
Departmental Papers (CIS)
Date of this Version
May 2003
Document Type
Conference Paper
Recommended Citation
Lantian Zheng, Stephen Chong, Andrew C. Myers, and Stephan A. Zdancewic, "Using Replication and Partitioning to Build Secure Distributed Systems", . May 2003.
Abstract
A challenging unsolved security problem is how to specify and enforce system-wide security policies; this problem is even more acute in distributed systems with mutual distrust. This paper describes a way to enforce policies for data confidentiality and integrity in such an environment. Programs annotated with security specifications are statically checked and then transformed by the compiler to run securely on a distributed system with untrusted hosts. The code and data of the computation are partitioned across the available hosts in accordance with the security specification. The key contribution is automatic replication of code and data to increase assurance of integrity—without harming confidentiality, and without placing undue trust in any host. The compiler automatically generates secure run-time protocols for communication among the replicated code partitions. Results are given from a prototype implementation applied to various distributed programs.
Date Posted: 21 November 2004
This document has been peer reviewed.
Comments
Copyright 2003 IEEE. Reprinted from Proceedings of the 2003 IEEE Symposium on Security and Privacy (SP 2003) pages 236-250.
Publisher URL: http://ieeexplore.ieee.org/xpl/tocresult.jsp?isNumber=27002&page=1
This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to pubs-permissions@ieee.org. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.