Compartmented Mode Workstation: Prototype Highlights
IEEE Transactions on Software Engineering
Advanced programming in the UNIX environment
Advanced programming in the UNIX environment
Unified login with pluggable authentication modules (PAM)
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Proceedings of the 11th USENIX Security Symposium
Labels and event processes in the asbestos operating system
Proceedings of the twentieth ACM symposium on Operating systems principles
Building secure high-performance web services with OKWS
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privtrans: automatically partitioning programs for privilege separation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
SSH: secure login connections over the internet
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Some thoughts on security after ten years of qmail 1.0
Proceedings of the 2007 ACM workshop on Computer security architecture
NetAuth: supporting user-based network services
SS'08 Proceedings of the 17th conference on Security symposium
| Hi-index | 0.00 |
Network authentication, even when using libraries intended to simplify the task, is inordinately difficult. Separate libraries are used for cryptography, network authentication protocols, accessing stored authentication information, and verifying the identity of remote entities. In addition, service used must be authorized. Finally, privilege separation is needed to separate security sensitive, highly privileged operations from the remainder of the application. These tasks consume thousands of lines of application source code (not counting the security libraries on which they rely), and require much specialized security knowledge from the application programmer and system administrator. In this paper we present a simple toolkit called sshUbns which encapsulates all these tasks in an easy-to- use tool. We modified SSH to add in sshUbns (in addition to SSH's other modes) and implemented a new super-server called unetd. It reduces to a negligible level the amount of application server security code needed. This toolkit makes it easier to create secure networking code, reduces security specific knowledge needed by application programmers, and makes it easier for system administrators to protect and analyze their systems.