论文信息 - Preserving integrity in remote file location and retrieval

Preserving integrity in remote file location and retrieval

We present a service for locating and retrieving files from an untrusted network such that the integrity of the retrieved files can be verified. This service enables groups of people in geographically remote locations to share files using an untrusted network. For example, distribution, of an organization's software to all the organization's sites can be accomplished using this service. Distribution of files in an untrusted network is complicated by two issues: (1) location of files and (2) verification of file integrity. ftp and World-wide Web (WWW) services require some user intervention to locate a file, so they cannot be embedded in automated systems. Distributed systems have mechanisms for automated file location and retrieval, but they require trust in all system principals and do not provide an appropriate balance between availability of files and retrieval cost for our applications. Verification of the integrity of a file retrieved from an untrusted network is necessary because the file is subject to malicious modification attacks. Our service provides the capability to automatically locate, retrieve, and verify files specified by a client using a single trusted principal. We demonstrate our service by building a system shell that automatically downloads remote software when needed.

Trent Jaeger | Aviel D. Rubin | A. Rubin | T. Jaeger

[1] Robbert van Renesse,et al. Experiences with the Amoeba distributed operating system , 1990, CACM.

[2] Adi Shamir,et al. On Digital Signatures and Public-Key Cryptosystems. , 1977 .

[3] Roger M. Needham,et al. Grapevine: an exercise in distributed computing , 1982, CACM.

[4] Sun Microsystems,et al. RPC: Remote Procedure Call Protocol specification: Version 2 , 1988, RFC.

[5] Andrew P. Black,et al. Fine-grained mobility in the Emerald system , 1987, TOCS.

[6] Ralph C. Merkle,et al. Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[7] Paul Hudak,et al. Memory coherence in shared virtual memory systems , 1989, TOCS.

[8] David R. Cheriton,et al. The V distributed system , 1988, CACM.

[9] 염흥렬,et al. [서평]「Applied Cryptography」 , 1997 .

[10] Aviel D. Rubin. Trusted distribution of software over the Internet , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[11] David R. Cheriton,et al. Decentralizing a global naming service for improved performance and fault tolerance , 1989, TOCS.

[12] Ronald L. Rivest,et al. The MD5 Message-Digest Algorithm , 1992, RFC.

[13] Butler W. Lampson,et al. Designing a global name service , 1986, PODC '86.

[14] John Linn,et al. Privacy enhancement for Internet electronic mail: Part III - algorithms, modes, and identifiers , 1989, RFC.

[15] John K. Ousterhout,et al. Tcl and the Tk Toolkit , 1994 .