Check out the new USENIX Web site. next up previous
Next: Comparison with Related Work Up: Enclaves Design Previous: Design Rationale

Technical Approaches

Enclaves assumes that initial key assignment to group members is dealt elsewhere - certification authorities can be very useful for assigning keys. More specifically, each member is assumed to share a (possibly long term) symmetric key with the group leader. Authentication (for joining in a group session) uses DES-style shared-key cryptosystems. If we can assume that members have public-key capabilities, then Enclaves can use alternative protocols that provide very strong password protection [8].

Enclaves provides an abstract layer of secure multicast. For each group session, different keys are distributed to members for encrypting multicast data. The implementation of this layer is expected to change in future versions to better handle issues such as failure recovery and efficiency [9].

The Enclaves toolkit does not yet directly support remote objects. To facilitate a simple kind of secure remote object invocation, our approach is to define a platform-independent object manipulation language for each type of shared remote objects. Each local operation, if deemed to have global effect on a remote object, is then translated into this manipulation language before being multicast to the group. There are emerging softwares with built-in remote object capabilities and we will take advantage of them as they become widely available (except that we may have to retrofit these software with security features).

Finally, our design enforces the security of groups in Enclaves through the following mechanisms:

  1. The group leader and members mutually authenticate each other via authentication tokens.
  2. The session key is securely distributed to new members, and is securely revoked and updated whenever a member leaves the session.
  3. Group communication is secured by encrypting network traffic.
  4. Group members can invoke only those predefined procedures (or operations) on remote machines (or objects) and can do so only through the secure protocol interfaces.



Li Gong
Fri May 17 15:07:56 PDT 1996
?Need help? Use our Contacts page.

Last changed: 1 May 2002 aw
Conference Index
USENIX home