ABSTRACT
Fabric is a new system and language for building secure distributed information systems. It is a decentralized system that allows heterogeneous network nodes to securely share both information and computation resources despite mutual distrust. Its high-level programming language makes distribution and persistence largely transparent to programmers. Fabric supports data-shipping and function-shipping styles of computation: both computation and information can move between nodes to meet security requirements or to improve performance. Fabric provides a rich, Java-like object model, but data resources are labeled with confidentiality and integrity policies that are enforced through a combination of compile-time and run-time mechanisms. Optimistic, nested transactions ensure consistency across all objects and nodes. A peer-to-peer dissemination layer helps to increase availability and to balance load. Results from applications built using Fabric suggest that Fabric has a clean, concise programming model, offers good performance, and enforces security.
- Marcos K. Aguilera, Arif Merchant, Mehul Shah, Alistair Veitch, and Christos Karamanolis. Sinfonia: a new paradigm for building scalable distributed systems. In Proc. 21st ACM Symp. on Operating System Principles (SOSP), pages 159--174, October 2007. Google ScholarDigital Library
- Siddhartha Annapureddy, Michael J. Freedman, and David Mazières. Shark: Scaling file servers via cooperative caching. In Proc. 2nd USENIX/ACM Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA, May 2005. Google ScholarDigital Library
- M. Atkinson et al. The object-oriented database manifesto. In Proc. International Conference on Deductive Object Oriented Databases, Kyoto, Japan, December 1989.Google Scholar
- Andrew Black, Norman Hutchinson, Eric Jul, and Henry Levy. Object structure in the Emerald system. In Proc. 1st ACM Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA), pages 78--86, November 1986. Google ScholarDigital Library
- David Booth, Hugo Haas, Francis McCabe, Eric Newcomer, Michael Champion, Chris Ferris, and David Orchard. Web services architecture. http://www.w3.org/TR/2004/NOTE-ws-arch-20040211/, 2004.Google Scholar
- Chavdar Botev et al. Supporting workflow in a course management system. In Proc. 36th ACM Technical Symposium on Computer Science Education (SIGCSE), pages 262--266, February 2005. Google ScholarDigital Library
- Paul Butterworth, Allen Otis, and Jacob Stein. The GemStone Object Database Management System. Comm. of the ACM, 34(10):64--77, October 1991. Google ScholarDigital Library
- M.J. Carey, D.J. DeWitt, and J.F. Naughton. The OO7 Benchmark. In Proc. ACM SIGMOD International Conference on Management of Data, pages 12--21, Washington D.C., May 1993. Google ScholarDigital Library
- M. Castro, A. Adya, B. Liskov, and A.C. Myers. HAC: Hybrid Adaptive Caching for Distributed Storage Systems. In Proc. 17th ACM Symp. on Operating System Principles (SOSP), pages 102--115, St. Malo, France, October 1997. Google ScholarDigital Library
- K. Mani Chandy, J. Misra, and Laura M. Haas. Distributed deadlock detection. ACM Transactions on Computer Systems, 1(2), 1983. Google ScholarDigital Library
- Stephen Chong, Jed Liu, Andrew C. Myers, Xin Qi, K. Vikram, Lantian Zheng, and Xin Zheng. Secure web applications via automatic partitioning. In Proc. 21st ACM Symp. on Operating System Principles (SOSP), October 2007. Google ScholarDigital Library
- Stephen Chong and Andrew C. Myers. Decentralized robustness. In Proc. 19th IEEE Computer Security Foundations Workshop, pages 242--253, July 2006. Google ScholarDigital Library
- Stephen Chong, K. Vikram, and Andrew C. Myers. SIF: Enforcing confidentiality and integrity in web applications. In Proc. 16th USENIX Security Symposium, August 2007. Google ScholarDigital Library
- Michael R. Clarkson, Stephen Chong, and Andrew C. Myers. Civitas: Toward a secure voting system. In Proc. IEEE Symposium on Security and Privacy, pages 354--368, May 2008. Google ScholarDigital Library
- Frank Dabek, M. Frans Kaashoek, David Karger, Robert Morris, and Ion Stoica. Wide-area cooperative storage with CFS. In Proc. 18th ACM Symp. on Operating Systems Principles (SOSP), October 2001. Google ScholarDigital Library
- Linda G. DeMichiel. Enterprise JavaBeans Specifications, Version 2.1. Sun Microsystems.Google Scholar
- Dorothy E. Denning and Peter J. Denning. Certification of programs for secure information flow. Comm. of the ACM, 20(7):504--513, July 1977. Google ScholarDigital Library
- J.B. Dennis and E.C. VanHorn. Programming semantics for multiprogrammed computations. Comm. of the ACM, 9(3):143--155, March 1966. Google ScholarDigital Library
