Project Details
Description
Existing distributed authorization systems focus on the formulation of
policy, but enforcement remains a per-host issue. Failure of any
component to faithfully enforce policy can lead to vulnerabilities,
and in the extreme, renders authorization impotent. Without greater
assurance in the integrity of authorization enforcement, that scales
to Internet-wide applications, reliable, distributed authorization
cannot be built.
The Shared Reference Monitor (Shamon) project leverages advances in
integrity measurement and virtual machines to compose a coherent
authorization system for distributed applications. A Shamon consists
of a set of reference monitors on multiple, physical machines that are
integrity-verified to enforce a consistent security policy across
virtual machines that define an application. The use of virtual
machines provides coarse-grained isolation that simplifies security
policy for large-scale distributed systems, and the integrity
measurement ensures that each member of the Shamon can verify that the
others are enforcing this policy.
The Shamon project focuses on building the services to
compose and maintain such shared reference monitors. First, a
logic-based approach is defined that enables composition of trust in
the enforcement of a consistent policy by the Shamon reference
monitors. Such trust composition will be robust in the presence of
system dynamics including the joining, leaving and migration of
virtual machines. Second, the Xen hypervisor system is augmented with
these trust composition services. In this way, monitored applications
will only communicate with systems whose regulation is consistent with
its Shamon policy.
Status | Finished |
---|---|
Effective start/end date | 9/1/06 → 8/31/10 |
Funding
- National Science Foundation: $400,000.00