Virtual private services: Coordinated policy enforcement for distributed applications

International Journal of Network Security

Volumn 4, Issue 1, 2007, Pages 69-80

  Ioannidis, Sotiris ^a   Bellovin, Steven M ^b   Ioannidis, John ^b   Keromytis, Angelos D ^b   Anagnostakis, Kostas ^c   Smith, Jonathan M ^d  

^a Stevens Institute of Technology   (United States)

^b Department of Earth and Environmental Sciences   (United States)

^c INSTITUTE FOR INFOCOMM RESEARCH   (Singapore)

^d ICIS Dept   (United States)

Author keywords

Distributed access control; Security policy; Trust management

Indexed keywords

COMPUTATIONAL ELEMENTS; DISTRIBUTED ACCESS CONTROLS; DISTRIBUTED APPLICATIONS; LARGE-SCALE DISTRIBUTED APPLICATIONS; POLICY ENFORCEMENT POINTS; SECURITY AND PRIVACY; SECURITY POLICY; TRUST MANAGEMENT;

ACCESS CONTROL; COMPLEX NETWORKS; SECURITY SYSTEMS;

DISTRIBUTED COMPUTER SYSTEMS;

EID: 56649125033     PISSN: 1816353X     EISSN: 18163548     Source Type: Journal    
DOI: None     Document Type: Article

References (55)

