Using replication and partitioning to build secure distributed systems

Proceedings - IEEE Symposium on Security and Privacy

Volumn 2003-January, Issue , 2003, Pages 236-250

  Zheng, Lantian ^a   Chong, S ^a   Myers, A C ^a   Zdancewic, S ^b  

^a Department of Computer Science and School of Operations Research and Information Engineering   (United States)

^b UNIVERSITY OF PENNSYLVANIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

CODES (SYMBOLS); PROGRAM COMPILERS; SPECIFICATIONS;

DATA CONFIDENTIALITY; DISTRIBUTED PROGRAM; DISTRIBUTED SYSTEMS; PROTOTYPE IMPLEMENTATIONS; RUNTIMES; SECURE DISTRIBUTED SYSTEMS; SECURITY POLICY; SECURITY PROBLEMS;

NETWORK SECURITY;

EID: 59449105095     PISSN: 10816011     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SECPRI.2003.1199340     Document Type: Conference Paper

References (61)

1. Johan Agat. Transforming out timing leaks. In Proc. 27th ACM Symp. on Principles of Programming Languages (POPL), pages 40-53, Boston, MA, January 2000.
2. Adam Back, Ulf Möller, and Anton Stiglic. Traffic analysis attacks and trade-offs in anonymity providing systems. Lecture Notes in Computer Science, 2137, 2001.
3. Anindya Banerjee and David A. Naumann. Secure information flow and pointer confinement in a Java-like language. In IEEE Computer Security Foundations Workshop (CSFW), June 2002.
4. K. J. Biba. Integrity considerations for secure computer systems. Technical Report ESD-TR-76-372, USAF Electronic Systems Division, Bedford, MA, April 1977. (Also available through National Technical Information Service, Springfield Va., NTIS AD-A039324.).
5. Manuel Blum. Coin flipping by telephone. In Advances in Cryptology: A Report on CRYPTO 81, pages 11-15, 1981.
6. Gerard Boudol and Ilaria Castellani. Noninterference for concurrent programs. In Proc. ICALP, volume 2076 of Lecture Notes in Computer Science, pages 382-395, July 2001.
7. Miguel Castro and Barbara Liskov. Practical Byzantine Fault Tolerance. In Proceedings of the Third Symposium on Operating Systems Design and Implementation (to appear), New Orleans, LA, February 1999.
8. Crispin Cowan, Calton Pu, Dave Maier, Heather Hinton, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, and Qian Zhang. Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th USENIX Security Conference, January 1998.
9. Dorothy E. Denning and Peter J. Denning. Certification of programs for secure information flow. Comm. of the ACM, 20(7):504-513, July 1977.
10. Ulfar Erlingsson and Fred B. Schneider. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigm Workshop, Caledon Hills, Ontario, Canada, 1999.
11. David Evans and Andrew Twyman. Flexible policy-directed code safety. In Proc. IEEE Symposium on Security and Privacy, Oakland, May 1999.
12. Jean-Charles Fabre, Yves Deswarte, and Brian Randell. Designing secure and reliable applications using fragmentation-redundancy-scattering: an object-oriented approach. In PDCS 2: Open Conference, pages 343-362, Newcastle-upon-Tyne, 1994. Dept of Computing Science, University of Newcastle, NE1 7RU, UK.
13. Richard J. Feiertag. A technique for proving specifications are multilevel secure. Technical Report CSL-109, SRI International Computer Science Lab, Menlo Park, California, January 1980.
14. J. S. Fenton. Memoryless subsystems. Computing J., 17(2):143-147, May 1974.
15. George Fink and Karl Levitt. Property-based testing of privileged programs. In Proceedings of the 10th Annual Computer Security Applications Conference, pages 154-163, Orlando, FL, 1994. IEEE Computer Society Press.
16. Joseph A. Goguen and Jose Meseguer. Security policies and security models. In Proc. IEEE Symposium on Security and Privacy, pages 11-20, April 1982.
17. Andrew D. Gordon and Alan Jeffrey. Typing correspondence assertions for communication protocols. In Preliminary Proceedings of the 17th Conference on the Mathematical Foundations of Programming Semantics (MFPS 17), Aarhus, May 2001. BRICS Notes Series NS-01-2, May 2001, pages 99-120.
