A Security Architecture for Fault-Tolerant Systems

ACM Transactions on Computer Systems (TOCS)

Volumn 12, Issue 4, 1994, Pages 340-371

  Reiter, Michael K ^a   Birman, Kenneth P ^b   van Renesse, Robbert ^b  

^a LUCENT TECHNOLOGIES   (United States)

^b Department of Obstetrics Gynecology   (United States)

Author keywords

key distribution; multicast; process groups

Indexed keywords

EID: 84976763336     PISSN: 07342071     EISSN: 15577333     Source Type: Journal    
DOI: 10.1145/195792.195823     Document Type: Article

References (51)

1. AMIR, Y., DOLEV, D., KRAMER, S., AND MALKI, D. 1992. Transis: A communication sub-system for high availability. In Proceedings of the 22nd International Symposium on Fault-Tolerant Computing. IEEE, New York, 76-84.
2. BELLOVIN, S. M., AND MERRITT, M. 1990. Limitations of the Kerberos authentication system. Comput. Commun. Rev. 20, 5 (Oct.), 119-132.
3. BIRMAN, K. P., AND JOSEPH, T. A. 1987a. Exploiting virtual synchrony in distributed systems. In Proceedings of the 11th Symposium on Operating Systems Principles. ACM, New York, 123-138.
4. ACM Transactions on Computer Systems, Vol. 12, No. 4, November 1994.
5. BIRMAN, K. P., AND JOSEPH, T. A. 1987b. Reliable communication in the presence of failures. ACM Trans. Comput. Syst. 5, 1 (Feb.), 44-76.
6. BIRMAN, K. P., SCHIPER, A., AND STEPHENSON, P. 1991. Lightweight causal and atomic group multicast. ACM Trans. Comput. Syst. 9, 3 (Aug.), 272-314.
7. CCITT. 1988. The directory-authentication framework, Recommendation X.509. International Telegraph and Telephone Consultative Committee, Geneva, Switzerland.
8. CHERITON, D. R., AND ZWAENEPOEL, W. 1985. Distributed process groups in the V kernel. ACM Trans. Comput. Syst. 3, 2 (May), 77-107.
9. CRISTIAN, F. 1989. Probabilistic clock synchronization. Distrib. Comput. 3, 3, 146-158.
10. DENNING, D. E., AND SACCO, G. M. 1981. Timestamps in key distribution protocols. Commun. ACM 24, 8 (Aug.), 533-536.
11. DEPARTMENT OF DEFENSE. 1985. Department of Defense trusted computer system evaluation criteria. DOD 5200.28-STD, Washington, D.C.
12. DESMEDT, Y., AND FRANKEL, Y. 1992. Shared generation of authenticators and signatures. In Advances in Cryptology-CRYPTO '91 Proceedings, J. Feigenbaum, Ed. Lecture Notes in Computer Science, vol. 576. Springer-Verlag, New York, 457-469.
13. DIFFIE, W., AND HELLMAN, M. E. 1979. Privacy and authentication: An introduction to cryptography. Proc. IEEE 67, 3 (Mar.), 397-427.
14. GALVIN, J. M., MCCLOGHRIE, K., AND DAVIN, J. R. 1991. Secure management of SNMP networks. In Integrated Network Management. Vol. 2. Elsevier Science Publishers B.V. (North-Holland), Amsterdam.
15. GONG, L. 1993. Increasing availability and security of an authentication service. IEEE J. Sel. Areas Commun. 11, 5, (June), 657-662.
16. GONG, L. 1992. A security risk of depending on synchronized clocks. ACM Oper. Syst. Rev. 26, 1 (Jan.), 49-53.
17. GONG, L. 1989. Using one-way functions for authentication. Comput. Commun. Rev. 19, 5 (Oct.), 8-11.
18. GUSELLA, R., AND ZATTI, S. 1984. TEMPO-A network time controller for a distributed Berkeley UNIX system. In Proceedings of the USENIX Summer Conference. USENIX Assoc., Berkeley, Calif., 78-85.
19. HERLIHY, M. P., AND TYGAR, J. D. 1988. How to make replicated data secure. In Advances in Cryptology-CRYPTO '87 Proceedings, C. Pomerance, Ed. Lecture Notes in Computer Science, vol. 293. Springer-Verlag, New York, 379-391.
20. JOSEPH, M. K. 1987. Towards the elimination of the effects of malicious logic: Fault tolerance approaches. In Proceedings of the 10th NBS/NCSC National Computer Security Conference. NBS/NCSC, Baltimore, Md., 238-244.
21. KAASHOEK, M. F. 1992. Group communication in distributed computer systems. Ph.D. thesis, Vrije Universiteit, The Netherlands.
22. KENT, S. T. 1993. Internet privacy enhanced mail. Commun. ACM 36, 8 (Aug.), 48-60.
23. LACY, J. B., MITCHELL, D. P., AND SCHELL, W. M. 1993, CryptoLib: Cryptography in software. In Proceedings of the 4th USENIX Security Workshop. USENIX Assoc., Berkeley, Calif., 1-17.
24. LAMPORT, L. 1978. Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21, 7 (July), 558-565.
25. LAMPSON, B., ABADI, M., BURROWS, M., AND WOBBER, E. 1992. Authentication in distributed systems: Theory and practice. ACM Trans. Comput. Syst. 10, 4 (Nov.), 265-310.
