Abstract
This paper describes a new approach for security in open distributed systems. This approach is currently developed in the framework of the Delta4 project. After a few reminders about two existing distributed security architectures, the proposed “intrusion-tolerant” approach is specified. It is based on a fragmentation-scattering technique applied to a security server running on several security sites. These sites are such that intrusions into a number of sites less than a given threshold have no consequence on the global security. The different security services provided are then presented.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
BELL D. E. and LAPADULA L. J, “Secure Computer Systems: Mathematical Foundations and Model”, M74-244, MITRE Co., October 1974.
BLAKLEY G. R, “Safeguarding Cryptographic Keys”, Proc. NCC, Vol. 48, AFIPS Press, Montvale N. J., 1979, pp. 313–317.
DENNING D. E., “An Intrusion-Detection Model”, Proc. of IEEE Symp. on Security and Privacy, Oakland, April 1986, pp. 118–132.
D.o.D., “Department of Defense Trusted Computer System Evaluation Criteria”, DOD 5200.28-STD, December 1985.
FIAT A., SHAMIR A., “How to Prove Yourself: Practical Solutions of Identification and Signature Problems”, Advances in Cryptology — CRYPTO’86. Santa Barbara, August 1986, Lecture Notes in Computer Science Vol. 263, Springer Verlag, ISBN 0-387-18047-8, pp.186–194.
FRAGA J., POWELL D., “A Fault and Intrusion-Tolerant file System”, in Computer Security: the practical issues in a troubled world, Proc. 3rd Int. Cong, on Comp. Security (IFIP/SEC’85), Dublin, Ireland, August 1985, ISBN 0-1-87801-7, pp. 203–218.
FRAY J.M., DESWARTE Y., POWELL D., “Intrusion-Tolerance using Fine-Grain Fragmentation Scattering”, Proc. on the 1986 IEEE Symp. on Security and Privacy, Oakland, April 1986, pp. 194–201.
GUILLOU L.C., QUISQUATER J.J., “A Practical Zero-knowledge Protocol Fitted to Security Microprocessor Minimizing both Transmission and Memory”, Advances in Criptology - Eurocrypt 88, Davos, Switzerland, May 1988, Lecture Notes in Computer Science Vol. 330, Springer Verlag, ISBN 0-387-50251-3, pp. 123–128.
HARRISON M. A., RUZZO W. L. and ULLMAN J. D., “Protection in Operating Systems”, Comm. of ACM, Vol. 19, no 8, August 1976, pp. 461–471.
I.S.O., International Standard 7498-2: Information processing systems - OSI Reference model - Part 2: Security Architecture, Tech. Rept. no 2890, ISO/IEC JTCI/SC21, July 1988.
LAPRIE J.C., “Dependability: Basic Concepts and Associated Terminology”, in Dependability Concepts and Terminology, ESPRIT BRA PROJECT 3092 Predictably Dependable Computing Systems, First Year Report, Task A, Vol. 1, May 1990.
MILLER S.P., NEUMAN B.C., SCHILLER J.I. and SALTZER J.H., “Kerberos Authentication and authorization System”, MIT Proj. Athena Technical Plan, Sect. E. 2. 1, December 1987.
N.C.S.C., “Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria”, NCSC-TG-OOS, July 1987.
RANEA P.G., DESWARTE Y., FRAY J.M., POWELL D., “The Security Approach in Delta-4”, Research into Networks and Distributed Applications EUTECO’88, Vienna, Austria, April 1988, ISBN 0111-70428-0, pp. 455–466.
SHAMIR A., “How to Share a Secret”, Comm. of ACM, Vol. 22, no 11, November 1979, pp. 612–613.
STEINER J. G., NEUMAN C. and SCHILLER J.I., “Kerberos: An Authentication Service for Open Network Systems”, USENIX Winter Conf., Dallas, February 1988.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1990 ECSC, EEC, EAEC, Brussels and Luxembourg
About this paper
Cite this paper
Blain, L., Deswarte, Y. (1990). Intrusion-Tolerant Security Servers for Delta-4. In: ESPRIT ’90. Springer, Dordrecht. https://doi.org/10.1007/978-94-009-0705-8_25
Download citation
DOI: https://doi.org/10.1007/978-94-009-0705-8_25
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-010-6803-1
Online ISBN: 978-94-009-0705-8
eBook Packages: Springer Book Archive