18. Nevin Heintze and Jon G. Riecke. The SLam calculus: Programming with secrecy and integrity. In Proc. 25th ACM Symp. on Principles of Programming Languages (POPL), pages 365-377, San Diego, California, January 1998.
19. Kohei Honda and Nobuko Yoshida. A uniform type structure for secure information flow. In Proc. 29th ACM Symp. on Principles of Programming Languages (POPL), pages 81-92. ACM Press, January 2002.
20. Paul A. Karger. Non-discretionary access control for decentralized computing systems. Technical Report MIT/LCS/TR-179, MIT Laboratory for Computer Science, Cambridge, MA, May 1977.
21. Gregory E. Kersten, Sunil J. Noronha, and Jeffrey Teich. Are all e-commerce negotiations auctions? In Proc. COOP'2000: 4th International Conference on the Design of Cooperative Systems,, Sophia-Antipolis, France, May 2000.
22. James R. Lyle, Dolores R. Wallace, James R. Graham, Keith. B. Gallagher, Joseph. P. Poole, and David. W. Binkley. Unravel: A CASE tool to assist evaluation of high integrity software. IR 5691, NIST, 1995.
23. Dahlia Malkhi and Michael Reiter. Secure and scalable replication in Phalanx. In Proc. of the 17th IEEE Symposium on Reliable Distributed Systems, October 1998.
24. Heiko Mantel and Andrei Sabelfeld. A generic approach to the security of multi-threaded programs. In Proc. 14th IEEE Computer Security Foundations Workshop, pages 126-142. IEEE Computer Society Press, June 2001.
25. M. Douglas McIlroy and James A. Reeds. Multilevel security in the UNIX tradition. Software - Practice and Experience, 22(8):673-694, August 1992.
26. John McLean. Security models and information flow. In Proc. IEEE Symposium on Security and Privacy, pages 180-187, 1990.
27. Jonathan K. Millen. Security kernel validation in practice. Comm. of the ACM, 19(5):243-250, May 1976.
28. Jonathan K. Millen. Information flow analysis of formal specifications. In Proc. IEEE Symposium on Security and Privacy, pages 3-8, April 1981.
29. Andrew C. Myers. JFlow: Practical mostly-static information flow control. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), pages 228-241, San Antonio, TX, January 1999.
30. Andrew C. Myers and Barbara Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology, 9(4):410-442, October 2000.
31. Andrew C. Myers, Nathaniel Nystrom, Lantian Zheng, and Steve Zdancewic. Jif: Java information flow. Software release. Located at http://www.cs.cornell.edu/jif, July 2001.
32. Jens Palsberg and Peter Ørbæk. Trust in the λ-calculus. In Proc. 2nd International Symposium on Static Analysis, number 983 in Lecture Notes in Computer Science, pages 314-329. Springer, September 1995.
33. François Pottier. A simple view of type-secure information flow in the pi-calculus. In Proc. IEEE Computer Security Foundations Workshop, pages 320-330, June 2002.
34. François Pottier and Sylvain Conchon. Information flow inference for free. In Proc. 5nd ACM SIGPLAN International Conference on Functional Programming (ICFP), pages 46-57, 2000.
35. François Pottier and Vincent Simonet. Information flow inference for ML. In Proc. 29th ACM Symp. on Principles of Programming Languages (POPL), pages 319-330, 2002.
36. Ronald L. Rivest. The MD5 message-digest algorithm. Internet RFC-1321, April 1992.
37. Andrei Sabelfeld and Heiko Mantel. Static confidentiality enforcement for distributed programs. In Proceedings of the 9th International Static Analysis Symposium, volume 2477 of LNCS, Madrid, Spain, September 2002. Springer-Verlag.
38. Andrei Sabelfeld and Andrew Myers. Language-based information-flow security. IEEE Journal on Selected Areas in Communications, 21(1), January 2003.
39. Andrei Sabelfeld and David Sands. Probabilistic noninterference for multi-threaded programs. In Proc. 13th IEEE Computer Security Foundations Workshop, pages 200-214. IEEE Computer Society Press, July 2000.
