| Citation | Ph.D. Thesis, Stanford University, 2007
|
| Author | Nagendra Modadugu
|
It is commonly believed that systems that are not designed
with security aspects in mind are difficult to secure later. This
thesis argues that there are many situations in which security aspects
can be retrofitted into such systems without significant effort, or
impact to users of these systems.
In support of this thesis we consider three broad computer system areas:
data communication, addressing (name lookup), and data storage. These
aspects are by no means new, and in fact are core components of any
networked computer system.
First, we present Datagram Transport Security Layer (DTLS), a protocol
that can be used for securing unreliable datagram transport such as UDP.
Prior to DTLS, the standard options available to a system designer were
SSL/TLS or IPsec, neither of which are well suited for securing delay
sensitive applications such as Internet telephony. DTLS is based on the
TLS protocol and consequently provides a familiar programming model.
DTLS was adopted by the IETF as RFC~4347.
Second, we present Churro, a registrar-free name service. Traditional
name services, such as DNS, are centralized in two important respects:
(1) authority---the question of who gets assigned a name, and (2)
distribution---the question of how a name database is
distributed. Both of these aspects have been receiving
scrutiny---authority because ICANN (the governing body overseeing
DNS) is seen to have too much influence over the running of DNS, and
distribution following denial of service attacks on the DNS root
servers. Churro runs over a distributed hash table and allows names to
be multiply registered. Conflicts are resolved via a resolution
algorithm that, in most situations, is capable of determining the
earliest registration.
Finally, we present the design of SiRiUS, a secure filesystem. SiRiUS
enables users to store data on a remote untrusted server, without
requiring modification to server software or configuration. The data
thus stored can be shared between groups of the owner's choosing without
relying on the server to enforce access control. Previous secure
filesystems have either placed trust in the remote file server, or if
not, fail to provide mechanisms for sharing files.