REITER,M.K. 1996. Distributing trust with the Rampart toolkit. Communications of the ACM 39,4(Apr.), 71--74.  Home/Search   Document Not in Database   Summary   ACM   TOC   Related Articles   Check

....Functionalities Effective NC relies on a number of other functionalities being available essentially as standardized services. This is so application developers do not have to implement them, and so they produce repeatable and reliable computations. One set of functionalities is termed security [22, 80]. It includes support for authenticating the senders and receivers of messages and ensuring access control to prevent unauthorized users from reading or modifying data [70] Other services include those for digital cash, and for guaranteeing that a user cannot repudiate their online commitments. ....

Michael K. Reiter. Distributing trust with the Rampart toolkit. In [51], pages 306--309. 1997.

....answered consistently across all servers. Each of the state machine based systems described below implements the notion of a view a listing of the servers known to be participating in the system. The view may periodically change due to new servers being added or servers being removed. Rampart [39, 38] and BFS [6] were both developed to provide the foundation for programmers who are building Byzantine fault tolerant systems based on the finite state machine replication technique. BFS builds on the work of Rampart, however the underlying BFS protocols and algorithms are more efficient, simpler ....

Michael K. Reiter. Distributing trust with the rampart toolkit. Communications of the ACM, 4(39):71--74, April 1996.

....asynchronous systems. For example, APSS has been used to construct a proactive threshold RSA scheme for COCA. Besides COCA, some other systems e orts are notable for their attempts to compose security with fault tolerance and thus for the weak assumptions they make about the environment. Rampart [32, 33] implements process groups in an asynchronous distributed system where compromised processors can exhibit arbitrary behavior. BFT (Byzantine Fault Tolerance) 9] 40 and SINTRA (Secure Intrusion tolerant Replication on the Internet) 7] are toolkits that support asynchronous group communication ....

M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM, 39(4):7174, April 1996.

....robustness goals. Unlike COCA, none of this early work was intended to resist denial of service attacks or mobile adversaries. On the other hand,# does provide clients with key escrow operations, something that COCA does not currently support. 19 # was built using middleware (called Rampart [71, 72]) that implements process groups in an asynchronous distributed system where compromised processors can exhibit arbitrary behavior. Rampart manages groups of replicas and removes non responsive members from process groups to ensure the system does not stall due to compromised replicas. However, it ....

M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM, 39(4):71--74, April 1996.

....attacks or mobile adversaries. And, as discussed below, some vulnerability to denial of service attacks seems to be inherent. On the other hand,# does provide clients with key escrow operations, something that COCA 92 does not currently support. 13 # was built using middleware (called Rampart [90, 91]) that implements process groups in an asynchronous distributed system where compromised processors can exhibit arbitrary behavior. The Rampart middleware manages groups of replicas and removes non responsive members from process groups to ensure the system does not stall due to compromised ....

M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM, 39(4):71--74, April 1996.

....Update PSS Figure 10: Performance of COCA vs. message delay for all servers. denial of service attacks seems to be inherent. On the other hand,# does provide clients with key escrow operations, something that COCA does not currently support. 16 # was built using middleware (called Rampart [63, 64]) that implements process groups in an asynchronous distributed system where compromised processors can exhibit arbitrary behavior. The Rampart middleware manages groups of replicas and removes non responsive members from process groups to ensure the system does not stall due to compromised ....

M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM, 39(4):7174, April 1996.

....using process groups and group programming tools. The work on Group Communication, starting with the V System around 1988, has generated a lot of interest in the community. There is vigorous research effort in the field at several places. We make a mention of a few of them here. Rampart [8], being developed at AT T Bell Labs, is a distributed system using the virtual synchrony execution model. 1 It attempts to provide security guarantees in the face of Byzantine failures of group members and is costly performance wise. Totem [9] attempts to provide high performance and soft ....

M. Reiter, "Distributing Trust with the Rampart Toolkit," Communications of the ACM, pp. 71--75, April 1996. 69

....abstraction of a process group, which may change over time. They guarantee certain synchrony properties among group members so that they all see the same messages; Vitenberg et al. 44] survey and compare various speci cations found in the literature and implemented in practical systems. Rampart [37, 38] is the only one of them that tolerates arbitrary (Byzantine) failures. It also uses cryptography for ecient reliable and atomic broadcasts [36] but solves a technically di erent problem than the one we address here: As Rampart builds on a membership protocol to agree dynamically on the group s ....

M. K. Reiter, \Distributing trust with the Rampart toolkit," Communications of the ACM, vol. 39, pp. 71-74, Apr. 1996. 48

....communication systems in the crash failure model (see the survey in [32] They o er resilience against crash failures by eliminating non responding servers from the current view and proceeding without them to the next view. Resurrected servers may join again in later views. The Rampart toolkit [34] is the only group communication system that uses views and tolerates arbitrary failures. But since it builds on a membership protocol to agree dynamically on the group s composition, it easily falls prey to an attacker that is able to delay honest servers 5 just long enough until corrupted ....

....an asynchronous environment with malicious faults, however, RB94 must be complemented with robust threshold cryptographic schemes and secure atomic broadcast protocols, which were not known at that time. Our work builds on this and attempts to close this gap. Subsequent work by Reiter on Rampart [34] shares our focus on distributing trusted services, but assumes a di erent model as explained in the previous sections: it implements atomic broadcast on top of a group membership protocol that dynamically removes apparently faulty servers from the set. The broadcast protocols of Malkhi, Merritt, ....