- P. Druschel and A. Rowstron. Past: A large-scale, persistent peer-to-peer storage utility. In In Proc. IEEE Workshop on Hot Topics in Operating Systems, Schoss Elmau, Germany, May 2001. Google ScholarDigital Library
- M. Herlihy and J. Wing. Avalon: Language support for reliable distributed systems. In Proc. 17th International Symposium on Fault-Tolerant Computing, pages 89--94. IEEE, July 1987.Google Scholar
- Boniface Hicks, Kiyan Ahmadizadeh, and Patrick McDaniel. Understanding practical application development in security-typed languages. In 22nd Annual Computer Security Applications Conference (ACSAC), December 2006. Google ScholarDigital Library
- Health insurance portability and privacy act of 1996. Public Law 104--191, 1996.Google Scholar
- R. Housley, W. Polk, W. Ford, and D. Solo. Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. Internet RFC-3280, April 2002.Google Scholar
- JavaSoft. Java Remote Method Invocation. http://java.sun.com/products/jdk/rmi, 1999.Google Scholar
- Linda T. Kohn, Janet M. Corrigan, and Molla S. Donaldson, editors. To Err is Human: Building a Safer Health System. The National Academies Press, Washington, D.C., April 2000.Google Scholar
- Maxwell Krohn, Alexander Yip, Micah Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, and Robert Morris. Information flow control for standard OS abstractions. In Proc. 21st ACM Symp. on Operating System Principles (SOSP), 2007. Google ScholarDigital Library
- John Kubiatowicz, David Bindel, Yan Chen, Steven Czerwinski, Patrick Eaton, Dennis Geels, Ramakrishna Gummadi, Sean Rhea, Hakim Weatherspoon, Westley Weimer, Chris Wells, and Ben Zhao. OceanStore: An architecture for global-scale persistent storage. In Proc. 9th international Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2000), November 2000. Google ScholarDigital Library
- C. Lamb, G. Landis, J. Orenstein, and D. Weinreb. The ObjectStore Database System. Comm. of the ACM, 34(10):50--63, October 1991. Google ScholarDigital Library
- B. Liskov, A. Adya, M. Castro, M. Day, S. Ghemawat, R. Gruber, U. Maheshwari, A. C. Myers, and L. Shrira. Safe and Efficient Sharing of Persistent Objects in Thor. In Proc. ACM SIGMOD International Conference on Management of Data, pages 318--329, Montreal, Canada, June 1996. Google ScholarDigital Library
- Barbara H. Liskov. The Argus language and system. In Distributed Systems: Methods and Tools for Specification, volume 150 of Lecture Notes in Computer Science, pages 343--430. Springer-Verlag Berlin, 1985. Google ScholarDigital Library
- John MacCormick, Nick Murph, Marc Najor, Chandramohan A. Thekkat, and Lidong Zhou. Boxwood: Abstractions as the foundation for storage infrastructure. In Proc. USENIX Symp. on Operating Systems Design and Implementation (OSDI), December 2004. Google ScholarDigital Library
- J.E.B. Moss. Design of the Mneme Persistent Object Store. ACM Transactions on Office Information Systems, 8(2):103--139, March 1990. Google ScholarDigital Library
- Andrew C. Myers. JFlow: Practical mostly-static information flow control. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), pages 228--241, January 1999. Google ScholarDigital Library
- Andrew C. Myers. Mostly-static decentralized information flow control. Technical Report MIT/LCS/TR-783, Massachusetts Institute of Technology, Cambridge, MA, January 1999. Ph.D. thesis.Google ScholarDigital Library
- Andrew C. Myers and Barbara Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology, 9(4):410--442, October 2000. Google ScholarDigital Library
- Andrew C. Myers, Lantian Zheng, Steve Zdancewic, Stephen Chong, and Nathaniel Nystrom. Jif 3.0: Java information flow. Software release, http://www.cs.cornell.edu/jif, July 2006.Google Scholar
- Daniel Myers, Jennifer Carlisle, James Cowling, and Barbara Liskov. Mapjax: Data structure abstractions for asynchronous web applications. In Proc. 2007 USENIX Annual Technical Conference, Santa Clara, CA, June 2007. Google ScholarDigital Library
- George C. Necula and Peter Lee. The design and implementation of a certifying compiler. In Proc. SIGPLAN 1998 Conference on Programming Language Design and Implementation, pages 333--344, 1998. Google ScholarDigital Library
- Nathaniel Nystrom, Michael R. Clarkson, and Andrew C. Myers. Polyglot: An extensible compiler framework for Java. In Proc. 12th International Compiler Construction Conference (CC'03), pages 138--152, April 2003. LNCS 2622. Google ScholarDigital Library
- Michael A. Olson, Keith Bostic, and Margo Seltzer. Berkeley DB. In Proc. USENIX Annual Technical Conference, 1999. Google ScholarDigital Library
- OMG. The Common Object Request Broker: Architecture and Specification, December 1991. OMG TC Document Number 91.12.1, Revision 1.1.Google Scholar
