Linearizability: a correctness condition for concurrent objects
ACM Transactions on Programming Languages and Systems (TOPLAS)
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
New Hybrid Fault Models for Asynchronous Approximate Agreement
IEEE Transactions on Computers
Safe kernel extensions without run-time checking
OSDI '96 Proceedings of the second USENIX symposium on Operating systems design and implementation
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
ACM Transactions on Computer Systems (TOCS)
Practical Byzantine fault tolerance
OSDI '99 Proceedings of the third symposium on Operating systems design and implementation
The Byzantine Generals Problem
ACM Transactions on Programming Languages and Systems (TOPLAS)
Communications of the ACM
OceanStore: an architecture for global-scale persistent storage
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Practical byzantine fault tolerance and proactive recovery
ACM Transactions on Computer Systems (TOCS)
An Architecture for Survivable Coordination in Large Distributed Systems
IEEE Transactions on Knowledge and Data Engineering
The Design of a COTSReal-Time Distributed Security Kernel
EDCC-4 Proceedings of the 4th European Dependable Computing Conference on Dependable Computing
OLD Resolution with Tabulation
Proceedings of the Third International Conference on Logic Programming
A Digital Signature Based on a Conventional Encryption Function
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
Secure History Preservation Through Timeline Entanglement
Proceedings of the 11th USENIX Security Symposium
On Certificate Revocation and Validation
FC '98 Proceedings of the Second International Conference on Financial Cryptography
he Timely Computing Base: Timely Actions in the Presence of Uncertain Timeliness
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
Model-carrying code: a practical approach for safe execution of untrusted applications
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Xen and the art of virtualization
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Separating agreement from execution for byzantine fault tolerant services
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Shield: vulnerability-driven network filters for preventing known vulnerability exploits
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
The IBM PCIXCC: a new cryptographic coprocessor for the IBM eServer
IBM Journal of Research and Development
Proceedings of the 11th ACM conference on Computer and communications security
The LOCKSS peer-to-peer digital preservation system
ACM Transactions on Computer Systems (TOCS)
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Fault-scalable Byzantine fault-tolerant services
Proceedings of the twentieth ACM symposium on Operating systems principles
Implementing declarative overlays
Proceedings of the twentieth ACM symposium on Operating systems principles
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
Proactive resilience through architectural hybridization
Proceedings of the 2006 ACM symposium on Applied computing
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
A fresh look at the reliability of long-term digital storage
Proceedings of the 1st ACM SIGOPS/EuroSys European Conference on Computer Systems 2006
Singularity: rethinking the software stack
ACM SIGOPS Operating Systems Review - Systems work at Microsoft Research
Glacier: highly durable, decentralized storage despite massive correlated failures
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Proactive recovery in a Byzantine-fault-tolerant system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Secure untrusted data repository (SUNDR)
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
vTPM: virtualizing the trusted platform module
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Efficient replica maintenance for distributed storage systems
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
Strong accountability for network storage
FAST '07 Proceedings of the 5th USENIX conference on File and Storage Technologies
Sealing OS processes to improve dependability and safety
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Attested append-only memory: making adversaries stick to their word
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Is a bot at the controls?: Detecting input data attacks
Proceedings of the 6th ACM SIGCOMM workshop on Network and system support for games
Improving Xen security through disaggregation
Proceedings of the fourth ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
Diverse replication for single-machine Byzantine-fault tolerance
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Spamalytics: an empirical analysis of spam marketing conversion
Proceedings of the 15th ACM conference on Computer and communications security
Tiered fault tolerance for long-term integrity
FAST '09 Proccedings of the 7th conference on File and storage technologies
TrInc: small trusted hardware for large distributed systems
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Not-a-Bot: improving service availability in the face of botnet attacks
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Proceedings of the eighteenth international symposium on Software testing and analysis
Dynamics of a Trusted Platform: A Building Block Approach
Dynamics of a Trusted Platform: A Building Block Approach
seL4: formal verification of an OS kernel
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Neon: system support for derived data management
Proceedings of the 6th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Super-efficient verification of dynamic outsourced databases
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Uncertainty and predictability: can they be reconciled?
Future directions in distributed computing
Testing system virtual machines
Proceedings of the 19th international symposium on Software testing and analysis
TrustVisor: Efficient TCB Reduction and Attestation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Bootstrapping Trust in Commodity Computers
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Prophecy: using history for high-throughput fault tolerance
NSDI'10 Proceedings of the 7th USENIX conference on Networked systems design and implementation
Device driver safety through a reference validation mechanism
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Comet: an active distributed key-value store
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
The virtue of dependent failures in multi-site systems
HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Saturn: a SAT-based tool for bug detection
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Hi-index | 0.00 |
Secure, fault-tolerant distributed systems are difficult to build, to validate, and to operate. Conservative design for such systems dictates that their security and fault tolerance depend on a very small number of assumptions taken on faith; such assumptions are typically called the "trusted computing base" (TCB) of a system. However, a rich trade-off exists between larger TCBs and more secure, more faulttolerant, or more efficient systems. In our recent work, we have explored this trade-off by defining "small," generic trusted primitives--for example, an attested, monotonically sequenced FIFO buffer of a few hundred machine words guaranteed to hold appended words until eviction and showing how such primitives can improve the performance, fault tolerance, and security of systems using them. In this article, we review our efforts in generating simple trusted primitives such as an attested circular buffer (called Attested Appendonly Memory), and an attested human activity detector. We describe the benefits of using these primitives to increase the fault-tolerance of replicated systems and archival storage, and to improve the security of email SPAM and click-fraud prevention systems. Finally, we share some lessons we have learned from this endeavor.