Regulating service access and information release on the Web
Proceedings of the 7th ACM conference on Computer and communications security
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Using encryption for authentication in large networks of computers
Communications of the ACM
Trust Management and Network Layer Security Protocols
Proceedings of the 7th International Workshop on Security Protocols
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Serverless network file systems
Serverless network file systems
Strongman: a scalable solution to trust management in networks
Strongman: a scalable solution to trust management in networks
Implementing internet key exchange (IKE)
ATEC '00 Proceedings of the annual conference on USENIX Annual Technical Conference
On context in authorization policy
Proceedings of the eighth ACM symposium on Access control models and technologies
Building an application-aware IPsec policy system
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Building an application-aware IPsec policy system
IEEE/ACM Transactions on Networking (TON)
Authorization in trust management: Features and foundations
ACM Computing Surveys (CSUR)
Towards a library of composable models to estimate the performance of security solutions
WOSP '08 Proceedings of the 7th international workshop on Software and performance
An IPSec Mediation Approach for Safe Establishment of Inter-domain VPNs
IPOM '09 Proceedings of the 9th IEEE International Workshop on IP Operations and Management
Experience with the keynote trust management system: applications and future directions
iTrust'03 Proceedings of the 1st international conference on Trust management
Enhancing trust in mobile enterprise networking
ACOS'06 Proceedings of the 5th WSEAS international conference on Applied computer science
Incentivizing responsible networking via introduction-based routing
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
An architectural framework for analyzing tradeoffs between software security and performance
ISARCS'10 Proceedings of the First international conference on Architecting Critical Systems
Proceedings of the 3rd international ACM SIGSOFT symposium on Architecting Critical Systems
Portable tunnel establishment with a strong authentication design for secure private cloud
Proceedings of the 2012 ACM Research in Applied Computation Symposium
Robust and flexible tunnel management for secure private cloud
ACM SIGAPP Applied Computing Review
Hi-index | 0.00 |
IPsec is the standard suite of protocols for network-layer confidentiality and authentication of Internet traffic. The IPsec protocols, however, do not address the policies for how protected traffic should be handled at security end points. This article introduces an efficient policy management scheme for IPsec, based on the principles of trust management. A compliance check is added to the IPsec architecture that tests packet filters proposed when new security associations are created for conformance with the local security policy, based on credentials presented by the peer host. Security policies and credentials can be quite sophisticated (and specified in the trust-management language), while still allowing very efficient packet-filtering for the actual IPsec traffic. We present a practical portable implementation of this design, based on the KeyNote trust-management language, that works with a variety of UNIX-based IPsec implementations. Finally, we discuss some applications of the enhanced IPsec architecture.