Academic
Publications
The Digital Distributed System Security Architecture

The Digital Distributed System Security Architecture,Andy Goldstein,Butler Lampson,Charlie Kaufman,Morrie Gasser

The Digital Distributed System Security Architecture   (Citations: 129)
BibTex | RIS | RefWorks Download
The Digital Distributed System Security Architecture is a comprehensive specification for security in a distributed system that employs state-of-the-art concepts to address the needs of both commercial and government environments. The architecture covers user and system authentication, mandatory and discretionary security, secure initialization and loading, and delegation in a general-purpose computing environment of heterogeneous systems where there are no central authorities, no global trust, and no central controls. The architecture prescribes a framework for all applications and operating systems currently available or to be developed. Because the distributed system is an open OSI environment, where functional interoperability only requires compliance with selected protocols needed by a given application, the architecture must be designed to securely support systems that do not implement or use any of the security services, while providing extensive additional security capabilities for those systems that choose to implement the architecture.
Published in 1989.
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...While Trusted Computing may be the most visible aspect of this research area, we show that many of the techniques used by Trusted Computing date back to the 1980s [33]...
    • ...It is also possible to employ both types of boot simultaneously [33]...
    • ...At this point, it is in a fresh “canonical” form that is likely to be similar across many platforms [33, 63]...
    • ...Gasser et al. [33]), a hardware-based root of trust initiates the chain of trust by measuring the initial BIOS code (see Figure 1). The BIOS then measures and executes the bootloader, and the bootloader, in turn, measures and executes the operating system...
    • ...Unfortunately, existing literature [30, 33, 77] tends to conflate these two types of attacks, obscuring the relative merits of techniques for securing measurements...
    • ...CERTIFICATE CHAINS. Initial architecture designs for recording code identity measurements employed certificate chains [30, 33]...
    • ...Before loading a new piece of software, Gasser et al. require the currently running system to generate a certificate for the new software [33]...
    • ...How can a user tell if her computer has booted into a secure state? One approach is to use a technique first described by Gasser et al. [33] and later dubbed “secure boot” [5]...
    • ...In a computer supporting secure boot, each system component, starting with the computer’s boot ROM, compares the measurement of code to be loaded to a list of measurements for authorized software (authorization is typically expressed via a signature from a trusted authority, which requires the authority’s public key to be embedded in the computer’s firmware) [5, 33]...

    Bryan Parnoet al. Bootstrapping Trust in Commodity Computers

    • ...Such secure hardware makes it possible to issue unforgeable certicates describing the software environment and dynamic state of a device through attestation [5]...
    • ...A TPM attestation is a remotelyveriable, unforgeable, and tamperproof certicate that binds a software-specied message to the particular hardware and software platform that generated it [5]...

    Alan Shiehet al. NetQuery: a knowledge plane for reasoning about network properties

    • ...The idea of building security into open, connected systems by using computing platforms enhanced by security-relevant functionality in protected places has a long history, rooted in the study by the Rand Corporation [13]...

    Andreas Leicheret al. Implementation of a Trusted Ticket System

    • ...Existing hardwarebased solutions for establishing trust [4]‐[11], such as those using trusted platform modules (TPMs), do not apply well in local settings because they require a separate computational device to verify the attestations produced by the trusted hardware (generally digital signatures)...
    • ...Existing hardware solutions require the use of a separate, verifying device that must be trusted [5]‐[11], [17], [18], or they require trust in some small portion of software [19]...

    Ryan W. Gardneret al. Detecting code alteration by creating a temporary memory bottleneck

    • ...Concepts: A principal is an entity that can be granted access to objects or can make statements affecting access control decisions [7]...

    Erica Y. Yanget al. DToken: A Lightweight and Traceable Delegation Architecture for Distri...

Sort by: