Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1--14, February 1985.  Home/Search   Document Not in Database   Summary   ACM   TOC   Related Articles   Check

....and XML Signature (though our validation does not depend on the exact XML syntax for cryptography) Second, it would be valuable to generate the new proxy class automatically. 6 Related Work There has been work for almost twenty years on secure RPC mechanisms, going back to Birrell [9]. More recently, secure RPC has been studied in the context of distributed object systems. As we mentioned, our work was inspired by the work of van Doorn et al. 34] itself inspired by [29, 35] These techniques (or similar ones) have been applied to CORBA [30] DCOM [10] and Java [7, 18] 16 ....

A. D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1--14, 1985.

....with the arguments for the remote procedure and does not return from the call until the request has been sent to the server, processed, and a reply received. The message is encoded using XDR so that RPC can be used between heterogeneous machines using different internal data representations [1, 3, 4]. The actual transmission of data is performed using either TCP or UDP depending on the desires of the client and the design of the server. 2.2 Architecture overview of NISC The NISC domain is composed of a directory object and all of its children as shown in Fig. 2. The NISC name space is made ....

A. D. Birrell 1985. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1 -- 14, 1992.

....not be concerned with the details of key establishment and management, but should instead rely on abstractions and services that encapsulate cryptographic operations. In recent years, several APIs (application program interfaces) for security have appeared, providing such abstractions and services [28, 27, 33, 29, 9, 25, 42]. Although there are substantial differences between these APIs, they generally offer the promise of making application code more modular, simpler, and ultimately more robust. In this paper, we consider high level abstractions that largely hide the difficulties of network security from ....

Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1--14, February 1985.

....o there were two major RPC implementations, Open Networking Computing (ONC) used by Sun Microsystems and Digital Corporation s RPC. The OSF used Digital s implementation as part of their reference implementation. Neither of these RPC implementations included any signi cant security features [16]. Hence, the OSF began a review process to select a security solution. This process accepted the MIT Kerberos system, with some signi cant modi cations. Kerberos is only an authentication service. The system was modi ed for DCE [47] to support scalable authorisation services. The basic approach ....

A D Birrell. Secure Communications Using Remote Procedure Calls. ACM Tranactions on Computer Systems, 3(1):1-14, February 1985.

....not be concerned with the details of key establishment and management, but should instead rely on abstractions and services that encapsulate cryptographic operations. In recent years, several APIs (application program interfaces) for security have appeared, providing such abstractions and services [22, 23, 26, 24, 9, 21, 34]. Although there are substantial di#erences among these APIs, they generally o#er the promise of making application code more modular, simpler, and ultimately more robust. In this paper we consider high level abstractions that largely hide the di#culties of network security from applications. ....

A. D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1--14, Feb. 1985.

....not be concerned with the details of key establishment and management, but should instead rely on abstractions and services that encapsulate cryptographic operations. In recent years, several APIs (application program interfaces) for security have appeared, providing such abstractions and services [29, 28, 34, 30, 9, 26, 43]. Although there are substantial di#erences between these APIs, they generally o#er the promise of making application code more modular, simpler, and ultimately more robust. In this paper, we consider high level abstractions that largely hide the difficulties of network security from applications. ....

Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1--14, February 1985.

....to it by client systems. Short of taking over a client workstation, an unauthorized user would have no means of gaining access to cached or primary copies of a file for which access is not permitted. AFS destroys cached data when a user logs out or an authorization expires and is not refreshed [Sat89, SNS88, Sch94, Bir85, LABW92, BM90]. In its current use as a wide area file system, AFS has expanded to include some 1,000 servers and 20,000 clients in 10 countries, all united within a single file system name space [SS96] Some 100,000 users are believed to employ the system on a regular basis. Despite this very large scale, 96 ....

....supported. NFS performance and access patterns is studied in [ODHK85] and extended to the Sprite file system in [BHKSO91] NFS like file systems supporting replication include [Sie92, BEM91, LGGS91, LLSG92, KLS85, DEC95] Topics related to the CMU file system work that lead to AFS are covered in [Sat89, SNS88, Sch94, BIR85, LABW92, BM90, Spe85, SHNS85, HKMN87]. Coda is discussed in [KS91, MES95] RAID is discussed in [PGK88] Sprite is discussed in [OCDN88, SM89, NWO87] Ficus is discussed in [RHRS94] Locus in [WPEK92, HP95] XFS is discussed in [ADNP95] Work on global memory is covered in [FMPK95, JKW95] Database references for the transactional ....

