ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Fabric: a platform for secure distributed computation and storage
Full text PdfPdf (525 KB)
Source
ACM Symposium on Operating Systems Principles archive
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles table of contents
Big Sky, Montana, USA
SESSION: Security table of contents
Pages 321-334  
Year of Publication: 2009
ISBN:978-1-60558-752-3
Authors
Jed Liu  Cornell University, Ithaca, NY, USA
Michael D. George  Cornell University, Ithaca, NY, USA
K. Vikram  Cornell University, Ithaca, NY, USA
Xin Qi  Cornell University, Ithaca, NY, USA
Lucas Waye  Cornell University, Ithaca, NY, USA
Andrew C. Myers  Cornell University, Ithaca, NY, USA
Sponsors
ACM: Association for Computing Machinery
SIGOPS: ACM Special Interest Group on Operating Systems
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 48,   Downloads (12 Months): 48,   Citation Count: 0
Additional Information:

abstract   references   index terms  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1629575.1629606
What is a DOI?

ABSTRACT

Fabric is a new system and language for building secure distributed information systems. It is a decentralized system that allows heterogeneous network nodes to securely share both information and computation resources despite mutual distrust. Its high-level programming language makes distribution and persistence largely transparent to programmers. Fabric supports data-shipping and function-shipping styles of computation: both computation and information can move between nodes to meet security requirements or to improve performance. Fabric provides a rich, Java-like object model, but data resources are labeled with confidentiality and integrity policies that are enforced through a combination of compile-time and run-time mechanisms. Optimistic, nested transactions ensure consistency across all objects and nodes. A peer-to-peer dissemination layer helps to increase availability and to balance load. Results from applications built using Fabric suggest that Fabric has a clean, concise programming model, offers good performance, and enforces security.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Marcos K. Aguilera, Arif Merchant, Mehul Shah, Alistair Veitch, and Christos Karamanolis. Sinfonia: a new paradigm for building scalable distributed systems. In Proc. 21st ACM Symp. on Operating System Principles (SOSP), pages 159--174, October 2007.
 
2
Siddhartha Annapureddy, Michael J. Freedman, and David Mazières. Shark: Scaling file servers via cooperative caching. In Proc. 2nd USENIX/ACM Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA, May 2005.
 
3
M. Atkinson et al. The object-oriented database manifesto. In Proc. International Conference on Deductive Object Oriented Databases, Kyoto, Japan, December 1989.
 
4
Andrew Black, Norman Hutchinson, Eric Jul, and Henry Levy. Object structure in the Emerald system. In Proc. 1st ACM Conference on Object-Oriented Programming Systems, Languages and Applications (OOPSLA), pages 78--86, November 1986.
 
5
David Booth, Hugo Haas, Francis McCabe, Eric Newcomer, Michael Champion, Chris Ferris, and David Orchard. Web services architecture. http://www.w3.org/TR/2004/NOTE-ws-arch-20040211/, 2004.
 
6
Chavdar Botev et al. Supporting workflow in a course management system. In Proc. 36th ACM Technical Symposium on Computer Science Education (SIGCSE), pages 262--266, February 2005.
 
7
Paul Butterworth, Allen Otis, and Jacob Stein. The GemStone Object Database Management System. Comm. of the ACM, 34(10):64--77, October 1991.
 
8
M.J. Carey, D.J. DeWitt, and J.F. Naughton. The OO7 Benchmark. In Proc. ACM SIGMOD International Conference on Management of Data, pages 12--21, Washington D.C., May 1993.
 
9
M. Castro, A. Adya, B. Liskov, and A.C. Myers. HAC: Hybrid Adaptive Caching for Distributed Storage Systems. In Proc. 17th ACM Symp. on Operating System Principles (SOSP), pages 102--115, St. Malo, France, October 1997.
 
10
K. Mani Chandy, J. Misra, and Laura M. Haas. Distributed deadlock detection. ACM Transactions on Computer Systems, 1(2), 1983.
 
11
Stephen Chong, Jed Liu, Andrew C. Myers, Xin Qi, K. Vikram, Lantian Zheng, and Xin Zheng. Secure web applications via automatic partitioning. In Proc. 21st ACM Symp. on Operating System Principles (SOSP), October 2007.
 
12
Stephen Chong and Andrew C. Myers. Decentralized robustness. In Proc. 19th IEEE Computer Security Foundations Workshop, pages 242--253, July 2006.
 
13
Stephen Chong, K. Vikram, and Andrew C. Myers. SIF: Enforcing confidentiality and integrity in web applications. In Proc. 16th USENIX Security Symposium, August 2007.
 
14
Michael R. Clarkson, Stephen Chong, and Andrew C. Myers. Civitas: Toward a secure voting system. In Proc. IEEE Symposium on Security and Privacy, pages 354--368, May 2008.
 
