Skip to main content

The Rampart toolkit for building high-integrity services

  • Group Communication
  • Conference paper
  • First Online:
Theory and Practice in Distributed Systems

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 938))

  • 182 Accesses

Abstract

Rampart is a toolkit of protocols to facilitate the development of high-integrity services, i.e., distributed services that retain their availability and correctness despite the malicious penetration of some component servers by an attacker. At the core of Rampart are new protocols that solve several basic problems in distributed computing, including asynchronous group membership, reliable multicast (Byzantine agreement), and atomic multicast. Using these protocols, Rampart supports the development of high-integrity services via the technique of state machine replication, and also extends this technique with a new approach to server output voting. In this paper we give a brief overview of Rampart, focusing primarily on its protocol architecture. We also sketch its performance in our prototype implementation and ongoing work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Y. Amir, D. Dolev, S. Kramer, and D. Malki. Transis: A communication subsystem for high availability. In Proceedings of the 22nd International Symposium on Fault-Tolerant Computing, pages 76–84, July 1992.

    Google Scholar 

  2. D. Atkins, M. Graff, A. K. Lenstra, and P. C. Leyland. The magic words are squeamish ossifrage. In Proceedings of Asiacrypt '94, pages 219–229, 1994.

    Google Scholar 

  3. K. P. Birman, A. Schiper, and P. Stephenson. Lightweight causal and atomic group multicast. ACM Transactions on Computer Systems, 9(3):272–314, Aug. 1991.

    Google Scholar 

  4. K. P. Birman and R. van Renesse, editors. Reliable Distributed Computing with the Isis Toolkit. IEEE Computer Society Press, Los Alamitos, California, 1994.

    Google Scholar 

  5. E. Brickell. A survey of hardware implementations of RSA. In G. Brassard, editor, Advances in Cryptology— CRYPTO '89 Proceedings (Lecture Notes in Computer Science 435), pages 368–370. Springer-Verlag, 1990.

    Google Scholar 

  6. T. D. Chandra and S. Toueg. Unreliable failure detectors for asynchronous systems. In Proceedings of the 10th ACM Symposium on Principles of Distributed Computing, pages 325–340, Aug. 1991.

    Google Scholar 

  7. F. Cristian, H. Aghili, R. Strong, and D. Dolev. Atomic broadcast: From simple message diffusion to Byzantine agreement. In Proceedings of the 15th International Symposium on Fault-Tolerant Computing, pages 200–206, June 1985. A revised version appears as IBM Research Laboratory Technical Report RJ5244 (April 1989).

    Google Scholar 

  8. Y. Desmedt and Y. Frankel. Shared generation of authenticators and signatures. In J. Feigenbaum, editor, Advances in Cryptology—CRYPTO '91 Proceedings (Lecture Notes in Computer Science 576), pages 457–469. Springer-Verlag, 1992.

    Google Scholar 

  9. S. R. Dussé and B. S. Kaliski Jr. A cryptographic library for the Motorola DSP56000. In I. B. Damgård, editor, Advances in Cryptology—EUROCRYPT '90 Proceedings (Lecture Notes in Computer Science 473), pages 230–244. Springer-Verlag, 1991.

    Google Scholar 

  10. M. J. Fischer, N. A. Lynch, and M. S. Paterson. Impossibility of distributed consensus with one faulty process. Journal of the ACM, 32(2):374–382, Apr. 1985.

    Google Scholar 

  11. M. K. Franklin and M. K. Reiter. The design and implementation of a secure auction service. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, May 1995. To appear.

    Google Scholar 

  12. M. K. Franklin and M. Yung. The varieties of secure distributed computation. In Proceedings of Sequences II, Methods in Communications, Security and Computer Science, pages 392–417, June 1991.

    Google Scholar 

  13. L. Gong. A secure identity-based capability system. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 56–63, Apr. 1989.

