Securing Causal Relationships in Distributed Systems

In a distributed system, it is often important to detect the causal relationships between events, where event e 1 is causally before event e 2 if e 1 happened before e 2 and could possibly have affected the occurrence of e 2 . In this paper we argue that it can be essential to security that a process determine, in the face of malicious attack, how two events are causally related. We formulate attacks on causality detection in terms of causal denial and forgery, formalize possible security goals with respect to causality, and present simple algorithms to attain these goals in some situations.

[1]  Kenneth P. Birman,et al.  Using process groups to implement failure detection in asynchronous environments , 1991, PODC '91.

[2]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[3]  Mark R. Tuttle,et al.  A Semantics for a Logic of Authentication , 1991, PODC 1991.

[4]  Michael K. Reiter,et al.  Integrating security in a group oriented distributed system , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[6]  Kenneth P. Birman,et al.  Reliable communication in the presence of failures , 1987, TOCS.

[7]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[8]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[9]  Sean W. Smith,et al.  Signed Vector Timestamps: A Secure Protocol for Partial Order Time , 1993 .

[10]  Michael K. Reiter,et al.  Preventing denial and forgery of causal relationships in distributed systems , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Richard D. Schlichting,et al.  Preserving and using context information in interprocess communication , 1989, TOCS.

[12]  Sean W. Smith,et al.  Security and Privacy for Partial Order Time , 1994 .

[13]  Liuba Shrira,et al.  Providing high availability using lazy replication , 1992, TOCS.

[14]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[15]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[16]  André Schiper,et al.  Lightweight causal and atomic group multicast , 1991, TOCS.

[17]  Stephen T. Kent,et al.  Security Mechanisms in High-Level Network Protocols , 1983, CSUR.

[18]  Kenneth P. Birman,et al.  Design Alternatives for Process Group Membership and Multicast , 1991 .

[19]  Raphael Yahalom Optimality of multi-domain protocols , 1993, CCS '93.

[20]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[21]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.