The CASS Shell
03 Jul 1995-pp 313-325
TL;DR: The structure and features of the CASS shell, a secure shell implemented on top of UNIX1 System V Release 4.2, and the development and performance of both the hardware and software implementations of the cryptographic functions it uses are described.
Abstract: The goal of the Computer Architecture for Secure Systems (CASS) project [1] is to develop an architecture and tools to ensure the security and integrity of software in distributed systems. CASS makes use of various cryptographic techniques at the operating system kernel level to authenticate software integrity. The CASS shell, the work described in this paper, is on the other hand a secure shell implemented on top of UNIX1 System V Release 4.2 (UNIX SVR4.2) to achieve the same purpose but in an operating system independent manner. The CASS shell carries out cryptographic authentication of executable files based on the MD5 Message-Digest algorithm [2] and presents a closed computing environment in which system utilities are safeguarded against unauthorised alteration and users are prevented from executing unsafe commands. In order to provide cryptographic authentication and other cryptographic functions such as public-key based signatures, in hardware, the work has also involved the incorporation of an encryption hardware sub-system into SVR4.2 operating on an Intel 80×86 hardware platform. The paper describes the structure and features of the CASS shell and the development and performance of both the hardware and software implementations of the cryptographic functions it uses.
Citations
More filters
08 Dec 1997
TL;DR: Three prototype implementations of the CASS architecture are described, two of these at the kernel level targetting UNIX SVR4.2 and the Mach 3.0 microkernel, with the third-for reasons of generality-involving the implementation of a specialised shell which is then portable across UNIX-style platforms in general.
Abstract: The verification of the authenticity of software by an executing host has become a vital security issue in recent years with the original postulation and subsequent evolution of computer viruses. The CASS (Computer Architecture for Secure Systems) project addresses this issue by incorporating integrity checking at the operating system level. This paper describes three prototype implementations of the architecture, two of these at the kernel level targetting UNIX SVR4.2 and the Mach 3.0 microkernel, with the third-for reasons of generality-involving the implementation of a specialised shell which is then portable across UNIX-style platforms in general. The paper focusses on a description of the former, viz. the kernel-based implementations, and examines the design and implementation issues which had to be addressed in achieving kernel-based integrity checking of executables for the two platforms.
19 citations
09 Sep 1997
TL;DR: The paper describes how the Modula-2 based development environment has been modified to provide the cryptographic seals required and exploited by the C ASS kernels and the CASS Shell software to provide integrity assurance.
Abstract: The work described in this paper refers to the CASS (Computer Architecture for Secure Systems) architecture previously reported by Mohay et al. (1993) which addresses the problem of software authenticity on two fronts. Three prototype implementations of that architecture have been developed, two of these at the kernel level targetting UNIX SVR4.2 and the Mach 3.0 Micro-Kernel, while the third-for reasons of generality-has involved the implementation of a specialised shell which is then portable across UNIX-style platforms in general. Before executing an applications program, these implementations verify the integrity of a program seal associated with the application. If verified, this provides assurance of program compliance with safety criteria previously checked and certified by our secure Modula-2 compiler and linker. The paper describes how our Modula-2 based development environment has been modified to provide the cryptographic seals required and exploited by the CASS kernels and the CASS Shell software to provide integrity assurance.
2 citations
Cites background or methods from "The CASS Shell"
...These Shells, as well as carrying out seal-based integrity checking, are specialised forms of restricted shell ([lo]) and provide considerable extra features over and above just the integrity checking ([ 3 ])....
[...]
...The more recent CASS Shell project on the other hand [ 3 ] implements the application integrity check via a secure shell implemented on top of existing operating systems so as to do so in an operating system independent manner....
[...]
References
More filters
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.
14,659 citations
"The CASS Shell" refers methods in this paper
...compatible PC AT and provides a variety of encryption services based on the Data Encryption Standard (DES) [5] and Rivest-Shamir-Adleman (RSA) [ 6 ] algorithms....
[...]
...The latter implements DES (Data Encryption Standard [5a]), ANSI X9.9 MAC [5b] and RSA (Rivest-Shamir-Adleman [ 6 ]) functions thus providing hardware based cryptographic authentication and public-key signature support for CASS....
[...]
Proceedings Article•
01 Apr 1992
TL;DR: This document describes the MD5 message-digest algorithm, which takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.
Abstract: This document describes the MD5 message-digest algorithm. The
algorithm takes as input a message of arbitrary length and produces as
output a 128-bit "fingerprint" or "message digest" of the input. This
memo provides information for the Internet community. It does not
specify an Internet standard.
3,514 citations
"The CASS Shell" refers methods in this paper
...If a program meets all these various security criteria, a certificate consisting of a signed message digest of the program based on the MD5 Message-Digest algorithm [ 2 ] is generated....
[...]
...The CASS shell carries out eryptographie authentication of executable files based on the MD5 Message-Digest algorithm [ 2 ] and presents a closed computing environment in which system utilities are safeguarded against unauthorised alteration and users are prevented from executing unsafe commands....
[...]
...The MD5 algorithm was developed by R. Rivest and has been published as Internet RFC #1321 with source code for an implementation [ 2 ]....
[...]
TL;DR: Skip lists as mentioned in this paper are data structures that use probabilistic balancing rather than strictly enforced balancing, and the algorithms for insertion and deletion in skip lists are much simpler and significantly faster than equivalent algorithms for balanced trees.
Abstract: Skip lists are data structures that use probabilistic balancing rather than strictly enforced balancing. As a result, the algorithms for insertion and deletion in skip lists are much simpler and significantly faster than equivalent algorithms for balanced trees.
1,113 citations
17 Aug 1989
TL;DR: This paper describes and analyzes skip lists and presents new techniques for analyzing probabilistic algorithms.
Abstract: Skip lists are a practical, probabilistic data structure that can be used in place of balanced trees. Algorithms for insertion and deletion in skip lists are much simpler and significantly faster than equivalent algorithms for balanced trees. This paper describes and analyzes skip lists and presents new techniques for analyzing probabilistic algorithms.
843 citations