15
Frank Dabek, M. Frans Kaashoek, David Karger, Robert Morris, and Ion Stoica. Wide-area cooperative storage with CFS. In Proc. 18th ACM Symp. on Operating Systems Principles (SOSP), October 2001.
 
16
Linda G. DeMichiel. Enterprise JavaBeans Specifications, Version 2.1. Sun Microsystems.
 
17
Dorothy E. Denning and Peter J. Denning. Certification of programs for secure information flow. Comm. of the ACM, 20(7):504--513, July 1977.
 
18
J.B. Dennis and E.C. VanHorn. Programming semantics for multiprogrammed computations. Comm. of the ACM, 9(3):143--155, March 1966.
 
19
P. Druschel and A. Rowstron. Past: A large-scale, persistent peer-to-peer storage utility. In In Proc. IEEE Workshop on Hot Topics in Operating Systems, Schoss Elmau, Germany, May 2001.
 
20
M. Herlihy and J. Wing. Avalon: Language support for reliable distributed systems. In Proc. 17th International Symposium on Fault-Tolerant Computing, pages 89--94. IEEE, July 1987.
 
21
Boniface Hicks, Kiyan Ahmadizadeh, and Patrick McDaniel. Understanding practical application development in security-typed languages. In 22nd Annual Computer Security Applications Conference (ACSAC), December 2006.
 
22
Health insurance portability and privacy act of 1996. Public Law 104--191, 1996.
 
23
R. Housley, W. Polk, W. Ford, and D. Solo. Internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. Internet RFC-3280, April 2002.
 
24
JavaSoft. Java Remote Method Invocation. http://java.sun.com/products/jdk/rmi, 1999.
 
25
Linda T. Kohn, Janet M. Corrigan, and Molla S. Donaldson, editors. To Err is Human: Building a Safer Health System. The National Academies Press, Washington, D.C., April 2000.
 
26
Maxwell Krohn, Alexander Yip, Micah Brodsky, Natan Cliffer, M. Frans Kaashoek, Eddie Kohler, and Robert Morris. Information flow control for standard OS abstractions. In Proc. 21st ACM Symp. on Operating System Principles (SOSP), 2007.
 
27
John Kubiatowicz, David Bindel, Yan Chen, Steven Czerwinski, Patrick Eaton, Dennis Geels, Ramakrishna Gummadi, Sean Rhea, Hakim Weatherspoon, Westley Weimer, Chris Wells, and Ben Zhao. OceanStore: An architecture for global-scale persistent storage. In Proc. 9th international Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2000), November 2000.
 
28
C. Lamb, G. Landis, J. Orenstein, and D. Weinreb. The ObjectStore Database System. Comm. of the ACM, 34(10):50--63, October 1991.
 
29
B. Liskov, A. Adya, M. Castro, M. Day, S. Ghemawat, R. Gruber, U. Maheshwari, A. C. Myers, and L. Shrira. Safe and Efficient Sharing of Persistent Objects in Thor. In Proc. ACM SIGMOD International Conference on Management of Data, pages 318--329, Montreal, Canada, June 1996.
 
30
Barbara H. Liskov. The Argus language and system. In Distributed Systems: Methods and Tools for Specification, volume 150 of Lecture Notes in Computer Science, pages 343--430. Springer-Verlag Berlin, 1985.
 
31
John MacCormick, Nick Murph, Marc Najor, Chandramohan A. Thekkat, and Lidong Zhou. Boxwood: Abstractions as the foundation for storage infrastructure. In Proc. USENIX Symp. on Operating Systems Design and Implementation (OSDI), December 2004.
 
32
J.E.B. Moss. Design of the Mneme Persistent Object Store. ACM Transactions on Office Information Systems, 8(2):103--139, March 1990.
 
33
Andrew C. Myers. JFlow: Practical mostly-static information flow control. In Proc. 26th ACM Symp. on Principles of Programming Languages (POPL), pages 228--241, January 1999.
 
34
Andrew C. Myers. Mostly-static decentralized information flow control. Technical Report MIT/LCS/TR-783, Massachusetts Institute of Technology, Cambridge, MA, January 1999. Ph.D. thesis.
 
35
Andrew C. Myers and Barbara Liskov. Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology, 9(4):410--442, October 2000.
 
36
Andrew C. Myers, Lantian Zheng, Steve Zdancewic, Stephen Chong, and Nathaniel Nystrom. Jif 3.0: Java information flow. Software release, http://www.cs.cornell.edu/jif, July 2006.
 
37
Daniel Myers, Jennifer Carlisle, James Cowling, and Barbara Liskov. Mapjax: Data structure abstractions for asynchronous web applications. In Proc. 2007 USENIX Annual Technical Conference, Santa Clara, CA, June 2007.
 
