Implementing Mandatory Network Security In A Policy-Flexible System

Implementing Mandatory Network Security In A Policy-Flexible System (1998)

Cached

Download Links

[www.cs.utah.edu]

by Ajaya Chitturi , Ajaya Chitturi , John B. Carter , Jay Lepreau , Ann W. Hart

Citations:

11 - 0 self

BibTeX

@TECHREPORT{Chitturi98implementingmandatory,
    author = {Ajaya Chitturi and Ajaya Chitturi and John B. Carter and Jay Lepreau and Ann W. Hart},
    title = {Implementing Mandatory Network Security In A Policy-Flexible System},
    institution = {},
    year = {1998}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

The use of networks is growing continuously, constantly increasing the vulnerability of the computer systems that use them. Current solutions for network security, such as firewalls, cannot support sophisticated trust relationships with external entities and lack a comprehensive approach to security. Research in security has shown the usefulness of mandatory security mechanisms for supporting sophisticated trust relationships and secure endpoints in addition to secure communication channels. Other efforts at incorporating mandatory security mechanisms into the network stack have a limited notion of access control policies. This work deals with the design and implementation of a more comprehensive and flexible network security architecture that enforces a mandatory access control policy on network-related operations and a mandatory cryptographic policy on network traffic. The implementation involves modifying the FreeBSD TCP/IP stack within the Flask secure operating system. Access cont...

Citations

1134	Security architecture for the internet protocol - Kent, Atkinson - 1998
343	A comparison of commercial and military computer security policies - Clark, Wilson - 1987
221	An Intrusion Detection Model - Denning - 1987
216	Iolus: A framework for scalable secure multicasting - Mittra - 1997
193	IP authentication header - Atkinson - 1995
131	Security mechanisms in high-level network protocols - VOYDOCK, KENT - 1983
120	A practical alternative to hierarchical integrity policies - Boebert, Kain - 1985
110	The Internet IP security domain of interpretation for ISAKMP - Piper - 1998
92	Domain name system security extensions - Eastlake - 1999
89	Internet Security Association and Key Management Protocol (ISAKMP)", version 9, draft-ietf-ipsec-isakmp-09.{ps,txt - Maughhan, Schertler, et al.
77	Problem Areas for the IP Security Protocols - Bellovin - 1996
72	Fundamentals of Computer Security - Amoroso - 1994
69	Practical Domain and Type Enforcement for UNIX - Badger, Sterne, et al. - 1995
45	92 Encapsulating Security Payload (ESP - Atkinson - 1995
32	Providing Policy Control Over Object Operations in a Mach Based System - Minear - 1995
19	Assuring Distributed Trusted Mach - Fine, Minear - 1993
15	Building a Secure Computer - Gasser - 1988
15	IP Authentication using Keyed MD5 - Metzger, Simpson - 1995
13	A method to detect intrusive activity in a networked environment - Heberlein, Levitt, et al. - 1991
13	Department of Defense Security Options for the Internet Protocol", RFC 1108 - Kent, S - 1991
10	A security policy and formal top-level specification for a multi-level secure local area network - McHugh, Moore - 1986
10	A model for multilevel security in computer networks - Lu, SUNDARESHAN - 1988
9	Covert channels in LAN’s - Girling - 1987
9	Controlling network communication with domain and type enforcement - Sherman, Sterne, et al. - 1995
7	Network Auditing: Issues and Recommendations - Schaen, McKenney - 1991
6	SKIP: Securing the Internet - Caronni, Lubich, et al. - 1996
6	The ESP DES-CBC Transform - Karn, Metzger, et al. - 1995
5	Draft revised IP Security Option - Johns - 1988
4	System V/MLS labeling and mandatory policy alternatives - Flink, Weiss - 1988
4	Network security: The parts of the sum - Walker - 1989
4	A socketbased key management API (and surrounding infrastructure - McDonald, Phan, et al. - 1996
3	Building a multi-level secure tcp/ip - Futcher, Sharp, et al. - 1991
3	Network Security Policy Models - Varadharajan - 1990
2	DTE Firewalls, Initial Measurement and Evaluation Report. Trusted Information Systems - Badger - 1997
2	The resolution of ISAKMP with Oakley". Internet draft, draft-ietfipsec -isakmp-oakley-33.txt - Harkins, Carrel - 1997
2	Synergy: A distributed trusted microkernel-based operating system - Saydjari, Turner, et al. - 1993
2	A network access control model for flask - Smalley - 1997
1	BSD IPC model and policy - Romero, Schaufler, et al. - 1993
1	The TLS protocol," Internet draft, Transport Layer Security Working Group - Dierks, Allen - 1997
1	DTE firewalls phase two measurement and evaluation report," TIS Report #0682, Trusted Information Systems - Fraser, Petkac, et al. - 1997
1	The SSL protocol," Internet draft, Transport Layer Security Working Group - Freier, Karlton, et al. - 1996
1	NRL IPv6+IPsec software distribution alpha release 5 - Labs - 1997
1	Systems Inc., "Cisco systems ISAKMP distribution version 0.5." available as http://web.mit.edu/network/isakmp/ciscokmp.html - Cisco
1	your computer being misused? A survey of current intrusion detection system technology - MacAuliffe - 1990
1	Inline keying within the ISAKMP framework - Sommerfeld - 1997