Abstract
This paper describes a technique, called Object-Oriented Fragmented Data Processing, for jointly improving the reliability and security with which distributed computing systems process sensitive information. The technique protects the information contained in, and the processing performed by, a given object by first fragmenting the object into the subsidiary objects of which it is composed. It then relies on the (i) the correct execution of a majority of a set of copies of these subsidiary objects, and (ii) the reliable storage of a majority of a set of copies of each of these subsidiary objects, having distributed the subsidiary objects widely across a number of computers in a distributed computing system. The intent is to impede intruders and to tolerate faults, and involves ensuring that an isolated subsidiary object is not significant, due to the lack of information it would provide to a potential intruder. This technique can be applied to application objects and/or to the objects used in the implementation of the basic object-oriented system. The paper illustrates the technique using a detailed example, of an “electronic diary”, that has been designed using Eiffel, and experimented with using the DELTA-4 Support Environment.
This work was supported in part by the CEC-sponsored ESPRIT Basic Research Action n∘ 3092 PDCS (Predictably Dependable Computing Systems).
Chapter PDF
References
J.C. Laprie, Ed., Dependability: Basic Concepts and Terminology (in English, French, German, Italian and Japanese), series Dependable Computing and Fault-Tolerant Systems, (A. Avizienis, H. Kopetz, J.C. Laprie Eds.), Vol.5, Springer-Verlag, 265p., ISBN 3-211-82296-8 and 0-387-82296-8,1992.
J.-M. Fray and J.-C. Fabre, “Fragmented Data Processing: an Approach to Secure and Reliable Processing in Distributed Computing Systems”, in Proc. 1st IFIP Int. Working Conf. on Dependable Computing for Critical Applications, Santa Barbara, California (USA), 1989, pp. 131–137.
Y. Deswarte, L. Blain and J.-C. Fabre, “Intrusion Tolerance in Distributed Computing Systems”, in Proc. IEEE Symp. on Security and Privacy, Oakland California (USA), 1991, pp. 110–121.
G. Trouessin, J.C. Fabre and Y. Deswarte, “Reliable Processing of Confidential Information”, Proceedings of the 7th Internaltional Conference on Information Security, IFIP/Sec'91, Brighton (United Kingdom), 1991, pp. 210–221.
J.-M. Fray, Y. Deswarte and D. Powell, “Intrusion Tolerance Using Fine-Grain Fragmentation-Scattering”, in Proc. IEEE Symp. on Security and Privacy, Oakland, California (USA), 1986, pp. 194–200.
Y. Koga, E. Fukushima and K. Yoshihara. “Error recoverable and securable data communication for computer network,” in Proc. 12th IEEE Int. Symp. on Fault-Tolerant Computing (FTCS-12), pp. 183–186, Santa Monica, California (USA), 1982, pp. 183–186.
D. Powell, Ed., Delta-4: A Generic Architecture for Dependable Distributed Computing, series Research Reports ESPRIT, Project 818/2252, Delta-4, Vol. 1 of 1, 484 p., ISBN 3-540-54985-4 and 0-387-54985-4, Springer-Verlag, 1991.
P.G. Ranéa, Y. Deswarte, J.M. Fray, D. Powell, “The Security approach in DELTA-4”, in Proc. of the European Telematics Conference (EUTECO-88) on Research into Networks and Distributed Applications, Viena, Austria, pp.455–466 (Ed. North-Holland, April 1988).
L. Blain and Y. Deswarte, “An intrusion-tolerant security server for an open distributed system”, in Proc. of the European Symposium in Computer Security (ESORICS 90), AFCET, Toulouse, France, pp. 97–104, 1990, 2-9036778-9.
G. Trouessin, Y. Deswarte, J.C. Fabre and B. Randell, “Improvement of Data Processing Security by means of Fault Tolerance”, Proceedings of the 14th National Computer Security Conference, NCSC, Washington DC (USA), 1991, pp. 295–304
S.K. Shrivastava, G.N. Dixon and G.D. Parrington, “An Overview of the Arjuna Distributed Programming System”, IEEE Software, vol. 8, #1, 1991, pp.66–73.
M. Makpangou, Y. Gourhant, J.-P.L. Narzul and M. Shapiro, “Structuring Distributed Applications as Fragmented Objects”, INRIA Research Report 1404, INRIA, Rocquencourt, France, 1991.
M. Shapiro, Y. Gourhant, S. Halbert, L. Mosseri, M. Ruffin and C. Valot, “SOS: An Object-Oriented Operating System — Assessment and perspective”, Computing Systems, vol. 2, #4, December 1989, pp. 287–338.
E.H. Bal and A.S. Tanenbaum, “Distributed programming with shared data”, in Proc. of the ICCL, Miami, Florida (USA), IEEE, Computer Society Press, 1988, pp. 82–91.
B. Meyer, “Eiffel: Programming for Reusability and Extendibility”, ACM SIGPLAN, vol. 22, #2, pp.85–94, 1987.
T. Anderson and P.A. Lee, Fault Tolerance: Principles and Practice, Prentice Hall, 1981.
P.D. Ezhilchelvan and S.K. Shrivastava, “A Distributed System Architecture Supporting High Availability and Reliability”, in Preprints, 2nd Int. Working Conference on Dependable Computing for Critical Applications, Tucson, Arizona (USA), 1991, pp. 36–48.
B. Randell and J.C. Fabre, “FDP techniques in Object-Oriented Systems”, LAAS Research Report n∘91114, Computing Laboratory of the University of Newcastle-upon-Tyne Research Report n∘337, 35p., May 1991.
T.F. Lunt, “Multilevel Security for Object-Oriented Database Systems”, in Proc. 3rd IFIP Workshop on Database Security, Monterey CA, USA, 1989.
A. Shamir, “How to Share a Secret”, Comm. ACM, vol. 22, #11, pp.612–613, 1979.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1992 Springer-Verlag
About this paper
Cite this paper
Fabre, JC., Randell, B. (1992). An Object-Oriented view of fragmented data processing for fault and intrusion tolerance in distributed systems. In: Deswarte, Y., Eizenberg, G., Quisquater, JJ. (eds) Computer Security — ESORICS 92. ESORICS 1992. Lecture Notes in Computer Science, vol 648. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0013899
Download citation
DOI: https://doi.org/10.1007/BFb0013899
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-56246-7
Online ISBN: 978-3-540-47488-3
eBook Packages: Springer Book Archive