38
George C. Necula and Peter Lee. The design and implementation of a certifying compiler. In Proc. SIGPLAN 1998 Conference on Programming Language Design and Implementation, pages 333--344, 1998.
 
39
Nathaniel Nystrom, Michael R. Clarkson, and Andrew C. Myers. Polyglot: An extensible compiler framework for Java. In Proc. 12th International Compiler Construction Conference (CC'03), pages 138--152, April 2003. LNCS 2622.
 
40
Michael A. Olson, Keith Bostic, and Margo Seltzer. Berkeley DB. In Proc. USENIX Annual Technical Conference, 1999.
 
41
OMG. The Common Object Request Broker: Architecture and Specification, December 1991. OMG TC Document Number 91.12.1, Revision 1.1.
 
42
Krzysztof Ostrowski, Ken Birman, Danny Dolev, and Jong Hoon Ahnn. Programming with live distributed objects. In Proc. 22nd European Conference on Object-Oriented Programming (ECOOP), 2008.
 
43
Venugopalan Ramasubramanian and Emin Gün Sirer. Beehive: O(1) lookup performance for power-law query distributions in peer-to-peer overlays. In USENIX Symposium on Networked Systems Design and Implementation (NSDI), March 2004.
 
44
Sean Rhea, Brighten Dodfrey, Brad Karp, John Kubiatowicz, Sylvia Ratnasamy, Scott Shenker, Ion Stoica, and Harlan Yu. OpenDHT: A public DHT service and its uses. In Proceedings of ACM SIGCOMM '05 Symposium, 2005.
 
45
Sean Rhea, Patrick Eaton, Dennis Geels, Hakim Weatherspoon, Ben Zhao, and John Kubiatowicz. Pond: the OceanStore prototype. In 2nd USENIX Conference on File and Storage Technologies, pages 1--14, 2003.
 
46
A. Rowstron and P. Druschel. Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility. In Proc. 18th ACM Symp. on Operating System Principles (SOSP), October 2001.
 
47
Antony Rowstron and Peter Druschel. Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In IFIP/ACM International Conference on Distributed Systems Platforms (Middleware), pages 329--350, November 2001.
 
48
Vijay A. Saraswat, Vivek Sarkar, and Christoph von Praun. X10: concurrent programming for modern architectures. In Proc. 12th ACM Symposium on Principles and Practice of Parallel Programming (PPoPP), 2007.
 
49
Liuba Shrira, Hong Tian, and Doug Terry. Exo-leasing: Escrow synchronization for mobile clients of commodity storage servers. In Proc. ACM/IFIP/Usenix International Middleware Conference (Middleware 2008), December 2008.
 
50
Sun Microsystems. Java Language Specification, version 1.0 beta edition, October 1995. Available at ftp://ftp.javasoft.com/docs/javaspec.ps.zip.
 
51
Chunqiang Tang, DeQing Chen, Sandhya Dwarjadas, and Michael L. Scott. Integrating remote invocation and distributed shared state. In Proc. 18th International Parallel and Distributed Processing Symposium, April 2004.
 
52
W3C. SOAP version 1.2, June 2003. W3C Recommendation, at http://www.w3.org/TR/soap12.
 
53
Dan S. Wallach and Edward W. Felten. Understanding Java stack inspection. In Proc. IEEE Symposium on Security and Privacy, pages 52--63, Oakland, California, USA, May 1998.
 
54
Fan Yang, Nitin Gupta, Nicholas Gerner, Xin Qi, Alan Demers, Johannes Gehrke, and Jayavel Shanmugasundaram. A unified platform for data driven web applictions with automatic client-server partitioning. In Proc. 16th International World Wide Web Conference (WWW'07), pages 341--350, 2007.
 
55
Steve Zdancewic, Lantian Zheng, Nathaniel Nystrom, and Andrew C. Myers. Secure program partitioning. ACM Transactions on Computer Systems, 20(3):283--328, August 2002.
 
56
Nickolai Zeldovich, Silas Boyd, and David Mazières. Securing distributed systems with information flow control. In Proc. 5th USENIX Symposium on Networked Systems Design and Implementation (NSDI), pages 293--308, 2008.
 
57
Lantian Zheng, Stephen Chong, Andrew C. Myers, and Steve Zdancewic. Using replication and partitioning to build secure distributed systems. In Proc. IEEE Symposium on Security and Privacy, pages 236--250, Oakland, California, May 2003.

INDEX TERMS

Primary Classification:
  D. Software
  D.3 PROGRAMMING LANGUAGES
      D.3.2 Language Classifications
          Subjects: Concurrent, distributed, and parallel languages

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Information flow controls


General Terms:
Languages, Security


Keywords:
distributed systems, information flow, security, transactions


The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player