A secure directory service based on exclusive encryption
We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce...
Gespeichert in:
Hauptverfasser: | , , , , |
---|---|
Format: | Tagungsbericht |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | 182 |
---|---|
container_issue | |
container_start_page | 172 |
container_title | |
container_volume | |
creator | Douceur, J.R. Adya, A. Benaloh, J. Bolosky, W.J. Yuval, G. |
description | We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce Windows' baroque name syntax - including restrictions on allowable characters, on the terminal character, and on several specific names - we develop a cryptographic process, called "exclusive encryption," that inherently excludes syntactically illegal names and that enables the exclusion of case-insensitively duplicate names without access to their plaintext. This process excludes entire names by mapping the set of allowed strings to the set of all strings, excludes certain characters through an amended prefix encoding, excludes terminal characters through varying the prefix coding by character index, and supports case-insensitive comparison of names by extracting and encrypting case information separately. We also address the issues of hiding name-length information and access-authorization information, and we report a newly discovered problem with enforcing case-insensitive uniqueness for Unicode names. |
doi_str_mv | 10.1109/CSAC.2002.1176289 |
format | Conference Proceeding |
fullrecord | <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_1176289</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>1176289</ieee_id><sourcerecordid>1176289</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-ad3c131b5c6c95b033fd19184d3858363bd791f2e3f1bf52bbfc595dd484502b3</originalsourceid><addsrcrecordid>eNotj8lqwzAURUUHqJP2A0o3-gGnenrWtDSmEwS6aLsOlvQEKqkTZCfUf99As7qcszhwGbsHsQIQ7rH7aLuVFEKe0Ghp3QWrpDK6diDwki2E0U6BlRauWAVCY-2UNDdsMY7fQoBzBipmWz5SOBTiMRcK067MJ1GOORD3_UiR7wZOv2F7GPOROA2hzPsp74Zbdp367Uh3512yr-enz-61Xr-_vHXtus5g1FT3EQMgeBV0cMoLxBTBgW0iWmVRo4_GQZKECXxS0vsUlFMxNrZRQnpcsof_biaizb7kn77Mm_Nj_AOk8EgI</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A secure directory service based on exclusive encryption</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Douceur, J.R. ; Adya, A. ; Benaloh, J. ; Bolosky, W.J. ; Yuval, G.</creator><creatorcontrib>Douceur, J.R. ; Adya, A. ; Benaloh, J. ; Bolosky, W.J. ; Yuval, G.</creatorcontrib><description>We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce Windows' baroque name syntax - including restrictions on allowable characters, on the terminal character, and on several specific names - we develop a cryptographic process, called "exclusive encryption," that inherently excludes syntactically illegal names and that enables the exclusion of case-insensitively duplicate names without access to their plaintext. This process excludes entire names by mapping the set of allowed strings to the set of all strings, excludes certain characters through an amended prefix encoding, excludes terminal characters through varying the prefix coding by character index, and supports case-insensitive comparison of names by extracting and encrypting case information separately. We also address the issues of hiding name-length information and access-authorization information, and we report a newly discovered problem with enforcing case-insensitive uniqueness for Unicode names.</description><identifier>ISSN: 1063-9527</identifier><identifier>ISBN: 0769518281</identifier><identifier>ISBN: 9780769518282</identifier><identifier>EISSN: 2576-9103</identifier><identifier>DOI: 10.1109/CSAC.2002.1176289</identifier><language>eng</language><publisher>IEEE</publisher><subject>Access control ; Authorization ; Cryptography ; Data mining ; Data privacy ; Encoding ; File servers ; Law ; Legal factors ; Protection</subject><ispartof>18th Annual Computer Security Applications Conference, 2002. Proceedings, 2002, p.172-182</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/1176289$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2058,4050,4051,27925,54920</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/1176289$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Douceur, J.R.</creatorcontrib><creatorcontrib>Adya, A.</creatorcontrib><creatorcontrib>Benaloh, J.</creatorcontrib><creatorcontrib>Bolosky, W.J.</creatorcontrib><creatorcontrib>Yuval, G.</creatorcontrib><title>A secure directory service based on exclusive encryption</title><title>18th Annual Computer Security Applications Conference, 2002. Proceedings</title><addtitle>CSAC</addtitle><description>We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce Windows' baroque name syntax - including restrictions on allowable characters, on the terminal character, and on several specific names - we develop a cryptographic process, called "exclusive encryption," that inherently excludes syntactically illegal names and that enables the exclusion of case-insensitively duplicate names without access to their plaintext. This process excludes entire names by mapping the set of allowed strings to the set of all strings, excludes certain characters through an amended prefix encoding, excludes terminal characters through varying the prefix coding by character index, and supports case-insensitive comparison of names by extracting and encrypting case information separately. We also address the issues of hiding name-length information and access-authorization information, and we report a newly discovered problem with enforcing case-insensitive uniqueness for Unicode names.