40. Fred B. Schneider. Implementing fault-tolerant services using the state machine approach: a tutorial. ACM Computing Surveys, 22(4):299-319, December 1990.
41. Fred B. Schneider. Enforceable security policies. ACM Transactions on Information and System Security, 3(1):30-50, 2001. Also available as TR 99-1759, Computer Science Department, Cornell University, Ithaca, New York.
42. Bruce Schneier. Applied Cryptography. John Wiley and Sons, New York, NY, 1996.
43. Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner. Detecting format string vulnerabilities with type qualifiers. In Proceedings of the 10th USENIX Security Symposium, 2001.
44. Geoffrey Smith. A new type system for secure information flow. In CSFW14, pages 115-125. IEEE Computer Society Press, June 2001.
45. Geoffrey Smith and Dennis Volpano. Secure information flow in a multi-threaded imperative language. In Proc. 25th ACM Symp. on Principles of Programming Languages (POPL), pages 355-364, San Diego, California, January 1998.
46. Jennifer G. Steiner, B. Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An authentication service for open network systems. Technical report, Project Athena, MIT, Cambridge, MA, March 1988.
47. John D. Strunk, Garth R. Goodson, Michael L. Scheinholtz, Craig A. N. Soules, and Gregory R. Ganger. Self-securing storage: Protecting data in compromised systems. In Operating Systems Design and Implementation (OSDI), pages 165-180, San Diego, CA, October 2000.
48. Sun Microsystems. Java Language Specification, version 1.0 beta edition, October 1995. Available at ftp://ftp.javasoft.com/docs/javaspec.ps.zip.
49. David Sutherland. A model of information. In Proc. 9th National Security Conference, pages 175-183, Gaithersburg, Md., 1986.
50. Frank Tip. A survey of program slicing techniques. Journal of Programming Languages, 3:121-189, 1995.
51. Gilles Trouessin, Jean-Charles Fabre, and Yves Deswarte. Improvement of data processing security by means of fault tolerance. In 14th National Computer Security Conference, pages 295-304, Washington, USA, 1991.
52. Dennis Volpano and Geoffrey Smith. Probabilistic noninterference in a concurrent language. J. Computer Security, 7(23):231-253, November 1999.
53. Dennis Volpano, Geoffrey Smith, and Cynthia Irvine. A sound type system for secure flow analysis. Journal of Computer Security, 4(3):167-187, 1996.
54. Robert Wahbe, Steven Lucco, Thomas E. Anderson, and Susan L. Graham. Efficient software-based fault isolation. In Proc. 14th ACM Symp. on Operating System Principles, pages 203-216. ACM Press, December 1993.
55. Dan S. Wallach, Andrew W. Appel, and Edward W. Felten. The security architecture formerly known as stack inspection: A security mechanism for language-based systems. ACM Transactions on Software Engineering and Methodology, 9(4), October 2000.
56. Mark Weiser. Program slicing. IEEE Transactions on Software Engineering, 10(4):352-357, 1984.
57. J. Todd Wittbold and Dale M. Johnson. Information flow in nondeterministic systems. In Proc. IEEE Symposium on Security and Privacy, pages 144-161, May 1990.
58. Tatu Ylonen. SSH - secure login connections over the Internet. In The Sixth USENIX Security Symposium Proceedings, pages 37-42, San Jose, California, 1996.
59. Steve Zdancewic and Andrew C. Myers. Robust declassification. In Proc. 14th IEEE Computer Security Foundations Workshop, pages 15-23, Cape Breton, Nova Scotia, Canada, June 2001.
60. Steve Zdancewic and Andrew C. Myers. Secure information flow and CPS. In Proc. 10th European Symposium on Programming, volume 2028 of Lecture Notes in Computer Science, pages 46-61, 2001.
61. Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. Secure program partitioning. ACM Transactions on Computer Systems, 20(3):283-328, August 2002.