Inside Windows NT
Firewalls and Internet security: repelling the wily hacker
Firewalls and Internet security: repelling the wily hacker
An analysis of security incidents on the Internet 1989-1995
An analysis of security incidents on the Internet 1989-1995
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Implementing a distributed firewall
Proceedings of the 7th ACM conference on Computer and communications security
Model-Based Tool-Assistance for Packet-Filter Design
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Policy/mechanism separation in Hydra
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
ACM SIGOPS Operating Systems Review
SubDomain: Parsimonious Server Security
LISA '00 Proceedings of the 14th USENIX conference on System administration
MAPbox: using parameterized behavior classes to confine untrusted applications
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Architecting the Lumeta firewall analyzer
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
TRON: process-specific file protection for the UNIX operating system
TCON'95 Proceedings of the USENIX 1995 Technical Conference Proceedings
Speculative Security Checks in Sandboxing Systems
IPDPS '05 Proceedings of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS'05) - Workshop 17 - Volume 18
Design and implementation of a secure wide-area object middleware
Computer Networks: The International Journal of Computer and Telecommunications Networking
Trusted virtual domains: toward secure distributed services
HotDep'05 Proceedings of the First conference on Hot topics in system dependability
Nephele: Scalable Access Control for Federated File Services
Journal of Grid Computing
Hi-index | 0.00 |
Large scale distributed applications such as electroniccommerce and online marketplaces combine network accesswith multiple storage and computational elements. Thedistributed responsibility for resource control creates newsecurity and privacy issues, which are exacerbated by thecomplexity of the operating environment. In order to handlepolicies at multiple locations, the usual tools available(firewalls and compartmented file storage) get to be used inways that are clumsy and prone to failure.We propose a new approach, virtual private services.Our approach relies on two functional divisions. First, wesplit policy specification and policy enforcement, providinglocal autonomy within the constraints of the global securitypolicy. Second, we create virtual security domains, eachwith its own security policy. Every domain has an associatedset of privileges and permissions restricting it to theresources it needs to use and the services it must perform.Virtual private services ensure security and privacy policiesare adhered to through coordinated policy enforcementpoints. We describe our architecture and a prototype implementation,and present a preliminary performance evaluationconfirming that our overhead of policy enforcementusing is small.