.LAAS-CNRS & INRIATOULOUSE CedexFrance

Personalised recommendations