    Google Scholar 

  14. L. Gong. Securely replicating authentication services. In Proceedings of the 9th International Conference on Distributed Computing Systems, pages 85–91, 1989.

    Google Scholar 

  15. M. P. Herlihy and J. D. Tygar. How to make replicated data secure. In C. Pomerance, editor, Advances in Cryptology—CRYPTO '87 Proceedings (Lecture Notes in Computer Science 293), pages 379–391. Springer-Verlag, 1988.

    Google Scholar 

  16. M. F. Kaashoek. Group Communication in Distributed Computer Systems. PhD thesis, Vrije Universiteit, The Netherlands, 1992.

    Google Scholar 

  17. L. Lamport, R. Shostak, and M. Pease. The Byzantine generals problem. ACM Transactions on Programming Languages and Systems, 4(3):382–401, July 1982.

    Article  Google Scholar 

  18. B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265–310, Nov. 1992.

    Google Scholar 

  19. P. M. Melliar-Smith, L. E. Moser, and V. Agrawala. Broadcast protocols for distributed systems. IEEE Transactions on Parallel and Distributed Systems, 1(1):17–25, Jan. 1990.

    Google Scholar 

  20. L. L. Peterson, N. C. Buchholz, and R. D. Schlichting. Preserving and using context information in interprocess communication. ACM Transactions on Computer Systems, 7(3):217–246, Aug. 1989.

    Google Scholar 

  21. F. M. Pittelli and H. Garcia-Molina. Reliable scheduling in a TMR database system. ACM Transactions on Computer Systems, 7(1):25–60, Feb. 1989.

    Google Scholar 

  22. M. K. Reiter. Secure agreement protocols: Reliable and atomic group multicast in Rampart. In Proceedings of the 2nd ACM Conference on Computer and Communications Security, pages 68–80, Nov. 1994.

    Google Scholar 

  23. M. K. Reiter. A secure group membership protocol. In Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy, pages 176–189, May 1994.

    Google Scholar 

  24. M. K. Reiter and K. P. Birman. How to securely replicate services. ACM Transactions on Programming Languages and Systems, 16(3):986–1009, May 1994.

    Google Scholar 

  25. R. L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, Feb. 1978.

    Article  Google Scholar 

  26. F. B. Schneider. Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Computing Surveys, 22(4):299–319, Dec. 1990.

    Google Scholar 

  27. S. K. Shrivastava, P. D. Ezhilchelvan, N. A. Speirs, S. Tao, and A. Tully. Principal features of the VOLTAN family of reliable node architectures for distributed systems. IEEE Transactions on Computers, 41(5):542–549, May 1992.

    Google Scholar 

  28. J. G. Steiner, C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the USENIX Winter Conference, pages 191–202, Feb. 1988.

    Google Scholar 

  29. R. Turn and J. Habibi. On the interactions of security and fault-tolerance. In Proceedings of the 9th NBS/NCSC National Computer Security Conference, pages 138–142, Sept. 1986.

    Google Scholar 

  30. R. van Renesse, K. Birman, R. Cooper, B. Glade, and P. Stephenson. Reliable multicast between microkernels. In Proceedings of the USENIX Microkernels and Other Kernel Architectures Workshop, Apr. 1992.

    Google Scholar 

  31. V. L. Voydock and S. T. Kent. Security mechanisms in high-level network protocols. ACM Computing Surveys, 15(2):135–171, June 1983.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Kenneth P. Birman Friedemann Mattern André Schiper

Rights and permissions

Reprints and permissions

Copyright information

© 1995 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Reiter, M.K. (1995). The Rampart toolkit for building high-integrity services. In: Birman, K.P., Mattern, F., Schiper, A. (eds) Theory and Practice in Distributed Systems. Lecture Notes in Computer Science, vol 938. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-60042-6_7

Download citation

  • DOI: https://doi.org/10.1007/3-540-60042-6_7

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-60042-8

  • Online ISBN: 978-3-540-49409-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics