Abstract
The goal of the Computer Architecture for Secure Systems (CASS) project [1] is to develop an architecture and tools to ensure the security and integrity of software in distributed systems. CASS makes use of various cryptographic techniques at the operating system kernel level to authenticate software integrity. The CASS shell, the work described in this paper, is on the other hand a secure shell implemented on top of UNIX1 System V Release 4.2 (UNIX SVR4.2) to achieve the same purpose but in an operating system independent manner. The CASS shell carries out cryptographic authentication of executable files based on the MD5 Message-Digest algorithm [2] and presents a closed computing environment in which system utilities are safeguarded against unauthorised alteration and users are prevented from executing unsafe commands. In order to provide cryptographic authentication and other cryptographic functions such as public-key based signatures, in hardware, the work has also involved the incorporation of an encryption hardware sub-system into SVR4.2 operating on an Intel 80×86 hardware platform. The paper describes the structure and features of the CASS shell and the development and performance of both the hardware and software implementations of the cryptographic functions it uses.
Preview
Unable to display preview. Download preview PDF.
References
Mohay, G., Caelli, W., Gough, K.J., Holford, J., Low, G. CASS — Computer Architecture for Secure Systems, ACSC 16, Australian Computer Science Conference, Feb 3–5, 1993. Griffith University, Brisbane, Australia.
Rivest, R. The MD5 Message-Digest Algorithm, Technical Report, Internet, April 1992. RFC #1321.
Curry, D.A. UNIX System Security Addison-Wesley, Reading, MA, 1992.
ERACOM Pty. Ltd., Burleigh Heads, Queensland 4220, Australia.
Smid, M.E. and Branstad, D.K., The Data Encryption Standard: Past and Future, Proceedings of the IEEE, vol. 76, no. 5, May 1988, pp 550–559.
ANSI X9.9 (Revised) American National Standard for Financial Institution Message Authentication (Wholesale) American Bankers Institution, 1986
Rivest, R.L., Shamir, A. and Adleman, L., A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, Vol. 21, No. 2, Feb 1978, pp 120–126.
Farrow, R. UNIX System Security Addison-Wesley, Reading, MA, 1991
Garfinkel, S. and Spafford, G. Practical UNIX Security O'Reilly & Associates, Inc., Sebastopol, CA, 1991
Plum, C. Truly Random Numbers Dr. Dobb's Journal, November 1994, p.
Pugh, W. Skip-lists: A Probabalistic Alternative to Balanced Trees Communications of the ACM, Vol 33, No. 6, June 1990, p. 668–676, 1990
Downey, S, DES Pseudo Device STREAMS Driver Technical Report, Queensland University of Technology, November 1993.
ERACOM, Encryption Services Application Program Interface, ERACOM Pty Ltd, Burleigh Heads, Queensland, Australia, 903-33-00 Rev B3 edition, May 1994.
ERACOM, RSA Encryption Services Application Program Interface, ERACOM Pty Ltd, Burleigh Heads, Queensland, Australia, 909-33-00 edition, February 1994.
Pajari, G, Writing Unix Device Drivers, Addison-Wesley, Third Ed., 1992.
Unix Press, Device Driver Interface/Driver-Kernel Interface Reference Manual (Intel Processors), Prentice-Hall, Englewood Cliffs, New Jersey, September 1992.
Linn, J, Internet RFC 1508, Geer Zolot Associates, Sept 1993.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mohay, G., Morarji, H., Le-Viet, Q., Munday, L., Caelli, W. (1996). The CASS shell. In: Dawson, E., Golić, J. (eds) Cryptography: Policy and Algorithms. CPA 1995. Lecture Notes in Computer Science, vol 1029. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0032369
Download citation
DOI: https://doi.org/10.1007/BFb0032369
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60759-5
Online ISBN: 978-3-540-49363-1
eBook Packages: Springer Book Archive