text-only page produced automatically by LIFT Text Transcoder Skip all navigation and go to page contentSkip top navigation and go to directorate navigationSkip top navigation and go to page navigation
National Science Foundation
Search  
Awards
design element
Search Awards
Recent Awards
Presidential and Honorary Awards
About Awards
How to Manage Your Award
Grant Policy Manual
Grant General Conditions
Cooperative Agreement Conditions
Special Conditions
Federal Demonstration Partnership
Policy Office Website


Award Abstract #0430161
Integrating Security and Fault Tolerance in Distributed Systems


NSF Org: CNS
Division of Computer and Network Systems
divider line
divider line
Initial Amendment Date: August 20, 2004
divider line
Latest Amendment Date: June 24, 2008
divider line
Award Number: 0430161
divider line
Award Instrument: Continuing grant
divider line
Program Manager: Karl N. Levitt
CNS Division of Computer and Network Systems
CSE Directorate for Computer & Information Science & Engineering
divider line
Start Date: September 1, 2004
divider line
Expires: August 31, 2009 (Estimated)
divider line
Awarded Amount to Date: $1600000
divider line
Investigator(s): Andrew Myers myers@cs.cornell.edu (Principal Investigator)
Kenneth Birman (Co-Principal Investigator)
Fred Schneider (Co-Principal Investigator)
divider line
Sponsor: Cornell University
373 Pine Tree Road
ITHACA, NY 14850 607/255-5014
divider line
NSF Program(s): ITR-CYBERTRUST
divider line
Field Application(s): 0000912 Computer Science
divider line
Program Reference Code(s): HPCC,9218,7254
divider line
Program Element Code(s): 7456

ABSTRACT

Proposal Number: NSF-0430161

TITLE: Integrating Security and Fault Tolerance in Distributed Systems

PI: Andrew C. Myers, Ken Birman, Fred B. Schneider

Trustworthy distributed systems should tolerate both malicious attacks and benign faults while preserving data integrity and confidentiality. This research aims to produce methods for constructing distributed systems that are trustworthy in the aggregate, even when some nodes in the system have been compromised by malicious attackers. The security and fault-tolerance communities have developed their own solutions to aspects of these problems, but the solutions are incompatible. The goal of this project is to reconcile that incompatibility. One key idea is to use automatic compile-time transformations to rewrite programs to run securely, even when some host machines are untrustworthy. Code and data are transformed to synthesize distributed systems that, by construction, provide confidentiality, integrity, and availability. The planned research also includes new distributed computation techniques needed to make these transformations effective. These techniques include proactive recovery, proactive obfuscation, and threshold cryptography, which can help systems survive malicious intrusions and denial of service attacks while offering data integrity, high availability, and cryptographic protection for secrets. Gossip-based and epidemic communication algorithms can provide robust, scalable, and efficient information aggregration over a large distributed system. In summary, the plan is to combine new compile-time and run-time techniques to make distributed systems more trustworthy.


PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Next (Showing: 1 - 20 of 22).

Alan Shieh, Andrew C. Myers, Emin G?n Sirer.  "Trickles: A Stateless Network Stack for Improved Scalability, Resilience, and Flexibility,"  Proceedings, 2nd USENIX Symposium on Networked Systems Design and Implementation (NSDI),  2005,  p. 175.

Andrew C. Myers, Andrei Sabelfeld, Steve Zdancewic.  "Enforcing Robust Declassification and Qualified Robustness,"  Journal of Computer Security,  v.14(2),  2006,  p. 157.

Havard Johansen, Andre Allavena, Robbert van Renesse.  "Fireflies: Scalable Support for Intrusion-Tolerant Network Overlays,"  Proceedings of Eurosys 2006,  2006, 

Jed Liu, Aaron Kimball, Andrew C. Myers.  "Interruptible Iterators,"  Proceedings of the 33rd ACM Symposium on Principles of Programming Languages,  2006,  p. 283.

