Solutions for Trust of Applications on Untrustworthy SystemsReport
Distributed systems rely on non-local applications. At the same time, non- local applications can only be trusted as far as a non-local systems can be trusted. This is inadequate for the purposes of monitoring and maintaining critical infrastructure that relies on a distributed computer system. We require a distributed, flexible, and reliable application system to act non- locally throughout a network. Flexibility encourages a model that utilizes application level processes, dispatched from a trusted source system to untrustworthy non-local systems in the network. Reliability requires that the local system be aware of the state of operation of its dispatched application on the inherently untrustworthy non-local system. Unfortunately, these requirements lead to a scenario of a trust gap, in which a dispatched application level process must correctly function while relying on non-local (to the dispatcher, local to the application) system services which cannot be trusted. This is the inverse problem of the untrustworthy incoming application, in which a trusted system is asked to support an untrustworthy application. As such, a trust gap comes with a critical, unique, and difficult set of properties of great importance for the development of fault tolerant distributed systems. In this paper we will consider hardware and low-level software solutions to the trust gap problem. We develop a taxonomy of possible solutions and investigate the promise of each approach. Of these, we find two solution approaches with potential and applicability to today's distributed computing environments.
All rights reserved (no additional license for public reuse)
Hill, Jonathan, jack Davidson, and John Knight. "Solutions for Trust of Applications on Untrustworthy Systems." University of Virginia Dept. of Computer Science Tech Report (2000).
University of Virginia, Department of Computer Science