Nexus

Shieh, Alan; Williams, Dan; Sirer, Emin Gün; Schneider, Fred B.

doi:10.1145/1095810.1118613

“…Trusted Platform Modules [31] and attestation [12] can provide strong credentials for certifying the presence of remote software stacks. Fine-grained attestation [27] or attested labels [28] might also fit well with our notion of privileges. However, there still must be a service, perhaps an authentication agent as described in [33] that is capable of offering and checking credentials for named principals as part of remote authentication.…”

Section: Remote Principalssupporting

confidence: 63%

Authorizing applications in singularity

Wobber

¹

,

Yumerefendi

²

,

Abadi

³

et al. 2007

Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007

View full text Add to dashboard Cite

We describe a new design for authorization in operating systems in which applications are first-class entities. In this design, principals reflect application identities. Access control lists are patterns that recognize principals. We present a security model that embodies this design in an experimental operating system, and we describe the implementation of our design and its performance in the context of this operating system.

show abstract

“…Trusted Platform Modules [31] and attestation [12] can provide strong credentials for certifying the presence of remote software stacks. Fine-grained attestation [27] or attested labels [28] might also fit well with our notion of privileges. However, there still must be a service, perhaps an authentication agent as described in [33] that is capable of offering and checking credentials for named principals as part of remote authentication.…”

Section: Remote Principalssupporting

confidence: 63%

Authorizing applications in singularity

Wobber

¹

,

Yumerefendi

²

,

Abadi

³

et al. 2007

SIGOPS Oper. Syst. Rev.

View full text Add to dashboard Cite

We describe a new design for authorization in operating systems in which applications are first-class entities. In this design, principals reflect application identities. Access control lists are patterns that recognize principals. We present a security model that embodies this design in an experimental operating system, and we describe the implementation of our design and its performance in the context of this operating system.

show abstract

“…Many solutions have been proposed to improve the protection [5][6][7][8][9][10][11][12][13]. In general, they can be categorized into three types: technology, policy, and education.…”

Section: X-axis: Countermeasuresmentioning

confidence: 99%

“…Several researchers have studied the implementation of trustworthy systems [5][6][7][8][9][10][11][12][13]. However, we have observed that trustworthiness could not be achieved if there is no trusted integration of major network components.…”

Section: Introductionmentioning

confidence: 98%

Challenges in Building a Trustworthy Network

Hu¹

2013

J Elec Electron Syst

0

View full text Add to dashboard Cite

quality control relating to security, privacy, and reliability is very difficult to achieve. Vulnerabilities could exist in some of them and trigger threats.• Difficulty in administrating network components: In case management relating to security, privacy, and reliability of network components is guaranteed, vulnerabilities of the network could be eliminated and trustworthiness of the network would be achieved. However, since network components usually cross several different domains and are managed by various administrations, the operation to ensure the protection of network security, privacy, and reliability is very complicated and difficult to achieve.• Difficulty in protecting data crossing over different network components: Although every network component could implement its own mechanisms to protect network privacy, security, and availability, there are some potential threats could exist in the gap between two components. For instance, the gap between hardware and software. Halderman et al.[14] demonstrated a technology to bypass all disk encryption methods.To conquer challenges and make it possible to build a trustworthy network, there are some regulations and policies must be implemented. This is not easy when various network domains and components are involved. However, just like the ISO 9001, it would be doable while demands increase. Trustworthy Network ModelIn this paper, we depict a novel trustworthy network model. Our approach is based on an observation that trustworthiness cannot be accomplished by technology or any countermeasure solely. It requires teamwork and needs to integrate every countermeasure together. AbstractAn open challenge in trustworthy computing is the development of a trustworthy network since network plays an essential role of current computing infrastructure (e.g., grid computing, cloud computing, etc.). In order to have a trustworthy network, security, privacy, and reliability must be protected on every major network component. For instance, if there is no trusted mechanism to enforce security protection of every data transaction on major network components, a network cannot be relied on performing trustworthy computing. It has been observed that trustworthy network cannot be practically achieved if there is no trusted integration of major network components. In this paper, we discuss the challenges in building a trustworthy network and develop a trustworthy network model that is both scalable and interoperable with existing and future network architectures.

show abstract

Nexus

Cited by 23 publications

References 6 publications

Authorizing applications in singularity

Authorizing applications in singularity

Authorizing applications in singularity

Challenges in Building a Trustworthy Network

Contact Info

Product

Resources

About