Kevin Hamlen, Greg Morrisett, Fred B. Schneider.  "Computability classes for enforcement mechanisms,"  ACM Transactions on Programming Languages and Systems,  v.28,  2006,  p. 175.

Kevin Hamlen, Greg Morrisett, Fred B. Schneider.  "Certified In-lined Reference Monitoring on .NET,"  Proceedings ACM SIGPLAN Workshop on Programming Languages and Analysis for Security,  2006, 

Kevin R. O'Neill, Michael R. Clarkson, Stephen Chong.  "Information-Flow Security for Interactive Programs,"  Proc. 19th Computer Security Foundations Workshop,  2006, 

Krzysztof Ostrowski and Ken Birman.  "Programming with Live Distributed Objects,"  22nd European Conference on Object-Oriented Programming (ECOOP 2008),  2008, 

Lantian Zheng and Andrew C. Myers.  "Securing Nonintrusive Web Encryption through Information Flow,"  Proceedings of the 3rd ACM SIGPLAN Workshop on Programming Languages and Security,  2008,  p. 125.

Lantian Zheng, Andrew C. Myers.  "End-to-End Availability Policies and Noninterference,"  Proceedings, 18th IEEE Computer Security Foundations Workshop,  2005, 

Lantian Zheng, Andrew C. Myers.  "Dynamic Security Labels and Static Information Flow Control,"  International Journal of Information Security,  v.6 (2-3),  2007, 

Lidong Zhou, Fred B. Schneider.  "Implementing trustworthy services using replicated state machines,"  Proc. IEEE Security and Privacy,  v.3,  2005,  p. 34.

M. R. Clarkson, S. Chong, and A. C. Myers.  "Civitas: Toward a Secure Voting System,"  Proceedings of the 2008 IEEE Symposium on Security and Privacy,  2008,  p. 354.

Michael Clarkson, Andrew C. Myers, Fred B. Schneider.  "Belief in Information Flow,"  Proceedings, 18th IEEE Computer Security Foundations Workshop,  2005,  p. 31.

Michael R. Clarkson and Fred B. Schneider.  "Hyperproperties,"  Proceedings of the IEEE Computer Security Foundations Symposium,  2008,  p. 51.

Nathaniel Nystrom, Xin Qi, Andrew C. Myers.  "J&: Nested Intersection for Scalable Software Composition,"  Proceedings of the 21st ACM Conference on Object-Oriented Programming Languages, Systems, Languages, and Applications,  2006,  p. 21.

Riccardo Pucella and Fred B. Schneider.  "Independence From Obfuscation: A Semantic Framework for Diversity,"  Proc. 19th Computer Security Foundations Workshop,  2006, 

Robert L. Constable, Wojciech Moczydlowski.  "Extracting Programs from Constructive HOL Proofs Via IZF Set-Theoretic Semantics,"  Automated Reasoning, Third International Joint Conference, IJCAR 2006,  2006, 

Stephen Chong and Andrew C. Myers.  "End-to-End Enforcement of Erasure and Declassification,"  Proceedings of the IEEE Computer Security Foundations Symposium,  2008,  p. 98.

Stephen Chong, Andrew C. Myers.  "Language-Based Information Erasure,"  Proceedings, 18th IEEE Computer Security Foundations Workshop,  2005,  p. 241.


Next (Showing: 1 - 20 of 22).

 

Please report errors in award information by writing to: awardsearch@nsf.gov.

 

 
Print this page
Back to Top of page
  Web Policies and Important Links | Privacy | FOIA | Help | Contact NSF | Contact Web Master | SiteMap  
National Science Foundation
The National Science Foundation, 4201 Wilson Boulevard, Arlington, Virginia 22230, USA
Tel: (703) 292-5111, FIRS: (800) 877-8339 | TDD: (800) 281-8749
Last Updated:
April 2, 2007
Text Only


Last Updated:April 2, 2007