CesiumSpray: a Precise and Accurate Global Time Servicefor Large-scale Systems
Real-Time Systems - Special issue on global time in large scale distributed real-time systems, part III
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Delta Four: A Generic Architecture for Dependable Distributed Computing
Delta Four: A Generic Architecture for Dependable Distributed Computing
he Timely Computing Base: Timely Actions in the Presence of Uncertain Timeliness
DSN '00 Proceedings of the 2000 International Conference on Dependable Systems and Networks (formerly FTCS-30 and DCCA-8)
ACM SIGOPS Operating Systems Review
Efficient Byzantine-Resilient Reliable Multicast on a Hybrid Failure Model
SRDS '02 Proceedings of the 21st IEEE Symposium on Reliable Distributed Systems
Smartcard integration with Kerberos V5
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Providing authentication to messages signed with a smart card in hostile environments
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Applying Architectural Hybridization in Networked Embedded Systems
SEUS '09 Proceedings of the 7th IFIP WG 10.2 International Workshop on Software Technologies for Embedded and Ubiquitous Systems
Small trusted primitives for dependable systems
ACM SIGOPS Operating Systems Review
HotDep'05 Proceedings of the First conference on Hot topics in system dependability
| Hi-index | 0.00 |
This paper describes the design of a security kernel called TTCB, which has innovative features. Firstly, it is a distributed sub-system with its own secure network. Secondly, the TTCB is real-time, that is, a synchronous subsystem capable of timely behavior. These two characteristics together are uncommon in security kernels. Thirdly, the TTCB can be implemented using only COTS components. We discuss essentially three things in this paper: (1) The TTCB is a simple component providing a small set of basic secure services. It aims at building a new style of protocols to achieve intrusion tolerance, which for the most part execute in insecure, arbitrary failure environments, and resort to the TTCB only in crucial parts of their operation. (2) Besides, the TTCB is a synchronous device supplying functions that may be an enabler of a new generation of timed secure protocols, until now known to be fragile due to attacks on timing assumptions. (3) Finally, we present a design methodology that establishes our hybrid failure assumptions in a well-founded manner. It helps us to achieve a robust design, despite using exclusively COTS components, with the advantage of allowing the security kernel to be easily deployed on widely used platforms.