[Article contains additional citation context not shown here]

Andrew Birrell. Secure Communication Using Remote Procedure Calls. ACM Transactions on Computer Systems; 3:1 (Feb. 1985), 114.

.... used for protection against incompetence and malice, at least since the 1970s [Mor73, LS76, JL78] In the realm of distributed systems, programming languages (or their libraries) have sometimes provided abstractions for communication on secure channels of the kind implemented with cryptography [Bir85, WABL94, vDABW96, WRW96, Sun97b]. Security depends not only on the design of clear and expressive abstractions but also on the correctness of their implementations. Unfortunately, the criteria for correctness are rarely stated precisely and presumably they are rarely met. These criteria seem particularly delicate when a ....

Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1-- 14, February 1985.

....or other tags in order to protect against replay attacks. Despite their simplicity, these protocols serve as building blocks for complex systems. Relying on these protocols, we can add cryptographic protection to an arbitrary program, much as is done in systems with remote invocation facilities [7]. More precisely, we can translate from a process calculus with primitive secure channels (the join calculus [11] to a lower level process calculus where communication across sites may take place on public channels and may use cryptography for security. We have studied such translations in recent ....

Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1--14, February 1985.

....may yield a key that can be used for signing application messages. Application program interfaces (or even programming languages) should allow applications to exploit those useful properties, with clear, modular semantics, and without revealing tricky low level cryptographic details (e.g. [14, 48, 47, 72, 2, 7, 12]) 2) Some protocols rely on fixed suites of cryptosystems. In other cases, assumptions about the properties of cryptographic operations are needed. For example, in the messages of section 3, it may be important to say whether B can tell that A encrypted NA using KAB . This property may hold ....

....and other auxiliary participants. Detailed assumptions about these servers are sometimes absent from protocol narrations, but they are essential in reasoning about protocols. 3) Protocol messages commonly go across network interfaces, firewalls with tunnels, and administrative frontiers (e.g. [14, 72, 22, 21, 5]) In some contexts (e.g. 19] even the protocol participants may be mobile. These traversals often require message translations (for example, marshaling and rewriting of URLs) They are subject to filtering and auditing. Furthermore, they may trigger auxiliary protocols. Some of these ....

Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1--14, February 1985.

....a CIESIN utility processor and the CIESIN security master will be secure. 3.2.4 Time Delay In order to allow queries to be correctly processed immediately after data becomes available, even after a long time, we will introduce the concept of a security callback. Similar to the scheme used by [1], when data becomes available after an old shared key has timed out, the entity holding the data asks the requesting entity to reauthenticate. Once this is done, the data is delivered. This will be discussed in more detail in section 4.3.2. It may be that the user is no longer online at the time ....

....now show that secure channels can be established which will allow the protocol described in the previous section to proceed, even in the face of key timeouts. In order to do this, we introduce the concept of a security callback. Security callbacks are similar to the scheme proposed by Birrell in [1], whereby a request for authenticator is used when a server cannot find a valid key to use to communicate with the sender of a query. From section 4.2, a subquery is sent to a server with: 5. M S i : IDmi ; fT 5 ; Q i ; N i ; F i ; M 0 g SKmi If SKmi is obsolete by the time the data becomes ....

Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1--14, Feb 1885.

....a process calculus. Communications processing is an important part of distributed language systems with facilities such as RPC (remote procedure call) 12] and RMI (remote method invocation) 10, 32] Like our method, such systems include marshaling and often rely on cryptography for security [11, 21, 31, 29]. However, the specifics of our method are apparently new, and so is the formal precision with which we are able to define it and analyze it. Since our aim is to provide a foundation for secure distributed language systems (and not a popular artifact) we can subordinate compatibility and e#ciency ....

A. D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1--14, Feb. 1985.

....179, 29] For example, if ACLs and protected subsystems were not provided in the Apollo operating system, but were later needed, adding them after the fact would be very difficult. Even simply changing from a private to a public key encryption system can have a major impact on the system design [30] and performance. The security relevant portions of the system must be small, simple to understand, and isolated, as far as this is possible. This was one of the lessons learned from the original Multics experience [176] where any of 300 modules, averaging 200 lines of code each, could ....

Birrell, A. Secure communication using remote procedure calls. ACM Transactions on Computer Systems 3, 1 (February 1985), 1--14.

