Secure program partitioning

被引：68

作者：

Zdancewic, S ^{[1
]}

Zheng, LT ^{[1
]}

Nystrom, N ^{[1
]}

Myers, AC ^{[1
]}

机构：

[1] Cornell Univ, Dept Comp Sci, Ithaca, NY 14853 USA

来源：

ACM TRANSACTIONS ON COMPUTER SYSTEMS | 2002年 / 20卷 / 03期

关键词：

security; languages; confidentiality; declassification; distributed systems; downgrading; integrity; mutual distrust; secrecy; security policies; type systems;

D O I：

10.1145/566340.566343

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

This paper presents secure program partitioning, a language- based technique for protecting confidential data during computation in distributed systems containing mutually untrusted hosts. Confidentiality and integrity policies can be expressed by annotating programs with security types that constrain information flow; these programs can then be partitioned automatically to run securely on heterogeneously trusted hosts. The resulting communicating subprograms collectively implement the original program, yet the system as a whole satisfies the security requirements of participating principals without requiring a universally trusted host machine. The experience in applying this methodology and the performance of the resulting distributed code suggest that this is a promising way to obtain secure distributed computation.

引用

页码：283 / 328

页数：46

共 49 条

[1] [Anonymous], 1998, P 25 ACM SIGPLAN SIG, DOI DOI 10.1145/268946.268976
[2] [Anonymous], 1998, POPL'98, Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, San Diego, CA, USA, January 19-21, DOI [DOI 10.1145/268946.268975, 10.1145/268946.268975]
[3] [Anonymous], P ACM S PRINC PROGR, DOI [10.1145/292540.292555, DOI 10.1145/292540.292555]
[4] [Anonymous], P ACM INT C FUNCT PR
[5] [Anonymous], POPL 00
[6] [Anonymous], 2000, P POPL 00
[7] [Anonymous], KERBEROS AUTHENTICAT
[8] BELL D, 1975, ESDTR75306
[9] BIBA KJ, 1977, ESDTR76372 USAF EL S
[10] Damgård I, 1999, LECT NOTES COMPUT SC, V1592, P56

← 1 2 3 4 5 →