Browse Prior Art Database

High Integrity Distributed Configuration Management

IP.com Disclosure Number: IPCOM000113674D
Original Publication Date: 1994-Sep-01
Included in the Prior Art Database: 2005-Mar-27
Document File: 6 page(s) / 219K

Publishing Venue

IBM

Related People

Moore, JW: AUTHOR

Abstract

Disclosed is the application of encryption techniques to improve the integrity of Configuration Management (CM) process when implemented on a distributed system.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 28% of the total text.

High Integrity Distributed Configuration Management

      Disclosed is the application of encryption techniques to
improve the integrity of Configuration Management (CM) process when
implemented on a distributed system.

      Configuration management involves the unique assignment of
identifiers (IDs) to designate software components.  Identifiers must
be unique so that software systems can be partially or completely
rebuilt from a list of IDs with a high degree of assurance that the
constituent components are identical with those of a prior build.  In
a centralized system, this discipline is normally enforced by a set
of administrative procedures.  Such methods suffice because the files
containing the components are within the control of the group
performing the administration.  In a distributed system, it is
possible, even likely, that different administrative groups are
responsible for CM on the different nodes.  In such a situation, it
is necessary for the receiver of a component on one node to be able
to assure that sound configuration management practices are being
followed on the node from which the component was obtained.

      The disclosed method uses encryption techniques to ensure that
the contents of a component are not altered subsequent to the time
when it is associated with its ID.

      In the discussion which follows, it should be noted that the
term "adversary" describes not only the rare, hostile individual who
desires to actually damage a system, but also the well- intentioned
individual who desires to short-cut administrative procedures in
order to accelerate completion of a task.  Incompetent individuals
are also adversaries in this sense.

      The discussion also refers to "senders" and "receivers".  The
sending node is the node where a desired component originates and is
stored awaiting requests from others.  The receiving node is the one
where a software system incorporating the desired component will be
built.  In the general case, building a software system involves one
receiver and many senders.

The sender in a distributed CM system should follow CM policies that:
  o  Associate a unique ID with each available component.
  o  Assign a new ID if the component is changed.

The receiver in a distributed CM system should:
  o  Be able to verify that the received (or previously received and
     stored) component is the appropriate one for the ID and has not
     been modified either before or after transmission.
  o  Be able to verify that the sending node has followed the
policies
     listed above with respect to any particular received component.

      Ideally, the mechanism would operate in a manner which
encouraged the receiving node to actually perform the described
verifications as a routine part of its normal conduct of business.

      The key idea in accomplishing the vendor's responsibilities in
a verifiable fashion is to generate IDs whose valu...