End-to-end arguments in system design

@article{Saltzer1984EndtoendAI,
  title={End-to-end arguments in system design},
  author={Jerome H. Saltzer and David P. Reed and David D. Clark},
  journal={ACM Trans. Comput. Syst.},
  year={1984},
  volume={2},
  pages={277-288}
}
This paper presents a design principle that helps guide placement of functions among the modules of a distributed computer system. The principle, called the end-to-end argument, suggests that functions placed at low levels of a system may be redundant or of little value when compared with the cost of providing them at that low level. Examples discussed in the paper include bit error recovery, security using encryption, duplicate message suppression, recovery from system crashes, and delivery… 
A critical review of "End-to-end arguments in system design"
  • T. Moors
  • Computer Science
    2002 IEEE International Conference on Communications. Conference Proceedings. ICC 2002 (Cat. No.02CH37333)
  • 2002
TLDR
The importance of trust as a criterion for deciding whether to implement a function locally or end-to-end, and how end- to-end implementations can help robustness, scalability, ease of deployment, and the provision of appropriate services are shown.
Subtransport Level: The Right Place for End-to-End Security Mechanisms
TLDR
A model of communication security and a subtransport-level protocol called ADP the Authenticated Datagram Protocol, which provides end-to-end authentication and privacy consistently with the definitions of the model and some experimental results from the measurement of a prototype of ADP confirm the expected performance benefits of this approach.
The end of end-to-end security? [Internet security]
  • S. Bradner
  • Computer Science
    IEEE Security & Privacy
  • 2006
TLDR
This paper explains both the dynamic generative effect of the Internet and its security issues.
Fault isolation with intermediate checks of end-to-end checksums in the Time-Triggered System-on-Chip Architecture
This paper deploys end-to-end message checksums for error detection in the Time-Triggered System-on-Chip Architecture (TTSoCA). The end-to-end checksums are not only checked at the end, but also
End-to-end Integrity for File-System Data
TLDR
M INIX 3’s failureresilience mechanisms are extended with guarantees for detecting data corruption and recovering lost data in the event of single block-device driver failures, based on a flexible filter driver that transparently interposes upon all file system requests.
Patterns for building dependable systems with trusted bases
TLDR
Two instances of trusted bases are described: the end-to-end check, which localizes the correctness checking of a computation to end points of a system, and the trusted kernel, which ensures the safety of a set of resources with a small core of a systems.
Active Networking and End-To-End Arguments*
TLDR
This note comments on a current design controversy that can be framed partly in terms of end-to-end arguments, where programmability can be seen as a means to defer design choices upwards in the layering, closer to the application, and later in time, even though the resulting functions may actually take place deep inside the network.
End-to-end security in active networks
TLDR
The design and analysis of three protocols that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks are described; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients are described.
Design Principles and Guidelines for Security
TLDR
It was found that some of the early design principles required re-examination due to, for example, advances in performance and extensibility as well as the effects of various new technologies.
Rethinking Operating System Interfaces to Support Robust Network Applications
TLDR
Ethos eases the burden on application programmers and system administrators by providing more abstract interfaces and reducing code duplication, and provides a number of security properties unavailable in other systems.
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 37 REFERENCES
ENCRYPTION-BASED PROTECTION PROTOCOLS FOR INTERACTIVE USER-COMPUTER COMMUNICATION
TLDR
This thesis develops a complete set of protocols, which utilize a block cipher, e.g., the NBS data encryption standard, for protection interactive user-computer communication over physically unsecured channels, and discusses the results of a test implementation of the modules on Multics.
Backup and Recovery of On-Line Information in a Computer Utility
TLDR
The design of the backup mechanism presented in this thesis is based upon an existing backup mechanism contained in the Multics system, which lessens overhead, drastically reduces recovery time from system failures, eliminates the need to interrupt system operation for backup purposes, and scales up significantly better with on-line storage growth.
Crash Recovery in a Distributed Data Storage System
An algorithm is described which guarantees reliable storage of data in a distributed system, even when different portions of the data base, stored on separate machines, are updated as part of a
An open operating system for a single-user machine
TLDR
The file system and modularization of a single-user operating system are described, which establishes no sharp boundary between itself and the user's programs, and the techniques used to make the system robust.
Notes on Data Base Operating Systems
  • J. Gray
  • Computer Science
    Advanced Course: Operating Systems
  • 1978
TLDR
This paper is a compendium of data base management operating systems folklore and focuses on particular issues unique to the transaction management component especially locking and recovery.
Implementing atomic actions on decentralized data
TLDR
A mechanism that solves both problems of synchronization of accesses to shared data and recovering the state of such data in the case of failures simultaneously in a way that is compatible with requirements of decentralized systems is described.
The Multics kernel design project
TLDR
It is concluded that verifiable operating system kernels may someday be feasible, even for the internal workings of an operating system, where many subtle intermodule dependencies were discovered and controlled.
Naming and synchronization in a decentralized computer system
TLDR
A new approach to the synchronization of accesses to shared data objects is developed, called NAMOS, which provides a useful tool for restoring a consistent state of the system after a failure resulting in irrecoverable loss of information or a user mistake resulting in an inconsistent state.
New directions in cryptography
TLDR
This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Using encryption for authentication in large networks of computers
Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of
...
1
2
3
4
...