....There has been much work on the design and analysis of authentication protocols (e.g. 29, 18, 26, 23, 13, 9, 8, 21, 22, 4, 30, 20, 25] Some of that work, like ours, relies on process calculi. There has also been signi cant work on the design of programmable systems with authentication (e.g. [10, 19, 33, 32]) but much less on the analysis of those systems. As this paper illustrates, process calculi provide a useful basis for important parts of that analysis. As mentioned in the introduction, the correctness of authentication protocols is a notoriously subtle and challenging issue. The literature ....

Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1-14, February 1985.

....may yield a key that can be used for signing application messages. Application program interfaces (or even programming languages) should allow applications to exploit those useful properties, with clear, modular semantics, and without revealing tricky low level cryptographic details (e.g. [12, 40, 39, 61, 2, 5, 10]) 2) Some protocols rely on fixed suites of cryptosystems. In other cases, assumptions about the properties of cryptographic operations are needed. For example, in the messages of section 2, it may be important to say whether B can tell that A encrypted NA using KAB . This property may hold ....

....and other auxiliary participants. Detailed assumptions about these servers are sometimes absent from protocol narrations, but they are essential in reasoning about protocols. 3) Protocol messages commonly go across network interfaces, firewalls with tunnels, and administrative frontiers (e.g. [12, 61, 20, 19, 4]) In some contexts (e.g. 17] even the protocol participants may be mobile. These traversals often require message translations (for example, marshaling and rewriting of URLs) They are subject to filtering and auditing. Furthermore, they may trigger auxiliary protocols. Some of these ....

Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1--14, February 1985.

....some accesses but not others, depending on the user) Inadequate authentication is often unacceptable for security reasons; thus, protocols to insure correct authentication must be developed. Client server authentication is a well known problem and can be solved using protocols developed for RPC [1]. Service rebalancing requires that both the client and server be authenticated since modules can migrate in either direction. 3.2 Privacy Privacy of internal data structures can be important when clients or servers manipulate sensitive data. Modules should not be able to directly access data ....

Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computing Systems, 3(1):1--14, February 1985.

....of a related service to reside in an object which can then act as a unit of distribution, fault tolerance or migration for loadbalancing purposes. Mapping object models onto concurrent systems has progressed from a point where the chief support for distribution was through remote procedure calls [Bir85] and message passing libraries [BRT ] to the current state of the art distributed programming languages [Hut87, Lis88, KMN 90, MGNS91] Language support for distribution has considerable advantages over that provided by either of the other two approaches since: ffl It is the only ....

A. Birrell. Secure Communication Using the Remote Procedure Call. ACM Transactions on Computer Systems, 3(1), 1985.

....1 There are exceptions to this rule in servers that constantly monitor real time devices, such as a graphics server monitoring input devices. Distributed upcalls also violate this rule. Client server authentication is a well known problem and can be solved using protocols developed for RPC [3]. The most common protocol for secure RPC 2 involves DES encryption 3 [33] and public key cryptography. Public key cryptography is a cryptosystem that requires two keys: a public key and a private key. The public key is generally used for encryption, and the private key for decryption [36] ....

A.D. Birrell. Secure Communication Using Remote Procedure Calls. ACM Transactions on Computing Systems, 3(1):1--14, February 1985.

....reliability properties unless it is guaranteed that there are no intruders or agents that can modify packets and update the packet checksums. That is, non secure VMTP provides no guarantees in the presence of an intelligent intruder. The design closely follows that described by Birrell [1]. Authenticated information about a remote entity, including an encryption decryption key, is obtained and maintained using a VMTP management operation, the authenticated Probe operation, which is executed as a non secure VMTP message transaction. If a server receives a secure Request for which ....

A.D. Birrell. Secure Communication using Remote Procedure Calls. ACM. Trans. on Computer Systems 3(1), February, 1985.

No context found.

Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1--14, February 1985.

No context found.

Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1--14, February 1985.

No context found.

A.D. Birrell, "Secure Communication using Remote Procedure Calls", ACM. Trans. on Computer Systems 3(1), February, 1985.

No context found.

Andrew D. Birrell. Secure communication using remote procedure calls. ACM Transactions on Computer Systems, 3(1):1-14, February 1985.

No context found.

Birrell, A.D. Secure Communication Using Remote Procedure Calls, ACM Transactions on Computer Systems 3, 1 (Feb) 1985, 1-14.

No context found.

Andrew Birrell. Secure Communication Using Remote Procedure Calls. ACM Transactions on Computer Systems, 3(1):1--141, February 1985.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC