Secure Sharing Between Untrusted Users In ATransparent Source Binary Deployment Model
Stc
Date: 2005-10-20
Time: 11:45
Room: BBL room 471
Speaker: Eelco Dolstra
Title: Secure Sharing Between Untrusted Users in a Transparent Source/Binary Deployment Model
Abstract
The Nix software deployment system is based on the paradigm of
transparent source/binary deployment: distributors deploy descriptors
that build components from source, while client machines can
transparently optimise such source builds by downloading pre-built
binaries from remote repositories. This model combines the simplicity
and flexibility of source deployment with the efficiency of binary
deployment. A desirable property is
sharing of components: if
multiple users install from the same source descriptors, ideally only one
remotely built binary should be installed. The problem is that users
must trust that remotely downloaded binaries were built from the sources
they are claimed to have been built from, while users in general do not
have a trust relation with each other or with the same remote
repositories.
This paper presents three models that enable sharing: the
extensional model that requires that all users on a system have the same
remote trust relations, the
intensional model that does not have
this requirement but may be suboptimal in terms of space use, and the
mixed model that merges the best properties of both. The latter
two models are achieved through a novel technique of
hash rewriting
in content-addressable component stores, and were implemented in the
context of the Nix system.
This is a paper to be presented at ASE-2005
(
http://www.ase-conference.org/)
