SIGCOMM '86 Proceedings of the ACM SIGCOMM conference on Communications architectures & protocols
Security Mechanisms in High-Level Network Protocols
ACM Computing Surveys (CSUR)
Limits of Anonymity in Open Environments
IH '02 Revised Papers from the 5th International Workshop on Information Hiding
TOOLS '98 Proceedings of the 10th International Conference on Computer Performance Evaluation: Modelling Techniques and Tools
Research problems of decentralized systems with largely autonomous nodes
ACM SIGOPS Operating Systems Review
The Lattice Security Model In A Public Computing Network
ACM '78 Proceedings of the 1978 annual conference
Vulnerabilities in Synchronous IPC Designs
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Using Replication and Partitioning to Build Secure Distributed Systems
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Probabilistic Treatment of MIXes to Hamper Traffic Analysis
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
Technical challenges of network anonymity
Computer Communications
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Towards trustworthy participatory sensing
HotSec'09 Proceedings of the 4th USENIX conference on Hot topics in security
An analysis of the timed Z-channel
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
| Hi-index | 0.00 |
This thesis examines the issues relating to non-discretionary access controls for decentralized computing systems. Decentralization changes the basic character of a computing system from a set of processes referencing a data base to a set of processes sending and receiving messages. Because messages must be acknowledged, operations that were read-only in a centralized system become read-write operations. As a result, the lattice model of non-discretionary access control, which mediates operations based on read versus read-write considerations, does not allow direct transfer of algorithms from centralized systems to decentralized systems. This thesis develops new mechanisms that comply with the lattice model and provide the necessary functions for effective decentralized computation. Secure protocols at several different levels are presented in the thesis. At the lowest level, a host or host protocol is shown that allows communication between hosts with effective internal security controls. Above this level, a host independent naming scheme is presented that allows generic naming of services in a manner consistent with the lattice model. The use of decentralized processing to aid in the downgrading of information is shown in the design of a secure intelligent terminal. Schemes are presented to deal with the decentralized administration of the lattice model, and with the proliferation of access classes as the user community of a decentralized system become more diverse. Limitations in the use of end-to-end encryption when used with the lattice model are identified, and a scheme is presented to relax these limitations for broadcast networks. Finally, a scheme is presented for forwarding authentication information between hosts on a network, without transmitting passwords (or their equivalent) over a network.