||REX: Secure, modular remote execution through file descriptor passing
||Eric Peterson, Kevin Fu, David Mazieres, M. Frans Kaashoek
|LCS Document Number:
||Parallel and Distributed Operating Systems
|The ubiquitous SSH package has demonstrated the importance of
secure remote login and execution. This paper presents a new system,
REX, designed to provide remote login and execution in the context of
the SFS secure distributed file system. REX departs from traditional
remote login design and is built around two main mechanisms---file
descriptor passing and a user agent process.
File descriptor passing allows REX to be split into several
smaller pieces; privileged code can run as its own process to
provide enhanced security guarantees. REX also emulates secure file
descriptor passing over network connections, allowing users to build
extensions to REX outside of the core REX software.
REX uses and extends SFS's agent mechanism to provide a
transparent distributed computing environment to users. The
agent stores private keys, server nicknames, and other per-user
configuration state; REX makes the SFS agent available to programs
that it executes on remote machines.
We have an implementation of REX and demonstrate that its
flexibility does not come at the cost of performance. Initial REX
connections are comparable to those of SSH in speed, while subsequent
connections are much faster because REX exploits the SFS agent to
cache connection state to avoid costly public-key operations.
|To obtain this publication:
To purchase a printed copy of this publication please contact