| 摘要 |
With the widespread use of the distributed systems comes the need to secure such systems against a wide variety of threats. Recent security mechanisms are grossly inadequate in authenticating the program executions at the clients or servers, as the clients, servers and the executing programs themselves can be compromised after the clients and servers pass the authentication phase. A generic framework is provided for authenticating remote executions on a potentially untrusted remote server—essentially validating that what is executed at the server on behalf of the client is actually the intended program. Details of a prototype Linux implementation are also described, along with some optimization techniques for reducing the run-time overhead of the present scheme. The performance overhead of this technique varies generally from 7% to 24% for most benchmarks, as seen from the actual remote execution of SPEC benchmarks. |