1. A. Acharya and M. Raje, "Mapbox: Using parame-terized behavior classes to confine applications," in Proceedings of the 2000 USENIX Security Sympo-sium, pp. 1-17, Denver, CO, Aug. 2000.
2. A. Alexandrov, P. Kmiec, and K. Schauser, "Consh: A confined execution environment for internet com-putations," available at http://www.cs.ucsb.edu/,berto/papers/99-usenix-consh.ps, Dec. 1998.
3. R. Balzer and N. Goldman, "Mediating connectors: A non-bypassable process wrapping technology," in Proceeding of the 19th IEEE International Confer-ence on Distributed Computing Systems, pp. 73-77, June 1999.
4. Y. Bartal, A. Mayer, K. Nissim, and A. Wool, "Fir-mato: A novel firewall management toolkit," in Pro-ceedings of IEEE Computer Society Symposium on Security and Privacy, pp. 17-31, 1999.
5. S. M. Bellovin, "Distributed firewalls," Login: Mag-azine, special issue on security, Nov. 1999.
6. A. Berman, V. Bourassa, and E. Selberg, "TRON: Process-specific file protection for the UNIX oper-ating system," in Proceedings of the USENIX 1995 Technical Conference, pp. 165-175, New Orleans, Louisiana, Jan. 1995.
7. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. Keromytis, "The role of trust management in dis-tributed systems security," in Secure Internet Pro-gramming, LNCS 1603, pp. 185-210, Springer-Verlag, New York, NY, USA, 1999.
8. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. D. Keromytis, The KeyNote Trust Management System Version 2, RFC 2704, Sep. 1999.
9. W. R. Cheswick and S. M. Bellovin, Firewalls and In-ternet Security: Repelling the Wily Hacker, Addison-Wesley, 1994.
10. C. Cowan, S. Beattie, C. Pu, P.Wagle, and V. Gligor, "SubDomain: Parsimonious security for server appli-ances," in Proceedings of the 14th USENIX System Administration Conference (LISA 2000), pp. 341-354, Mar. 2000.
11. H. Custer, Inside Windows NT, Microsoft Press, 1993.
12. H. Custer, Inside the Windows NT File System, Mi-crosoft Press, 1994.
13. T. Fraser, L. Badger, and M. Feldman, "Hardening COTS software with generic software wrappers," in Proceedings of the IEEE Symposium on Security and Privacy, pp. 2-16, Oakland, CA, May 1999.
14. D. P. Ghormley, D. Petrou, S. H. Rodrigues, and T. E. Anderson, "SLIC: An extensibility system for commodity operating systems," in Proceedings of the 1998 USENIX Annual Technical Conference, pp. 39-52, June 1998.
15. I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer, "A secure environment for untrusted helper applications," in Procedings of the 1996 USENIX An-nual Technical Conference, pp. 1-13, 1996.
16. L. Gong, Inside Java 2 Platform Security, Addison-Wesley, 1999.
17. J. Gosling, B. Joy, and G. Steele, The Java Language Specification, Addison Wesley, Reading, 1996.
18. M. Greenwald, S. K. Singhal, J. R. Stone, and D. R. Cheriton, "Designing an academic firewall. Policy, practice and experience with SURF," in Proceedings of Network and Distributed System Security Sympo-sium (NDSS), pp. 79-91, Feb. 1996.
19. N. Hardy, "The KeyKOS architecture," in Operating Systems Review, pp. 8-25, Oct. 1985.
20. A. Herzberg, Y. Mass, J. Michaeli, D. Naor, and Y. Ravid, "Access control meets public key infras-tructure, or: Assigning roles to strangers," in Pro-ceedings of IEEE Symposium on Security and Pri-vacy, pp. 2-14, Apr. 2000.
21. M. Hicks, P. Kakkar, J. T. Moore, C. A. Gunter, and S. Nettles, PLAN: A Programming Language for Ac-tive Networks, Technical Report MS-CIS-98-25, De-partment of Computer and Information Science, Uni-versity of Pennsylvania, Feb. 1998.
22. S. Ioannidis, S. Bellovin, and J. M. Smith, "Sub-operating systems: A new approach to application security," in Proceedings of 10th SIGOPS European Workshop, pp. 108-115, Sept. 2002.
23. S. Ioannidis, A. D. Keromytis, S. M. Bellovin, and J. M. Smith, "Implementing a distributed firewall," in Proceedings of Computer and Communications Secu-rity (CCS) 2000, pp. 190-199, Nov. 2000.
24. S. Ioannidis and S. M. Bellovin, "Building a se-cure browser," in Proceedings of the Annual USENIX Technical Conference, Freenix Track, pp. 127V134, June 2001.
25. S. Ioannidis, S. M. Bellovin, J. Ioannidis, A. D. Keromytis, and J. M. Smith, "Design and imple-mentation of virtual private services," in Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enter-prises (WETICE), Workshop on Enterprise Secu-rity, Special Session on Trust Management in Collab-orative Global Computing, pp. 269-274, June 2003.
26. A. Koenig, "Automatic software distribution," in USENIX Conference Proceedings, pp. 312-322, Salt Lake City, UT, Summer 1984.
27. X. Leroy, Le système Caml Special Light: modules et compilation efficace en Caml, Research report 2721, INRIA, Nov. 1995.
28. R. Levin, E. Cohen, W. Corwin, and W. Wulf, "Pol-icy/mechanism separatino in hydra," in Proceedings of the 5th ACM Symposium on Operating Systems Principles, pp. 132-140, Nov. 1975.
