The Rampart toolkit for building high-integrity services

  • Michael K. Reiter
Group Communication
Part of the Lecture Notes in Computer Science book series (LNCS, volume 938)


Rampart is a toolkit of protocols to facilitate the development of high-integrity services, i.e., distributed services that retain their availability and correctness despite the malicious penetration of some component servers by an attacker. At the core of Rampart are new protocols that solve several basic problems in distributed computing, including asynchronous group membership, reliable multicast (Byzantine agreement), and atomic multicast. Using these protocols, Rampart supports the development of high-integrity services via the technique of state machine replication, and also extends this technique with a new approach to server output voting. In this paper we give a brief overview of Rampart, focusing primarily on its protocol architecture. We also sketch its performance in our prototype implementation and ongoing work.


Group Multicast Multicast Protocol Group View Correct Server Byzantine Agreement 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Y. Amir, D. Dolev, S. Kramer, and D. Malki. Transis: A communication subsystem for high availability. In Proceedings of the 22nd International Symposium on Fault-Tolerant Computing, pages 76–84, July 1992.Google Scholar
  2. 2.
    D. Atkins, M. Graff, A. K. Lenstra, and P. C. Leyland. The magic words are squeamish ossifrage. In Proceedings of Asiacrypt '94, pages 219–229, 1994.Google Scholar
  3. 3.
    K. P. Birman, A. Schiper, and P. Stephenson. Lightweight causal and atomic group multicast. ACM Transactions on Computer Systems, 9(3):272–314, Aug. 1991.Google Scholar
  4. 4.
    K. P. Birman and R. van Renesse, editors. Reliable Distributed Computing with the Isis Toolkit. IEEE Computer Society Press, Los Alamitos, California, 1994.Google Scholar
  5. 5.
    E. Brickell. A survey of hardware implementations of RSA. In G. Brassard, editor, Advances in Cryptology— CRYPTO '89 Proceedings (Lecture Notes in Computer Science 435), pages 368–370. Springer-Verlag, 1990.Google Scholar
  6. 6.
    T. D. Chandra and S. Toueg. Unreliable failure detectors for asynchronous systems. In Proceedings of the 10th ACM Symposium on Principles of Distributed Computing, pages 325–340, Aug. 1991.Google Scholar
  7. 7.
    F. Cristian, H. Aghili, R. Strong, and D. Dolev. Atomic broadcast: From simple message diffusion to Byzantine agreement. In Proceedings of the 15th International Symposium on Fault-Tolerant Computing, pages 200–206, June 1985. A revised version appears as IBM Research Laboratory Technical Report RJ5244 (April 1989).Google Scholar
  8. 8.
    Y. Desmedt and Y. Frankel. Shared generation of authenticators and signatures. In J. Feigenbaum, editor, Advances in Cryptology—CRYPTO '91 Proceedings (Lecture Notes in Computer Science 576), pages 457–469. Springer-Verlag, 1992.Google Scholar
  9. 9.
    S. R. Dussé and B. S. Kaliski Jr. A cryptographic library for the Motorola DSP56000. In I. B. Damgård, editor, Advances in Cryptology—EUROCRYPT '90 Proceedings (Lecture Notes in Computer Science 473), pages 230–244. Springer-Verlag, 1991.Google Scholar
  10. 10.
    M. J. Fischer, N. A. Lynch, and M. S. Paterson. Impossibility of distributed consensus with one faulty process. Journal of the ACM, 32(2):374–382, Apr. 1985.Google Scholar
  11. 11.
    M. K. Franklin and M. K. Reiter. The design and implementation of a secure auction service. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, May 1995. To appear.Google Scholar
  12. 12.
    M. K. Franklin and M. Yung. The varieties of secure distributed computation. In Proceedings of Sequences II, Methods in Communications, Security and Computer Science, pages 392–417, June 1991.Google Scholar
  13. 13.
    L. Gong. A secure identity-based capability system. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 56–63, Apr. 1989.Google Scholar
  14. 14.
    L. Gong. Securely replicating authentication services. In Proceedings of the 9th International Conference on Distributed Computing Systems, pages 85–91, 1989.Google Scholar
  15. 15.
    M. P. Herlihy and J. D. Tygar. How to make replicated data secure. In C. Pomerance, editor, Advances in Cryptology—CRYPTO '87 Proceedings (Lecture Notes in Computer Science 293), pages 379–391. Springer-Verlag, 1988.Google Scholar
  16. 16.
    M. F. Kaashoek. Group Communication in Distributed Computer Systems. PhD thesis, Vrije Universiteit, The Netherlands, 1992.Google Scholar
  17. 17.
    L. Lamport, R. Shostak, and M. Pease. The Byzantine generals problem. ACM Transactions on Programming Languages and Systems, 4(3):382–401, July 1982.CrossRefGoogle Scholar
  18. 18.
    B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265–310, Nov. 1992.Google Scholar
  19. 19.
    P. M. Melliar-Smith, L. E. Moser, and V. Agrawala. Broadcast protocols for distributed systems. IEEE Transactions on Parallel and Distributed Systems, 1(1):17–25, Jan. 1990.Google Scholar
  20. 20.
    L. L. Peterson, N. C. Buchholz, and R. D. Schlichting. Preserving and using context information in interprocess communication. ACM Transactions on Computer Systems, 7(3):217–246, Aug. 1989.Google Scholar
  21. 21.
    F. M. Pittelli and H. Garcia-Molina. Reliable scheduling in a TMR database system. ACM Transactions on Computer Systems, 7(1):25–60, Feb. 1989.Google Scholar
  22. 22.
    M. K. Reiter. Secure agreement protocols: Reliable and atomic group multicast in Rampart. In Proceedings of the 2nd ACM Conference on Computer and Communications Security, pages 68–80, Nov. 1994.Google Scholar
  23. 23.
    M. K. Reiter. A secure group membership protocol. In Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, pages 176–189, May 1994.Google Scholar
  24. 24.
    M. K. Reiter and K. P. Birman. How to securely replicate services. ACM Transactions on Programming Languages and Systems, 16(3):986–1009, May 1994.Google Scholar
  25. 25.
    R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, Feb. 1978.CrossRefGoogle Scholar
  26. 26.
    F. B. Schneider. Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Computing Surveys, 22(4):299–319, Dec. 1990.Google Scholar
  27. 27.
    S. K. Shrivastava, P. D. Ezhilchelvan, N. A. Speirs, S. Tao, and A. Tully. Principal features of the VOLTAN family of reliable node architectures for distributed systems. IEEE Transactions on Computers, 41(5):542–549, May 1992.Google Scholar
  28. 28.
    J. G. Steiner, C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the USENIX Winter Conference, pages 191–202, Feb. 1988.Google Scholar
  29. 29.
    R. Turn and J. Habibi. On the interactions of security and fault-tolerance. In Proceedings of the 9th NBS/NCSC National Computer Security Conference, pages 138–142, Sept. 1986.Google Scholar
  30. 30.
    R. van Renesse, K. Birman, R. Cooper, B. Glade, and P. Stephenson. Reliable multicast between microkernels. In Proceedings of the USENIX Microkernels and Other Kernel Architectures Workshop, Apr. 1992.Google Scholar
  31. 31.
    V. L. Voydock and S. T. Kent. Security mechanisms in high-level network protocols. ACM Computing Surveys, 15(2):135–171, June 1983.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1995

Authors and Affiliations

  • Michael K. Reiter
    • 1
  1. 1.AT&T Bell LaboratoriesHolmdelUSA

Personalised recommendations