Abstract — Group communication systems are high-availability distributed systems providing reliable and ordered message delivery as well as a membership service, to group-oriented applications. Many such systems are built using a distributed client-server architecture where a relatively small set of servers provide service to numerous clients. In this work, we show how group communication systems can be enhanced with security services without sacrificing robustness and performance. More specifically, we propose several integrated security architectures for distributed client-server group communication systems. In an integrated architecture, security services are implemented in servers, in contrast to a layered architecture where the same services are implemented in clients. We discuss performance and accompanying trust issues of each proposed architecture and present experimental results that demonstrate the superior scalability of an integrated architecture.

Groupware applications require secure communication and group-management services. Participants in such applications may have divergent interests and may not fully trust each other. The services provided must then be designed to tolerate possibly misbehaving participants. Enclaves is a software framework for building such group applications. We discuss how the protocols used by Enclaves can be modified to guarantee proper service in the presence of nontrustworthy group members. We show how the improved protocol was formally specified and proven correct. 1.

The design of simple cryptographic protocols for elementary two-party (session oriented) tasks (such as entity authentication and key transport) has had a history (starting with [NS78]) where security has been quite evasive. Only recently, have we seen protocol designs, which are both provably secure and efficient. Currently, much attention of the designers of network systems and services is directed towards multi-party operations (multicast communication), which will enable efficient one-to-many distribution of content, group collaborative efforts, etc. over the Internet and Intranets [Be98]. Rather than designing each multicast oriented task from scratch, we suggest in this work a methodology which derives a design of multi-party (multicast) protocols from two-party (session) ones. The methodology, which we call secure protocol expansion, maintains the efficiency of the basic design and preserves provable security. It enables us to concentrate on and achieve efficient secure design...

An advantage of today’s high speed networks is the ability to support group communication. Applications that support group communication allow the free exchange of ideas and data in real time, regardless of the physical distance between the participants. Unfortunately, support for additional protocol features such as reliability, secrecy, and total ordering in the multicast context requires more bandwidth and greater complexity than in traditional point-to-point communication. In this paper we describe a middleware software layer and associated API that attempts to minimize these requirements by providing multiple secure channels based on IP multicast within the same logical group. Named LSGC (lightweight secure group communication), the software provides the important features needed by a group application: reliable delivery, best-effort delivery, and security. In providing both reliable and unreliable channels, an application need pay only for the delivery assurances it needs. We conclude with a description of our implementation and supporting performance

Abstract not found

This report describes an architecture and implementation for doing group key management over a data communications network. The architecture describes a protocol for establishing a shared encryption key among an authenticated and authorized collection of network entities. Group access requires one or more authorization certificates. The implementation includes a simple public key and certificate infrastructure. Multicast is used for some of the key management messages. An application programming interface multiplexes key management and user application messages. An implementation using the new IP security protocols is postulated. The architecture is compared with other group key management proposals, and the performance and the limitations of the implementation are described. - v - 1. Introduction The Internet and private intranets are increasingly being used for business, government, and military communication. Information flowing over these networks often needs to be authenticated...

Abstract not found

A coalition provides a virtual space across a network that allows its members to interact in a transparent manner. Coalitions may be formed for a variety of purposes. These range from simple spaces used by individuals to share resources and exchange information, to highly structured environments in which businesses and applications operate and may be governed according to regulation and contract (security policy). Coalitions may spawn further coalitions and coalitions may come-together and/or merge. This paper describes a logic-based language that provides a foundation for coalition regulation and contract in a manner that avoids authorization subterfuge and has a number of novel features that make it applicable to open systems. The language provides inter- and intra- coalition delegation, including identity, role and threshold based delegation operations. The logic is used to describe a decentralized infrastructure for establishing and regulating these coalitions. Coalitions are formed with the involvement of founders, constructors and oversight. Constructors are responsible for properly creating a coalition; this service can be provided by a third party. If the service is improperly provided then the constructor is subject to a penalty, which may be collected by another third party providing oversight. 1

Significant strides have been made in achieving strong semantics and security guarantees within group communication and multicast systems. However, the scope of available security policies in these systems is often limited. In contrast, the applications that require the services provided by these systems can differ significantly in their security policy needs. Often application designers have to either make significant compromises in using a given group communication system or build their own customized solutions, an error-prone task. This paper presents Antigone, a framework that provides a suite of mechanisms from which flexible application security policies may be implemented. With Antigone, developers may choose a policy that best addresses their security and performance requirements of an application requiring group communication. We describe the Antigone's mechanisms, consisting of a set of micro-protocols, and show how different security policies can be implemented usin...

Abstract: Following the introduction of platform-based products, especially considering that platforms are used for multiple brands, there is certainly a growing need for system engineering processes and techniques. This is further emphasized by the fact that companies faced with collaborative platform development frequently need to harmonize often opposing claims from stakeholders with different backgrounds, beliefs, desires and intentions. A core strategy for using resources (e.g., work-hours, knowledge, and production systems) better and more flexibly is to involve suppliers earlier in the development cycle. From this perspective, well-designed and efficiently managed supplier integration is a huge competitive advantage. Supplier integration may range from component design and manufacture to full responsibility for the design of complex distributed systems. The starting point for this work is the results from a previous study, made by the authors, in which a Swedish automotive company and one of its sub-suppliers were examined in order to identify communication barriers. This revealed several problems regarding supplier interaction and information management in projects where both suppliers and product owners contribute their