home *** CD-ROM | disk | FTP | other *** search
- Path: sranha!wnoc-tyo-news!ccut!sun-barr!ames!agate!cs.cornell.edu!reiter
- From: reiter@cs.cornell.edu (Michael K. Reiter)
- Newsgroups: comp.archives
- Subject: [comp.sys.isis] Technical Report announcement
- Message-ID: <qppk2INNjol@agate.berkeley.edu>
- Date: 25 Mar 92 11:53:23 GMT
- References: <1992Mar24.164413.24258@cs.cornell.edu>
- Followup-To: comp.sys.isis
- Organization: Cornell Univ. CS Dept, Ithaca NY 14853
- Lines: 40
- Approved: adam@soda.berkeley.edu
- NNTP-Posting-Host: soda.berkeley.edu
- X-Original-Newsgroups: comp.sys.isis
- X-Original-Date: Tue, 24 Mar 1992 16:44:13 GMT
-
- Archive-name: auto/comp.sys.isis/Technical-Report-announcement
-
- Technical report 92-1274, entitled "How to Securely Replicate Services",
- is now available from Cornell University. It can be obtained by
- anyonymous ftp from ftp.cs.cornell.edu, from the "pub" directory. The
- file is in compressed postscript format and is entitled "TR92-1274.ps.Z".
- The abstract of the paper follows.
-
- ---------------------------------------------------------------------
-
- How to Securely Replicate Services
- (Preliminary Version)
-
- Michael Reiter
- Kenneth Birman
-
-
- A method is presented for constructing replicated services that retain
- their availability and integrity despite several servers and clients
- being corrupted by an intruder, in addition to others failing
- benignly. More precisely, a service is replicated by $n$ servers in
- such a way that a correct client will accept a correct server's
- response if, for some prespecified parameter $k$, at least $k$ servers
- are correct and fewer than $k$ servers are corrupt. The issue of
- maintaining causality among client requests is also addressed. A
- security breach resulting from an intruder's ability to effect a
- violation of causality in the sequence of requests processed by the
- service is illustrated. An approach to counter this problem is
- proposed that requires that fewer than $k$ servers are corrupt and, to
- ensure liveness, that $k \le n-2t$, where $t$ is the assumed maximum
- total number of both corruptions and benign failures suffered by
- servers in any system run. An important and novel feature of these
- schemes is that {\em the client need not be able to identify or
- authenticate even a single server}. Instead, the client is required
- only to possess at most two public keys for the service.
-
- ----------------------------------------------------------------------
-
- - Mike
- (reiter@cs.cornell.edu)
-