- Krzysztof Ostrowski, Ken Birman, Danny Dolev, and Jong Hoon Ahnn. Programming with live distributed objects. In Proc. 22nd European Conference on Object-Oriented Programming (ECOOP), 2008. Google ScholarDigital Library
- Venugopalan Ramasubramanian and Emin Gün Sirer. Beehive: O(1) lookup performance for power-law query distributions in peer-to-peer overlays. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), March 2004. Google ScholarDigital Library
- Sean Rhea, Brighten Dodfrey, Brad Karp, John Kubiatowicz, Sylvia Ratnasamy, Scott Shenker, Ion Stoica, and Harlan Yu. OpenDHT: A public DHT service and its uses. In Proceedings of ACM SIGCOMM '05 Symposium, 2005. Google ScholarDigital Library
- Sean Rhea, Patrick Eaton, Dennis Geels, Hakim Weatherspoon, Ben Zhao, and John Kubiatowicz. Pond: the OceanStore prototype. In 2nd USENIX Conference on File and Storage Technologies, pages 1--14, 2003. Google ScholarDigital Library
- A. Rowstron and P. Druschel. Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility. In Proc. 18th ACM Symp. on Operating System Principles (SOSP), October 2001. Google ScholarDigital Library
- Antony Rowstron and Peter Druschel. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In IFIP/ACM International Conference on Distributed Systems Platforms (Middleware), pages 329--350, November 2001. Google ScholarDigital Library
- Vijay A. Saraswat, Vivek Sarkar, and Christoph von Praun. X10: concurrent programming for modern architectures. In Proc. 12th ACM Symposium on Principles and Practice of Parallel Programming (PPoPP), 2007. Google ScholarDigital Library
- Liuba Shrira, Hong Tian, and Doug Terry. Exo-leasing: Escrow synchronization for mobile clients of commodity storage servers. In Proc. ACM/IFIP/Usenix International Middleware Conference (Middleware 2008), December 2008. Google ScholarDigital Library
- Sun Microsystems. Java Language Specification, version 1.0 beta edition, October 1995. Available at ftp://ftp.javasoft.com/docs/javaspec.ps.zip.Google Scholar
- Chunqiang Tang, DeQing Chen, Sandhya Dwarjadas, and Michael L. Scott. Integrating remote invocation and distributed shared state. In Proc. 18th International Parallel and Distributed Processing Symposium, April 2004.Google Scholar
- W3C. SOAP version 1.2, June 2003. W3C Recommendation, at http://www.w3.org/TR/soap12.Google Scholar
- Dan S. Wallach and Edward W. Felten. Understanding Java stack inspection. In Proc. IEEE Symposium on Security and Privacy, pages 52--63, Oakland, California, USA, May 1998.Google Scholar
- Fan Yang, Nitin Gupta, Nicholas Gerner, Xin Qi, Alan Demers, Johannes Gehrke, and Jayavel Shanmugasundaram. A unified platform for data driven web applictions with automatic client-server partitioning. In Proc. 16th International World Wide Web Conference (WWW'07), pages 341--350, 2007. Google ScholarDigital Library
- Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. Secure program partitioning. ACM Transactions on Computer Systems, 20(3):283--328, August 2002. Google ScholarDigital Library
- Nickolai Zeldovich, Silas Boyd, and David Mazières. Securing distributed systems with information flow control. In Proc. 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages 293--308, 2008. Google ScholarDigital Library
- Lantian Zheng, Stephen Chong, Andrew C. Myers, and Steve Zdancewic. Using replication and partitioning to build secure distributed systems. In Proc. IEEE Symposium on Security and Privacy, pages 236--250, Oakland, California, May 2003. Google ScholarDigital Library
Index Terms
- Fabric: a platform for secure distributed computation and storage
Recommendations
Fabric: Building open distributed systems securely by construction
Verified information flow securityDistributed information systems are prevalent in modern computing but difficult to build securely. Because systems commonly span domains of trust, host nodes share data and code of varying degrees of trustworthiness. Modern systems are often open and ...
Safe Serializable Secure Scheduling: Transactions and the Trade-Off Between Security and Consistency
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityModern applications often operate on data in multiple administrative domains. In this federated setting, participants may not fully trust each other. These distributed applications use transactions as a core mechanism for ensuring reliability and ...
Arrows for secure information flow
This paper presents an embedded security sublanguage for enforcing information-flow policies in the standard Haskell programming language. The sublanguage provides useful information-flow control mechanisms including dynamic security lattices, run-time ...
Comments