DeuTeRiuM - a system for distributed mandatory access control. (2006)

by J McCune, S Berger, R Caceres, T Jaeger, R Sailer
Results 1 - 8 of 8

Unified architecture for large-scale attested metering.

by Michael Lemay , George Gross , Carl A Gunter , Sanjam Garg - In Proceedings of the 40th Annual Hawaii International Conference on System Sciences, HICSS ’07, , 2007
"... Abstract We introduce a secure architecture called an attested meter for advanced metering that supports large-scale deployments, flexible configurations, and enhanced protection for consumer privacy and metering integrity. Our study starts with a threat analysis for advanced metering networks and ..."
Abstract - Cited by 22 (4 self) - Add to MetaCart
Abstract We introduce a secure architecture called an attested meter for advanced metering that supports large-scale deployments, flexible configurations, and enhanced protection for consumer privacy and metering integrity. Our study starts with a threat analysis for advanced metering networks and formulates protection requirements for those threats. The attested meter satisfies these through a unified set of system interfaces based on virtual machines and attestation for the software agents of various parties that use the meter. We argue that this combination provides a well-adapted architecture for advanced metering and we take a step towards demonstrating its feasibility with a prototype implementation based on the Trusted Platform Module (TPM) and Xen Virtual Machine Monitor (VMM). This is the first effort use virtual machines and attestation in an advanced meter.
(Show Context)

Enhancing grid security using trusted virtualization

by Hans Löhr, Harigovind V. Ramasamy, Ahmad-reza Sadeghi, Stefan Schulz, Matthias Schunter, Christian Stüble - In Second Workshop on Advances in Trusted Computing (WATC’06 , 2006
"... Abstract. Grid applications have increasingly sophisticated functional and security requirements. However, current techniques mostly protect only the resource provider from attacks by the user, while leaving the user comparatively dependent on the well-behavior of the resource provider. In this pape ..."
Abstract - Cited by 17 (0 self) - Add to MetaCart
Abstract. Grid applications have increasingly sophisticated functional and security requirements. However, current techniques mostly protect only the resource provider from attacks by the user, while leaving the user comparatively dependent on the well-behavior of the resource provider. In this paper, we take the first steps towards addressing the trust asymmetry by using a combination of trusted computing and virtualization technologies. We present the key components for a trustworthy grid architecture and propose an implementation. By providing multilateral security, i.e., security for both the grid user and the grid provider, our architecture increases the confidence that can be placed on the correctness of a grid computation and on the protection of user-provided assets. To maintain important scalability and performance aspects, our proposal aims to minimize overhead. To this end, we also propose a scalable offline attestation protocol, which allows selection of partners in the grid with minimal overhead.
(Show Context)

Shame on Trust in Distributed Systems

by Trent Jaeger, Patrick Mcdaniel, Luke St. Clair - In Proceedings of the First Workshop on Hot Topics in Security (HotSec ’06 , 2006
"... Approaches for building secure, distributed systems have fundamental limitations that prevent the construction of dynamic, Internet-scale systems. In this paper, we propose a concept of a shared reference monitor or Shamon that we ..."
Abstract - Cited by 5 (2 self) - Add to MetaCart
Approaches for building secure, distributed systems have fundamental limitations that prevent the construction of dynamic, Internet-scale systems. In this paper, we propose a concept of a shared reference monitor or Shamon that we
(Show Context)

Leveraging ipsec for mandatory perpacket access control

by Trent Jaeger, David H. King, Kevin R. Butler, Serge Hallyn, Joy Latten, Xiaolan Zhang - In Proceedings of the Second IEEE Communications Society/CreateNet International Conference on Security and Privacy in Communication Networks , 2006
"... Mandatory access control (MAC) enforcement is becoming available for commercial environments. For example, Linux 2.6 includes the Linux Security Modules (LSM) framework that enables the enforcement of MAC policies (e.g., Type Enforcement or Multi-Level Security) for individual systems. While this is ..."
Abstract - Cited by 4 (1 self) - Add to MetaCart
Mandatory access control (MAC) enforcement is becoming available for commercial environments. For example, Linux 2.6 includes the Linux Security Modules (LSM) framework that enables the enforcement of MAC policies (e.g., Type Enforcement or Multi-Level Security) for individual systems. While this is a start, we envision that MAC enforcement should span multiple machines. The goal is to be able to control interaction between applications on different machines based on MAC policy. In this paper, we describe a recent extension of the LSM framework that enables labeled network communication via IPsec that is now available in mainline Linux as of version 2.6.16. This functionality enables machines to control communication with processes on other machines based on the security label assigned to an IPsec security association. We outline a security architecture based on labeled IPsec to enable distributed MAC authorization. In particular, we examine the construction of a xinetd service that uses labeled IPsec to limit client access on Linux 2.6.16 systems. We also discuss the application of labeled IPsec to distributed storage and virtual machine access control. 1
(Show Context)

