Security '02 Abstract
Access and Integrity Control in a Public-Access,
High-Assurance Configuration Management System
Jonathan S. Shapiro and John Vanderburgh, Systems Research Laboratory, Johns Hopkins University
OpenCM is a new configuration management system created to support high-assurance develop-ment
in open-source projects. Because OpenCM is designed as an open source tool, robust replica-tion
support is essential, and security requirements are somewhat unusual Ð preservation of access
is as important as prevention. Also, integrity preservation is a primary focus of the information
architecture. Because some of our supported development activities target high-assurance systems,
traceability and recovery from compromise are also vital concerns.
This paper describes the mechanisms used by OpenCM to meet these needs. While some of
the techniques used are particular to archival stores, others have potentially broader applications in
replication-based distributed systems.
- View the full text of this paper in PDF and
PostScript. Until August 2003, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.