Shrink-Wrapped Optimism: The DODA Approach to Distributed Document Processing

  • Bruce Christianson
  • Jean F. Snook
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2845)


In this paper we introduce a distributed object-based document architecture called DODA in order to illustrate a novel strategy for achieving both high availability and high integrity in the context of open processing distributed between mutually suspicious domains without a common management hierarchy.

Our approach to availability is to structure documents into small components called folios in such a way as to allow the maximum opportunity for concurrent processing, and to allow these components to be freely replicated and distributed. Integrity conflicts are resolved using an optimistic form of control called optimistic integrity control (OIC) applied to recoverable work units.

Our approach to security is to shrinkwrap the document components using cryptographic checksums, and to provide a set of building block components called functionaries which a group of users can combine in such a way as to provide each user with a means of ensuring that an agreed notion of integrity is enforced while relying upon a minimum of non-local trust.

In particular, we do not rely upon a trusted computing base or a shared system infrastructure. The local availability of document versions and of the resources to process them are completely under local user control. The lack of availability of the functionaries does not have severe consequences, and the presence of mutual suspicion makes it easier to ensure that users can trust the functionaries to provide the intended service.

A major benefit of using OIC is that it allows the integration of untrusted components such as filestores and directory servers into the system. In particular, an untrusted soft locking service can be used in order to reduce the number of concurrency conflicts, and untrusted security components can be used to screen out attempted access control violations.

Note. The text of this previously unpublished position paper is the March 1994 version.


Directed Acyclic Graph Social Contract Security Policy Audit Trail Access Control List 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Gleeson, T.J.: Aspects of Abstraction in Computing, PhD thesis, University of Cambridge (1990)Google Scholar
  2. 2.
    Hu, P.: Extensions to DODA, University of Hertfordshire Computer Science Technical Note (1994)Google Scholar
  3. 3.
    Low, M.R.: The Notary, University of Hertfordshire Computer Science Technical Report 153 (1992)Google Scholar
  4. 4.
    Low, M.R.: Self-defence in Open Systems using Self-authenticating Proxies, University of Hertfordshire Computer Science Technical Report 161 (1993)Google Scholar
  5. 5.
    Low, M.R., Christianson, B.: Fine-grained Object Protection in Unix. ACM Operating Systems Review 27(1), 33–50 (1993)CrossRefGoogle Scholar
  6. 6.
    Low, M.R., Christianson, B.: A Technique for Authentication. Access Control and Resource Management in Open Distributed Systems, Electronics Letters 30(2), 124–125 (1994)Google Scholar
  7. 7.
    Mullender, S.J.: Principles of Distributed Operating System Design, PhD thesis, Vrije University, Amsterdam (1985)Google Scholar
  8. 8.
    Oliver, R.G.: Protection in a Distributed Document Processing System. ACM Operating System Review 24(2), 56–66 (1990)CrossRefGoogle Scholar
  9. 9.
    Saltzer, J.H., Reed, D.P., Clark, D.: End-to-End Arguments in System Design. ACM Transactions on Computer Systems 2(4), 277–288 (1984)CrossRefGoogle Scholar
  10. 10.
    Snook, J.F.: Towards Secure, Optimistic, Distributed Open Systems, University of Hertfordshire Computer Science Technical Report 151 (1992)Google Scholar
  11. 11.
    Yahalom, R.: Managing the Order of Transactions in Widely-distributed Data Systems, University of Cambridge Computer Laboratory Technical Report 231 (1991)Google Scholar
  12. 12.
    VMS Distributed Lock Manager, VAX Cluster Manual, Digital Equipment CorporationGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Bruce Christianson
    • 1
  • Jean F. Snook
    • 1
  1. 1.Computer Science DepartmentUniversity of HertfordshireHatfieldEngland, Europe

Personalised recommendations