Show simple item record

dc.contributor.advisorSrinivas Devadas.en_US
dc.contributor.authorClarke, Dwaine E. (Dwaine Errol), 1976-en_US
dc.contributor.otherMassachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.en_US
dc.date.accessioned2006-08-25T18:58:15Z
dc.date.available2006-08-25T18:58:15Z
dc.date.copyright2005en_US
dc.date.issued2005en_US
dc.identifier.urihttp://hdl.handle.net/1721.1/33936
dc.descriptionThesis (Ph.D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.en_US
dc.descriptionIncludes bibliographical references (leaves 137-140).en_US
dc.description.abstractWe present a trace-hash scheme and an adaptive tree-trace scheme to improve the performance of checking the integrity of arbitrarily-large untrusted data, when using only a small fixed-sized trusted state. Currently, hash trees are used to check the data. In many systems that use hash trees, programs perform many data operations before performing a critical operation that exports a result outside of the program's execution environment. The trace-hash and adaptive tree-trace schemes check sequences of data operations. For each of the schemes, for all programs, as the average number of times the program accesses data between critical operations increases, the scheme's bandwidth overhead approaches a constant bandwidth overhead. The trace-hash scheme, intuitively, maintains a "write trace" and a "read trace" of the write and read operations on the untrusted data. At runtime, the traces are updated with a minimal constant-sized bandwidth overhead so that the integrity of a sequence of data operations can be verified at a later time. To maintain the traces in a small fixed-sized trusted space, we introduce a new cryptographic tool, incremental multiset hash functions, to update the traces. To check a sequence of operations, a separate integrity-check operation is performed using the traces.en_US
dc.description.abstract(cont.) The integrity-check operation is performed whenever the program executes a critical operation: a critical operation acts as a signal indicating when it is necessary to perform the integrity-check operation. When sequences of operations are checked, the trace-hash scheme significantly outperforms the hash tree. Though the trace-hash scheme does not incur the logarithmic bandwidth overhead of the hash tree, its integrity-check operation needs to read all of the data that was used since the beginning of the program's execution. When critical operations occur infrequently, the amortized cost over the number of data operations performed of the integrity-check operation is small and the trace-hash scheme performs very well. However, when critical operations occur frequently, the amortized cost of the integrity-check operation becomes prohibitively large; in this case, the performance of the trace-hash scheme is not good and is much worse than that of the hash tree. Thus, though the trace-hash scheme performs very well when checks are infrequent, it cannot be widely-used because its performance is poor when checks are more frequent. To this end, we also introduce an adaptive tree-trace scheme to optimize the trace-hash scheme and to capture the best features of both the hash tree and trace-hash schemes.en_US
dc.description.abstract(cont.) The adaptive tree-trace scheme has three features. Firstly, the scheme is adaptive, allowing programs to benefit from its features without any program modification. Secondly, for all programs, the scheme's bandwidth overhead is guaranteed never to be worse than a parameterizable worst-case bound, expressed relative to the bandwidth overhead of the hash tree if the hash tree had been used to check the integrity of the data. Finally, for all programs, as the average number times the program accesses data between critical operations increases, the scheme's bandwidth overhead moves from a logarithmic to a constant bandwidth overhead.en_US
dc.description.statementofresponsibilityby Dwaine E. Clarke.en_US
dc.format.extent140 leavesen_US
dc.format.extent7814856 bytes
dc.format.extent7820710 bytes
dc.format.mimetypeapplication/pdf
dc.format.mimetypeapplication/pdf
dc.language.isoengen_US
dc.publisherMassachusetts Institute of Technologyen_US
dc.rightsM.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission.en_US
dc.rights.urihttp://dspace.mit.edu/handle/1721.1/7582
dc.subjectElectrical Engineering and Computer Science.en_US
dc.titleTowards constant bandwidth overhead integrity checking of untrusted dataen_US
dc.typeThesisen_US
dc.description.degreePh.D.en_US
dc.contributor.departmentMassachusetts Institute of Technology. Dept. of Electrical Engineering and Computer Science.en_US
dc.identifier.oclc67549540en_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record