Shamon:: A system for distributed mandatory access control

被引：30

作者：

McCune, Jonathan M. ^{[1
]}

Jaeger, Trent ^{[2
]}

Berger, Stefan ^{[3
]}

Caceres, Ramon ^{[3
]}

Sailer, Reiner ^{[3
]}

机构：

[1] Carnegie Mellon Univ, Pittsburgh, PA 15213 USA

[2] Penn State Univ, University Pk, PA 16802 USA

[3] IBM Corp, Thomas J Watson Res Ctr, Yorktown Hts, NY 10598 USA

来源：

22ND ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS | 2006年

关键词：

D O I：

10.1109/ACSAC.2006.47

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

We define and demonstrate an approach to securing distributed computation based on a shared reference monitor (Shamon) that, enforces mandatory access control (MAC) policies across a distributed set of machines. The Shamon enables local reference monitor guarantees to be attained for a set of reference monitors on these machines. We implement a prototype system on the Xen hypervisor with a trusted MAC virtual machine built on Linux 2.6 whose reference monitor design requires only 13 authorization checks, only 5 of which apply to normal processing (others are for policy setup). We show that, through our architecture, distributed computations can be protected and controlled coherently across all the machines involved in the computation.

引用

页码：23 / +

页数：3

共 40 条

[21]

Kent S., 1998, RFC 2406

[22]

KOHL JT, 1992, KERBEROS NETWORK AUT

[23] AUTHENTICATION IN DISTRIBUTED SYSTEMS - THEORY AND PRACTICE [J].

LAMPSON, B ;

ABADI, M ;

BURROWS, M ;

WOBBER, E .

ACM TRANSACTIONS ON COMPUTER SYSTEMS, 1992, 10 (04) :265-310

[24]

LI N, 2003, ACM T INFORM SYST SE, V6, P128, DOI DOI 10.1145/605434.605438

[25]

Li NH, 2003, P IEEE CSFW, P89

[26]

Meushaw Robert, 2000, TECH TREND NOTES, V9, P1

[27]

*MICR CORP, 2005, NEXT GEN SEC COMP BA

[28]

*OP SOFTW FDN, 1993, INTR OSF DCE

[29]

Petroni N., 2004, P USENIX SEC S

[30]

RUSSELL TT, 1989, P NAT COMP SEC C OCT

← 1 2 3 4 →