Linking remote attestation to secure tunnel endpoints
Proceedings of the first ACM workshop on Scalable trusted computing
Managing the risk of covert information flows in virtual machine systems
Proceedings of the 12th ACM symposium on Access control models and technologies
PEI models towards scalable, usable and high-assurance information sharing
Proceedings of the 12th ACM symposium on Access control models and technologies
Chinese-wall process confinement for practical distributed coalitions
Proceedings of the 12th ACM symposium on Access control models and technologies
A layered approach to simplified access control in virtualized systems
ACM SIGOPS Operating Systems Review
TVDc: managing security in the trusted virtual datacenter
ACM SIGOPS Operating Systems Review
Securing distributed systems with information flow control
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
NetAuth: supporting user-based network services
SS'08 Proceedings of the 17th conference on Security symposium
Securing elastic applications on mobile devices for cloud computing
Proceedings of the 2009 ACM workshop on Cloud computing security
Security for the cloud infrastructure: trusted virtual data center implementation
IBM Journal of Research and Development
Attestation of integrity of overlay networks
Journal of Systems Architecture: the EUROMICRO Journal
Managing critical infrastructures through virtual network communities
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Trust extension for commodity computers
Communications of the ACM
PIGA-Virt: an advanced distributed MAC protection of virtual systems
Euro-Par'11 Proceedings of the 2011 international conference on Parallel Processing - Volume 2
Policy-sealed data: a new abstraction for building trusted cloud services
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Lightweight distributed heterogeneous attested android clouds
TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing
Enhancing grid security using trusted virtualization
ATC'07 Proceedings of the 4th international conference on Autonomic and Trusted Computing
| Hi-index | 0.02 |
We define and demonstrate an approach to securing dis- tributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies across a distributed set of machines. The Shamon enables local reference monitor guarantees to be attained for a set of reference monitors on these machines. We im- plement a prototype system on the Xen hypervisor with a trusted MAC virtual machine built on Linux 2.6 whose reference monitor design requires only 13 authorization checks, only 5 of which apply to normal processing (others are for policy setup). We show that, through our architec- ture, distributed computations can be protected and con- trolled coherently across all the machines involved in the computation.