Enclaves consists of subsystems layered on top of each other. Directly over the Internet and the operating system is a mechanism for authentication, which involves encryption primitives. Using authentication is the group management layer that handles group initiation, membership changes, and group dispersal. Built on top of this is a layer of abstraction for secure point-to-point communication and secure multicast over the Internet. Finally, on top of these are secure user-level group applications, an example of which is a facility for secure file sharing among group members.
Figure 2: Layered architecture
As shown in Figure 2, the Enclaves toolkit depends on commonly available APIs, such as TCP/IP, and provides application builders with a layer of Enclaves API. This new API automatically provides mechanisms for user authentication, key distribution, secure group management, and secure multicast among group members.
The logical connections between a group of enclaves is as follows. The group leader occupies a special and important role in that all control flow (such as authentication and admission control) is mediated by the group leader. Any data flow that affects the entire group, such as modification to a shared file, is also mediated by the leader. Other non-crucial data can flow directly between group members to improve efficiency, after such channels are securely set up (again mediated by the group leader).
 Need help? Use our Contacts page.
Last changed: 1 May 2002 aw |
|
Conference Index