[Article contains additional citation context not shown here]

M. K. Reiter, \Distributing trust with the Rampart toolkit," Communications of the ACM, vol. 39, pp. 71-74, Apr. 1996.

....abstraction of a process group, which may change over time. They guarantee certain synchrony properties among group members so that they all see the same messages; Vitenberg et al. 43] survey and compare various speci cations found in the literature and implemented in practical systems. Rampart [36, 37] is the only one of them that tolerates arbitrary (Byzantine) failures. It also uses cryptography for ecient reliable and atomic broadcasts [35] but solves a technically di erent problem than the one we address here: As Rampart builds on a membership protocol to agree dynamically on the group s ....

M. K. Reiter, \Distributing trust with the Rampart toolkit," Communications of the ACM, vol. 39, pp. 71-74, Apr. 1996. 47

....members. Another approach to increase safety of the tree based group rekeying schemes is described in Rodeh, Birman and Dolev [33] C. Other Further related work we can find in the context of distributed and fault tolerant computing [13] 34] Protocol suites and toolkits such as Rampart [35], 36] aim at achieving high fault tolerance, even in the presence of malicious (i.e. byzantine) faults inside a group. This level of fault tolerance and the underlying model of virtual synchronous process groups might be required for securely and reliably replicating services [37] of great ....

M. Reiter, "Distributing trust with the rampart toolkit," Communications of the ACM,vol. 39, no. 4, pp. 71--74, Apr. 1996.

....path. Such mechanisms usually come with a high cost and are avoided (e.g. in [30] because routers on networks such as the Internet are usually well protected and rarely compromised. 4. 2 Replicated secure services The concept of distributing trust to a group of servers is investigated by Reiter [39]. This is the foundation of the Rampart toolkit [38] Reiter and others [40] have successfully used the toolkit in building a replicated key management service# which also employs threshold cryptography. One drawback of Rampart is that it may remove correct but slow servers from the group. Such ....

M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM, 39(4):71--74, April 1996.

.... processes in the presence of communication and processor failures [24] Transis incorporates multicast services that are capable of recovering from network partition failures [12] 2] Rampart addresses security aspects of group communication by providing tolerance for malicious intrusions [28]. These systems are more concerned with group communication than with fault tolerance. Although reliability may be achieved through the use of these protocols, fault tolerance, Birman notes [5] is something of a side effect of the replication approach. There exist, however, examples of ....

M.K. Reiter, Distributing Trust with the Rampart Toolkit, Comm. ACM, vol. 36, no. 12, pp. 71-74, 1993.

....secret scheme might be useful if the group needs to maintain a secret that none of its individual members can be trusted to manage appropriately. Techniques such as these can be carried in many directions. Reiter, after leaving the Horus project, started work on a system called Rampart at AT T [Rei96]. Rampart provides secure group functionality under assumptions of Byzantine failures, and would be used to build extremely secure group Chapter 19: Security Options for Distributed Settings 383 383 based mechanisms for use by less stringently secured applications in a more general setting. For ....

....and consistency guarantees, and to formalize the models and correctness proofs for such primitives [BBD96] 26.1. 13 Rampart Rampart is a distributed system that uses virtually synchronous process groups in settings where security is desired even if components fail in arbitrary (Byzantine) ways [Rei96]. The activity is headed by Reiter at AT T Bell Laboratories, and has resulted in a number of protocols for implementing process groups despite Byzantine failures as well as a prototype of a security architecture that employs these protocols [RBG92, Rei93, RB94, Rei94a, Rei94b, RBR95] We discuss ....

Michael K. Reiter. Distributing Trust with the Rampart Toolkit. Communications of the ACM 39:4 (April 1996), 71-75.

No context found.

M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM 39(4): 71--74, 1996

No context found.

M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM 39(4):71-74, April 1996.

....that at most a threshold t of servers fail (e.g. the sets B 1 ; B k could be all sets of t servers) but it also generalizes to allow less uniform failure scenarios. Our motivation for exploring this generalization stems from our experience in constructing secure distributed services [Rei96, MR96], i.e. distributed services that can tolerate the malicious corruption of some (typically, up to a threshold number of) component servers by an attacker. A criticism to assuming a simple threshold of corrupted servers is that server penetrations may not be independent. For example, servers in ....

M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM 39(4):71--74, April 1996.

No context found.

REITER,M.K. 1996. Distributing trust with the Rampart toolkit. Communications of the ACM 39,4(Apr.), 71--74.

No context found.

M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM, 39(4):71--74, April 1996.

No context found.

M. K. Reiter, "Distributing trust with the Rampart toolkit," Communications of the ACM, vol. 39, pp. 71--74, Apr. 1996.

No context found.

M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM, 39(4):71--74, April 1996.

No context found.

M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM, 39(4):7174, April 1996.

No context found.

REITER, M. K. 1996. Distributing trust with the Rampart toolkit. Commun. ACM 39, 4 (Apr.), 71--74.

No context found.

Michael K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM, 39(4): 71-74, 1996.

No context found.

M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM 39(4):71-74, April 1996.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC