J.-C. Fabre
Y. Deswarte
B. Randell
University of Newcastle upon Tyne. 1993
Security and reliability issues in distributed systems have been investigated for several years at LAAS using a technique called Fragmentation-Redundancy-Scattering (FRS). The aim of FRS is to tolerate both accidental and intentional faults: the core idea consists in fragmenting confidential information in order to produce insignificant fragments and then in scattering the fragments so obtained in a redundant fashion across a network of a large number of workstations. This technique has been applied to security management, to file storage and more recently to the processing of confidential information, so as to achieve a high degree of security as well as reliability. The main objective of this paper is an object-oriented approach to the design of FRS applications in which elementary objects (classes) are defined in such a way that the information in any given object, taken on its own, is not confidential. The approach involves fragmenting a confidential object using its composition structure, i.e., in terms of a hierarchy of sub-objects (the "is-part-of" relation of the object model). The fragmentation process continues until the resulting sub-objects are such as to be non-confidential. Replicas of non-confidential objects are then scattered among untrusted stations. An account is given of how this approach has been applied to the design and implementation of an electronic diary application on a fault-tolerant distributed system.