Jump to Content

A Language-Based Approach to Secure Quorum Replication

Andrew C. Myers
Proceedings of the Ninth Workshop on Programming Languages and Analysis for Security (2014), pp. 27-39

Abstract

Quorum replication is an important technique for building distributed systems because it can simultaneously improve both the integrity and availability of computation and storage. Information flow control is a well-known method for enforcing the confidentiality and integrity of information. This paper demonstrates that these two techniques can be integrated to simultaneously enforce all three major security properties: confidentiality, integrity and availability. It presents a security-typed language with explicit language constructs for supporting secure quorum replication. The dependency analysis performed by the type system of the language provides a way to formally verify the end-to-end security assurance of complex replication schemes. We also contribute a new multilevel timestamp mechanism for synchronizing code and data replicas while controlling the side channels such mechanisms introduce.