Enhancing Grid Security Using Trusted

by Hans Löhr, Harigovind V. Ramasamy, Ahmad-reza Sadeghi, Stefan Schulz, Matthias Schunter, Christian Stüble
"... Grid applications have increasingly sophisticated functional and security requirements. However, current techniques mostly protect only the resource provider from attacks by the user, while leaving the user comparatively dependent on the well-behavior of the resource provider. In this paper, we take ..."
Abstract - Add to MetaCart
Grid applications have increasingly sophisticated functional and security requirements. However, current techniques mostly protect only the resource provider from attacks by the user, while leaving the user comparatively dependent on the well-behavior of the resource provider. In this paper, we take the first steps towards addressing the trust asymmetry by using a combination of trusted computing and virtualization technologies. We present the key components for a trustworthy Grid architecture and propose an implementation. By providing multilateral security, i.e., security for both the Grid user and the Grid provider, our architecture increases the confidence that can be placed on the correctness of a Grid computation and on the protection of user-provided assets. In order to maintain important scalability and performance aspects, our proposal aims to minimize overhead. Towards this end, we propose a scalable offline attestation protocol, which allows selection of partners in the Grid with minimal overhead. A. Background
(Show Context)

Enhancing Grid Security Using Trusted Virtualization

by unknown authors
"... Abstract. Grid applications have increasingly sophisticated functional and security requirements. However, current techniques mostly protect only the resource provider from attacks by the user, while leaving the user comparatively dependent on the well-behavior of the resource provider. In this pape ..."
Abstract - Add to MetaCart
Abstract. Grid applications have increasingly sophisticated functional and security requirements. However, current techniques mostly protect only the resource provider from attacks by the user, while leaving the user comparatively dependent on the well-behavior of the resource provider. In this paper, we take the first steps towards addressing the trust asymmetry by using a combination of trusted computing and virtualization technologies. We present the key components for a trustworthy Grid architecture and propose an implementation. By providing multilateral security, i.e., security for both the Grid user and the Grid provider, our architecture increases the confidence that can be placed on the correctness of a Grid computation and on the protection of user-provided assets. In order to maintain important scalability and performance aspects, our proposal aims to minimize overhead. Towards this end, we propose a scalable offline attestation protocol, which allows selection of partners in the Grid with minimal overhead.
(Show Context)

Secure Hypervisors

by Sebastian Vogl
"... Abstract. Nowadays, more and more companies tend to use virtual ma-chines instead of physically separated machines as platform for their IT ser-vices. This reduces the hardware costs and also simplifies the management of the IT infrastructure. However, virtualized environments do, in contrast to pop ..."
Abstract - Add to MetaCart
Abstract. Nowadays, more and more companies tend to use virtual ma-chines instead of physically separated machines as platform for their IT ser-vices. This reduces the hardware costs and also simplifies the management of the IT infrastructure. However, virtualized environments do, in contrast to popular belief, not necessarily increase the security of a system. Actually, virtualized environments face the same threats as non-virtualized environ-ments. In addition, there are considerably fewer security solutions for virtu-alized systems than for non-virtualized environments. To solve this problem, researchers have proposed the use of so-called secure hypervisors in order to provide a Trusted Computing Base for virtualized systems. This paper will present and discuss three of these secure hypervisor approaches in order to give the reader a better understanding of what secure hypervisors are and how they can improve the security of virtualized systems. Furthermore, it will compare the concepts behind the three approaches to show the actual state of affairs of secure hypervisor research. The three secure hypervisor approaches that were selected for this purpose are Terra, the VAX VMM, and sHype. 1

1Security Policy Implementation Strategies for Common Carrier Monitoring Service Providers

by Carl A. Gunter
"... Abstract—There are increasing capabilities and demands for the remote monitoring of homes and their occupants. There are a variety of options for the architecture of such monitoring systems entailing trade-offs between privacy, security, cost, manageability and other factors. This paper considers th ..."
Abstract - Add to MetaCart
Abstract—There are increasing capabilities and demands for the remote monitoring of homes and their occupants. There are a variety of options for the architecture of such monitoring systems entailing trade-offs between privacy, security, cost, manageability and other factors. This paper considers the virtues of building Monitoring Service Providers (MSPs) based on the concept of a common carrier. The goal is to provide policy to support monitoring with limited risk to the monitored parties, the users of their data, and the MSP. We argue that advances in distributed computing, cryptography, and trusted computing provide enabling contributions to building practical Common Carrier MSPs (CCMSPs). We illustrate this with discussions of applications in the areas of assisted living and electrical power metering. I.
(Show Context)