LCS Publication Details
Publication Title: REX: Secure, modular remote execution through file descriptor passing
Publication Author: Kaminsky, Michael
Additional Authors: Eric Peterson, Kevin Fu, David Mazieres, M. Frans Kaashoek
LCS Document Number: MIT-LCS-TR-884
Publication Date: 1-31-2003
LCS Group: Parallel and Distributed Operating Systems
Additional URL:
Abstract:
The ubiquitous SSH package has demonstrated the importance of secure remote login and execution. This paper presents a new system, REX, designed to provide remote login and execution in the context of the SFS secure distributed file system. REX departs from traditional remote login design and is built around two main mechanisms---file descriptor passing and a user agent process. File descriptor passing allows REX to be split into several smaller pieces; privileged code can run as its own process to provide enhanced security guarantees. REX also emulates secure file descriptor passing over network connections, allowing users to build extensions to REX outside of the core REX software. REX uses and extends SFS's agent mechanism to provide a transparent distributed computing environment to users. The agent stores private keys, server nicknames, and other per-user configuration state; REX makes the SFS agent available to programs that it executes on remote machines. We have an implementation of REX and demonstrate that its flexibility does not come at the cost of performance. Initial REX connections are comparable to those of SSH in speed, while subsequent connections are much faster because REX exploits the SFS agent to cache connection state to avoid costly public-key operations.
To obtain this publication:

To purchase a printed copy of this publication please contact MIT Document Services.