26. MARZULLO, K. 1990. Tolerating failures of continuous-valued sensors. ACM Trans. Comput. Syst. 8, 4 (Nov.), 284-304.
27. MILLS, D. L. 1989. RFC 1119: Network Time Protocol (version 2) specification and implementation. Internet Activities Board. Sept.
28. NATIONAL BUREAU OF STANDARDS 1977. Data encryption standard. Federation Information Processing Standards Publication 46, Government Printing Office, Washington, D.C.
29. NEEDHAM, R. M., AND SCHROEDER, M. D. 1978. Using encryption for authentication in large networks of computers. Commun. ACM 21, 12 (Dec.), 993-999.
30. PETERSON, L. L., BUCHHOLZ, N. C., AND SCHLICHTING, R. D. 1989. Preserving and using context information in interprocess communication. ACM Trans. Comput. Syst. 7, 3 (Aug.), 217-246.
31. ACM Transactions on Computer Systems, Vol. 12, No. 4, November 1994.
32. REITER, M. K. 1994. A secure group membership protocol. In Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy. IEEE, New York, 176-189.
33. REITER, M. K., AND BIRMAN, K. P. 1994. How to securely replicate services. ACM Trans. Program. Lang. Syst. 16, 3 (May), 986-1009.
34. REITER, M. K., AND GONG, L. 1993. Preventing denial and forgery of causal relationships in distributed systems. In Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy. IEEE, New York, 30-40.
35. REITER, M. K., BIRMAN, K. P., AND GONG, L. 1992. Integrating security in a group oriented distributed system. In Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy. IEEE, New York, 18-32.
36. RIVEST, R. L. 1991. The MD4 message digest algorithm. In Advances in Cryptology-CRYPTO '90 Proceedings, A. J. Menezes and S. A. Vanstone, Eds. Lecture Notes in Computer Science, vol. 537. Springer-Verlag, New York, 303-311.
37. RIVEST, R. L., AND DUSSE, S. 1992. RFC 1321: The MD5 message-digest algorithm. Internet Activities Board.
38. RIVEST, R. L., SHAMIR, A., AND ADLEMAN, L. 1978. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 2 (Feb.), 120-126.
39. SCHNEIDER, F. B. 1990. Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Comput. Surv. 22, 4 (Dec.), 299-319.
40. SIMONS, B., WELCH, J. L., AND LYNCH, N. 1990. An overview of clock synchronization. In Fault-Tolerant Distributed Computing, B. Simons and A, Spector, Eds. Lecture Notes in Computer Science, vol. 448. Springer-Verlag, New York, 84-96.
41. SMITH, S., AND TYGAR, J. D. 1993. Signed vector timestamps: A secure protocol for partial order time. Tech. Rep. CMU-CS-93-116, School of Computer Science, Carnegie Mellon Univ., Pittsburgh, Pa.
42. STEINER, J. G., NEUMAN, C., AND SCHILLER, J. I. 1988. Kerberos: An authentication service for open network systems. In Proceedings of the USENIX Winter Conference. USENIX Assoc., Berkeley, Calif., 191-202.
43. STUBBLEBINE, S. G., AND GLIGOR, V. D. 1992. On message integrity in cryptographic protocols. In Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy. IEEE, New York, 85-104.
44. TARDO, J. J., AND ALAGAPPAN, K. 1991. SPX: Global authentication using public key certificates. In Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy. IEEE, New York, 232-244.
45. TSUDIK, G. 1992. Message authentication with one-way hash functions. In Proceedings of IEEE INFOCOM '92. IEEE, New York, 2055-2059.
46. TUCHMAN, W. 1979. Heilman presents no shortcut solutions to the DES. IEEE Spectrum 16, 7 (July), 40-41.
47. TURN, R., AND HABIBI, J. 1986. On the interactions of security and fault-tolerance. In Proceedings of the 9th NBS/NCSC National Computer Security Conference. NBS-NCSC, Baltimore, Md., 138-142.
48. TYGAR, J. D., AND YEE, B. S. 1991. Strongbox. In Camelot and Avalon, A Distributed Transaction Facility, J. L. Eppinger, L. B. Mummert, and A. Z. Spector, Eds. Morgan Kaufmann, San Mateo, Calif., 381-400.
49. VAN RENESSE, R., BIRMAN, K., COOPER, R., GLADE, B., AND STEPHENSON, P. 1992. Reliable multicast between microkernels. In Proceedings of the USENIX Microkernels and Other Kernel Architectures Workshop. USENIX Assoc., Berkeley, Calif.
50. VOYDOCK, V. L., AND KENT, S. T. 1983. Security mechanisms in high-level network protocols. ACM Comput. Surv. 15, 2 (June), 135-171.
51. WOBBER, E., ABADI, M., BURROWS, M., AND LAMPSON, B. 1993. Authentication in the Taos operating system. In Proceedings of the 14th ACM Symposium on Operating Systems Principles. ACM, New York, 256-269.