Information storage in a decentralized computer system

This paper describes an architecture for shared information storage in a decentralized computer system. The issues that are addressed include: naming of files and other objects (naming), reliable storage of data (stable storage), coordinated access to shared storage (transactional storage), location of objects (location), use of multiple copies to increase performance, reliability and availability (replication), dynamic modification of object representations (reconfiguration), and storage security and authentication (protection). A complete model of the architecture is presented, which describes the interface to the facilities provided, and describes in detail the proposed mechanisms for implementing them. The model presents new approaches to naming, location, replication, reconfiguration, and protection. To verify the model, three prototypes were constructed, and experience with these prototypes is discussed. The model names objects with variable length byte arrays called references. References may contain location information, protection guards, cryptographic keys, and other references. In addition, references can be made indirect to delay their binding to a specific object or location. The replication mechanism is based on assigning votes to each copy of a replicated object. The characteristics of a replicated object can be chosen from a range of possibilities by appropriately choosing its voting configuration. Temporary copies can be easily implemented by introducing copies with no votes. The reconfiguration mechanism allows the storage that is used to implement an object to change while the system is operating. A client need not be aware that an object has been reconfigured. The protection mechanism is based on the idea of sealing an object with a key. Sealed objects can only be unsealed with an appropriate set of keys. Complex protection structures can be created by using such operators as Key-Or and Key-And. The protection mechanism can be employed to create popular protection policies such as capabilities, access control lists, and information flow control.

[1]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[2]  Charles T. Davies,et al.  Recovery semantics for a DB/DC system , 1973, ACM Annual Conference.

[3]  Jim Gray,et al.  Notes on Data Base Operating Systems , 1978, Advanced Course: Operating Systems.

[4]  Roger M. Needham Adding capability access to conventional file servers , 1979, OPSR.

[5]  Alfred Z. Spector,et al.  Performing remote operations efficiently on a local computer network , 1981, SOSP.

[6]  Edward M. McCreight,et al.  Pagination of B*-trees with variable-length records , 1977, CACM.

[7]  Roger M. Needham,et al.  An asynchronous garbage collector for the Cambridge File Server , 1980, OPSR.

[8]  Robert H. Thomas,et al.  A Majority consensus approach to concurrency control for multiple copy databases , 1979, ACM Trans. Database Syst..

[9]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[10]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[11]  J. G. Mitchell,et al.  Separating data from function in a distributed file system , 1978 .

[12]  F. J. Corbató,et al.  Multics: the first seven years , 1972, AFIPS '72 (Spring).

[13]  Fred P. Brooks,et al.  The Mythical Man-Month , 1975, Reliable Software.

[14]  Greg Thiel,et al.  LOCUS a network transparent, high reliability distributed system , 1981, SOSP.

[15]  Irving L. Traiger,et al.  Granularity of Locks and Degrees of Consistency in a Shared Data Base , 1998, IFIP Working Conference on Modelling in Data Base Management Systems.

[16]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[17]  Donald E. Knuth,et al.  Sorting and Searching , 1973 .

[18]  Robert H. Thomas,et al.  A resource sharing executive for the ARPANET , 1973, AFIPS National Computer Conference.

[19]  Gene McDaniel,et al.  WFS a simple shared file system for a distributed environment , 1979, SOSP '79.

[20]  M.E. Hellman,et al.  Privacy and authentication: An introduction to cryptography , 1979, Proceedings of the IEEE.

[21]  David D. Redell,et al.  NAMING AND PROTECTION IN EXTENDABLE OPERATING SYSTEMS , 1974 .

[22]  Butler W. Lampson,et al.  Dynamic protection structures , 1899, AFIPS '69 (Fall).

[23]  Irving L. Traiger,et al.  The recovery manager of a data management system , 1979 .

[24]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[25]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[26]  Irving L. Traiger,et al.  The notions of consistency and predicate locks in a database system , 1976, CACM.

[27]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[28]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[29]  K. Scarbrough,et al.  of Electrical Engineering , 1982 .

[30]  Butler W. Lampson,et al.  Crash Recovery in a Distributed Data Storage System , 1981 .

[31]  Roger M. Needham,et al.  A Universal File Server , 1980, IEEE Transactions on Software Engineering.

[32]  Leslie Lamport,et al.  The Implementation of Reliable Distributed Multiprocess Systems , 1978, Comput. Networks.

[33]  Warren Teitelman,et al.  The interlisp reference manual , 1974 .

[34]  Gifford. D. K. Violet An experimental decentralized system , 1979 .

[35]  Howard Raiffa,et al.  Decision analysis: introductory lectures on choices under uncertainty. 1968. , 1969, M.D.Computing.

[36]  Meir M. Lehman,et al.  Characteristics of Large Systems , 1978 .

[37]  James H. Morris Protection in programming languages , 1973, CACM.

[38]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[39]  R. Chien,et al.  Error-Correcting Codes, Second Edition , 1973, IEEE Transactions on Communications.

[40]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[41]  D. J. Malcolme-Lawes,et al.  If… Then….Else , 1969 .

[42]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[43]  Jeremy Dion,et al.  The Cambridge File Server , 1980, OPSR.

[44]  John McCarthy,et al.  LISP 1.5 Programmer's Manual , 1962 .

[45]  Daniel H. H. Ingalls,et al.  The Smalltalk-76 programming system design and implementation , 1978, POPL.

[46]  Gérard Le Lann A Distributed System for Real-Time Transaction Processing , 1981, Computer.

[47]  David K. Gifford,et al.  Weighted voting for replicated data , 1979, SOSP '79.

[48]  A. D. Robbi,et al.  1973 National Computer Conference , 1973, IEEE CSIT Newsletter.

[49]  W. W. Peterson,et al.  Error-Correcting Codes. , 1962 .

[50]  Ehud Gudes The Design of a Cryptography Based Secure File System , 1980, IEEE Transactions on Software Engineering.

[51]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[52]  Butler W. Lampson,et al.  An open operating system for a single-user machine , 1979, SOSP '79.

[53]  John K. Ousterhout,et al.  Medusa: An experiment in distributed operating system structure (Summary) , 1979, SOSP '79.

[54]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[55]  Donald E. Knuth,et al.  The art of computer programming: sorting and searching (volume 3) , 1973 .

[56]  Robert H. Thomas,et al.  Operating Systems for Computer Networks , 1978, Computer.

[57]  David P. Reed,et al.  Naming and synchronization in a decentralized computer system , 1978 .

[58]  Robert C. Daley,et al.  An experimental time-sharing system , 1962, AIEE-IRE '62 (Spring).