29. J. Y. Levy, L. Demailly, J. K. Ousterhout, and B. B. Welch, "The safe-tcl security model, in USENIX 1998 Annual Technical Conference, pp. 217-229, New Orleans, Louisiana, June 1998.
30. D. Mazieres and M. F. Kaashoek, "Secure applica-tions need flexible operating systems," in The 6th Workshop on Hot Topics in Operating Systems, pp. 56-61, May 1997.
31. P. McDaniel and A. Prakash, "Methods and lim-itations of security policy reconciliation, in 2002 IEEE Symposium on Security and Privacy, pp. 73-87, IEEE, Oakland, CA, May 2002.
32. G. McGraw and E. W. Felten, Java Security: Hostile Applets, Holes and Antidotes, Wiley, New York, NY, 1997.
33. B. McKenney, D. Woycke, and W. Lazear, "A net-work of firewalls: An implementation example," in Proceedings of the 11th Anual Computer Security Ap-plications Conference (ACSAC), pp. 3-13, Dec. 1995.
34. T. Mitchem, R. Lu, and R. O'Brien, "Using kernel hypervisors to secure applications," in Proceedings of the Annual Computer Security Applications Confer-ence, pp. 175-181, Dec. 1997.
35. J. C. Mogul, "Simple and flexible datagram access controls for UNIX-based gateways," in Proceedings of the USENIX Summer 1989 Conference, pp. 203-221, 1989.
36. G. C. Necula and P. Lee, "Safe, untrusted agents us-ing proof-carrying code," in Special Issue on Mobile Agents, LNCS 1419, pp. 61-91, 1998.
37. D. Nessett and P. Humenn, "The multilayer firewall," in Proceeding of Network and Distributed System Se-curity Symposium (NDSS), pp. 13-27, Mar. 1998.
38. J. Nieh and M. S. Lam, "The design, implemen-tation and evaluation of SMART: A scheduler for mult imedia applications," in Proceedings of the 16th ACM Symposium on Operating Systems Principles, pp. 184-197, Oct. 1997.
39. V. S. Pai, P. Druschel, and W. Zwaenepoel, "Flash: An efficient and portable Web server, in Proceed-ings of the USENIX Annual Technical Conference, pp. 199-212, Aug. 1999.
40. S. A. Rajunas, N. Hardy, A. C. Bomberger, W. S. Frantz, and C. R. Landau, "Security in KeyKOS," in Proceedings of the 1986 IEEE Symposium on Se-curity and Privacy, pp. 78-85, Apr. 1986.
41. J. S. Shapiro, J. M. Smith, and D. J. Farber, "EROS: A fast capability system," in Proceedings of the 17th ACM Symposium on Operating Systems Principles, pp. 170-185, 1999.
42. D. L. Sherman, D. F. Sterne, L. Badger, S. L. Mur-phy, K. M. Walker, and S. A. Haghighat, "Control-ling network communication with domain and type enforcement," in Proceedings of the 18th National In-formation Systems Security Conference, pp. 211-220, Oct. 1995.
43. R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Anderson, and J. Lepreau, "The flask security ar-chitecture: System support for diverse security poli-cies," in Proceedings of the 2000 USENIX Security Symposium, pp. 123-139, Denver, CO, Aug. 2000.
44. J. Tardo and L. Valente, "Mobile agent security and telescript," in Proceedings of the 41st IEEE Com-puter Society Conference (COMPCON), pp. 58-63, Feb. 1996.
45. The KeyKOS Operating System, http://www.cis.upenn.edu/~KeyKOS/.
46. The OpenBSD Operating System, http://www.openbsd.org/.
47. M. Thompson, A. Essiari, and S. Mudumbai, "Certificate-based authorization policy in a PKI en-vironment," ACM Transaction on Information and System Security, vol. 6, no. 4, pp. 566-588, Nov. 2003.
48. M. Thompson, W. Johnston, S. Mudumbai, G. Hoo, K. Jackson, and A. Essiari, "Certificate-based access control for widely distributed resources," in Proceed-ings of the USENIX Security Symposium, pp. 215-228, Aug. 1999.
49. M. Thompson, S. Mudumbai, A. Essiari, and W. Chin, "Authorization policy in a PKI environ-ment,"in 1st Annual PKI Research Workshop, pp. 149-161, 2002.
50. R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Gra-ham, "Efficient software-Based fault isolation," in Proceedings of the 14th ACM Symposium on Operat-ing Systems Principles, pp. 203-216, Dec. 1993.
51. C. A. Waldspurger Weihl W.E. "Lottery scheduling: Flexible proportional-share resource management," in Proceedings of the First USENIX Symposium on Operating System Design and Imple-mentation, pp. 1-11, Nov. 1994.
52. K. M. Walker, D. F. Stern, L. Badger, K. A. Oosendorp, M. J. Petkac, and D. L. Sherman, "Con-fining root programs with domain and type enforce-ment," in Proceedings of the 1996 USENIX Security Symposium, pp. 21-36, July 1996.
53. D. S. Wallach, D. Balfanz, D. Dean, and E. W. Fel-ten, "Extensible security architectures for Java," in Proceedings of the 16th ACM Symposium on Operat-ing Systems Principles, pp. 116-128, Oct. 1997.
54. H. B. Wang, S. Jha, P. D. McDaniel, and M. Livny, "Security policy reconciliation in distributed com-puting environments," in IEEE 5th International Workshop on Policies for Distributed Systems and Networks, pp. 137, 2004.
55. W. Wulf, R. Levin, and P. Harbison, Hydra/C.mmp: An Experimental Computer System, McGraw-Hill, 1981.