There is tremendous demand for the ability to be able to electronically buy and sell goods over networks. This field is called electronic commerce, and it has inspired a large variety of work. Unfortunately, much of that work ignores traditional transaction processing concerns — chiefly atomicity. This paper discusses the role of atomicity in electronic commerce. It then briefly surveys some major types of electronic commerce pointing out flaws in atomicity. We pay special attention to the atomicity problems of proposals for digital cash. The paper present two examples of highly atomic

Consider the problem of transparently recovering an asynchronous distributed computation when one or more processes fail. Basing rollback recovery on optimistic message loggingand replay is desirable for several reasons, including not requiring synchronization between processes during failure-free operation. However, previous optimistic rollback recovery protocols either have required synchronization during recovery, or have permitted a failure at one process to potentially trigger an exponential number of process rollbacks. In this paper, we present an optimistic rollback recovery protocol that provides completely asynchronous recovery, while also reducing the number of times a process must roll back in response to a failure to at most one. This protocol is based on comparing timestampvectors across multiple levels of partial order time.

Partial order time expresses issues central to many problems in asynchronous distributed systems, but suffers from inherent security and privacy risks. Secure partial order clocks provide a general method to develop application protocols that transparently protect against these risks. Our previous Signed Vector Timestamp protocol provides a partial order time service with some security: no one can forge dependence on an honest process. However, that protocol still permits some forgery of dependence, permits all denial of precedence, and leaks private information. This paper uses secure coprocessors to improve the vector protocol: our new Sealed Vector Timestamp protocol detects both the presence and absence of causal paths even in the presense of malicious processes, and protects against some privacy risks as well. By solving these previously open security problems, our new protocol provides a foundation for incorporating security and privacy into distributed application protocols bas...

The potential of secure coprocessing to address many emerging security challenges and to enable new applications has been a long-standing interest of many members of the Computer Research and Applications Group, including this author. The purpose of this paper is to summarize this thinking, by presenting a taxonomy of some potential applications and by summarizing what we regard as some particularly interesting research questions.

The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the U.S. Government.

Basing rollback recovery on optimistic message logging and replay avoids the need for synchronization between processes during failure-free execution. Some previous research has also attempted to reduce the need for synchronization during recovery, but these protocols have suffered from three problems: not eliminating all synchronization during recovery, not minimizing rollback, or providing these properties but requiring large timestamps. This paper makes two contributions: we present a new rollback recovery protocol, based on our previous work, that provides these properties (asynchronous recovery, minimal rollback) while reducing the timestamp size; and we prove that no protocol can provide these properties and have asymptotically smaller timestamps. 1.

The rapidly changing and expanding electronic environment is fundamentally different from anything mankind has previously experienced. The challenge of information surety is to assure that computation and information behave reasonably and predictably – despite malice, failure and human nature – in this hostile and dynamic environment. Addressing this challenge is urgent for national and economic security, but requires both the ability to express the necessary robustness properties for electronic objects, as well as the ability to develop technology to achieve these properties. This position paper expands on these problems, and presents some solution strategies. 1. The Problem An aphorism that we often need to repeat is “the electronic world is not the same as the physical world. ” Securely moving physical and paper-based processes into electronic settings requires understanding which behaviors and metaphors still apply—and which ones change. As more commerce and service applications migrate to the Internet, the lack of this understanding will lead to security and privacy weaknesses in these services. Future research needs to address this knowledge gap. Humanity has had millennia to develop an understanding of how paper works: what properties it possesses innately, what additional properties it needs (in order provide secure foundations for higher-level applications), and what controls

Increasing numbers of economic transactions are conducted through on-line auctions. Nevertheless, most current auction implementations fail to address important security concerns. In particular, most auction systems force buyers and sellers to trust the auctioneer; alternative secure systems are inflexible and have a high computational and/or communication overhead. To overcome

There is a tremendous demand to electronically buy and sell goods over networks. This field is called electronic commerce, and it has inspired a large variety of work. Unfortunately, much of this activity ignores traditional transaction processing concerns — chiefly atomicity. This paper discusses the role of atomicity in electronic commerce, pointing out various atomic flaws. Special attention is given to the atomicity problems of digital money proposals. Two examples of highly atomic electronic commerce systems, NetBill and cryptographic postage indicia, are presented. ELECTRONIC COMMERCE If you regularly use the World Wide Web, you have probably noticed that much of the information on it is worth what you pay for it. To improve the quality of available electronic information, we must create mechanisms to conveniently compensate the creators and owners of network information. If we want to put the Library of Congress online, we will first have to find a way to compensate copyright owners. Electronic commerce is an attempt to address such problems. The idea is to build mechanisms that make it simple to buy and sell goods online. These mechanisms have attracted significant interest. Besides enabling a new type of commerce, they appear to offer a variety of benefits, including increasing the range of information readily available to most people, 32 n W making automatic search and retrieval of that information easy, and reducing costs by simplifying or eliminating human involvement in processing and fulfilling orders. Here is one indicator of the excitement over electronic commerce: The June 12, 1995, issue of Business Week includes the following projection of the role of electronic commerce. This projection is probably overly optimistic, but it is a sign that electronic commerce is being taken seriously in some quarters.