</description><subject>Access control</subject><subject>Authorization</subject><subject>Cryptography</subject><subject>Data mining</subject><subject>Data privacy</subject><subject>Encoding</subject><subject>File servers</subject><subject>Law</subject><subject>Legal factors</subject><subject>Protection</subject><issn>1063-9527</issn><issn>2576-9103</issn><isbn>0769518281</isbn><isbn>9780769518282</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2002</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><sourceid>RIE</sourceid><recordid>eNotj8lqwzAURUUHqJP2A0o3-gGnenrWtDSmEwS6aLsOlvQEKqkTZCfUf99As7qcszhwGbsHsQIQ7rH7aLuVFEKe0Ghp3QWrpDK6diDwki2E0U6BlRauWAVCY-2UNDdsMY7fQoBzBipmWz5SOBTiMRcK067MJ1GOORD3_UiR7wZOv2F7GPOROA2hzPsp74Zbdp367Uh3512yr-enz-61Xr-_vHXtus5g1FT3EQMgeBV0cMoLxBTBgW0iWmVRo4_GQZKECXxS0vsUlFMxNrZRQnpcsof_biaizb7kn77Mm_Nj_AOk8EgI</recordid><startdate>2002</startdate><enddate>2002</enddate><creator>Douceur, J.R.</creator><creator>Adya, A.</creator><creator>Benaloh, J.</creator><creator>Bolosky, W.J.</creator><creator>Yuval, G.</creator><general>IEEE</general><scope>6IE</scope><scope>6IL</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIL</scope></search><sort><creationdate>2002</creationdate><title>A secure directory service based on exclusive encryption</title><author>Douceur, J.R. ; Adya, A. ; Benaloh, J. ; Bolosky, W.J. ; Yuval, G.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-ad3c131b5c6c95b033fd19184d3858363bd791f2e3f1bf52bbfc595dd484502b3</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2002</creationdate><topic>Access control</topic><topic>Authorization</topic><topic>Cryptography</topic><topic>Data mining</topic><topic>Data privacy</topic><topic>Encoding</topic><topic>File servers</topic><topic>Law</topic><topic>Legal factors</topic><topic>Protection</topic><toplevel>online_resources</toplevel><creatorcontrib>Douceur, J.R.</creatorcontrib><creatorcontrib>Adya, A.</creatorcontrib><creatorcontrib>Benaloh, J.</creatorcontrib><creatorcontrib>Bolosky, W.J.</creatorcontrib><creatorcontrib>Yuval, G.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP All) 1998-Present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Douceur, J.R.</au><au>Adya, A.</au><au>Benaloh, J.</au><au>Bolosky, W.J.</au><au>Yuval, G.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A secure directory service based on exclusive encryption</atitle><btitle>18th Annual Computer Security Applications Conference, 2002. Proceedings</btitle><stitle>CSAC</stitle><date>2002</date><risdate>2002</risdate><spage>172</spage><epage>182</epage><pages>172-182</pages><issn>1063-9527</issn><eissn>2576-9103</eissn><isbn>0769518281</isbn><isbn>9780769518282</isbn><abstract>We describe the design of a Windows file-system directory service that ensures the persistence, integrity, privacy, syntactic legality, and case-insensitive uniqueness of the names it indexes. Byzantine state replication provides persistence and integrity, and encryption imparts privacy. To enforce Windows' baroque name syntax - including restrictions on allowable characters, on the terminal character, and on several specific names - we develop a cryptographic process, called "exclusive encryption," that inherently excludes syntactically illegal names and that enables the exclusion of case-insensitively duplicate names without access to their plaintext. This process excludes entire names by mapping the set of allowed strings to the set of all strings, excludes certain characters through an amended prefix encoding, excludes terminal characters through varying the prefix coding by character index, and supports case-insensitive comparison of names by extracting and encrypting case information separately. We also address the issues of hiding name-length information and access-authorization information, and we report a newly discovered problem with enforcing case-insensitive uniqueness for Unicode names.</abstract><pub>IEEE</pub><doi>10.1109/CSAC.2002.1176289</doi><tpages>11</tpages></addata></record> |
fulltext | fulltext_linktorsrc |
identifier | ISSN: 1063-9527 |
ispartof | 18th Annual Computer Security Applications Conference, 2002. Proceedings, 2002, p.172-182 |
issn | 1063-9527 2576-9103 |
language | eng |
recordid | cdi_ieee_primary_1176289 |
source | IEEE Electronic Library (IEL) Conference Proceedings |
subjects | Access control Authorization Cryptography Data mining Data privacy Encoding File servers Law Legal factors Protection |
title | A secure directory service based on exclusive encryption |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-24T02%3A42%3A53IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20secure%20directory%20service%20based%20on%20exclusive%20encryption&rft.btitle=18th%20Annual%20Computer%20Security%20Applications%20Conference,%202002.%20Proceedings&rft.au=Douceur,%20J.R.&rft.date=2002&rft.spage=172&rft.epage=182&rft.pages=172-182&rft.issn=1063-9527&rft.eissn=2576-9103&rft.isbn=0769518281&rft.isbn_list=9780769518282&rft_id=info:doi/10.1109/CSAC.2002.1176289&rft_dat=%3Cieee_6IE%3E1176289%3C/ieee_6IE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=1176289&rfr_iscdi=true |