Shamon: A system for distributed mandatory access control

Jonathan M. McCune, Trent Jaeger, Stefan Berger, Ramón Cáceres, Reiner Sailer

Research output: Chapter in Book/Report/Conference proceedingConference contribution

75 Scopus citations

Abstract

We define and demonstrate an approach to securing distributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies across a distributed set of machines. The Shamon enables local reference monitor guarantees to be attained for a set of reference monitors on these machines. We implement a prototype system on the Xen hypervisor with a trusted MAC virtual machine built on Linux 2.6 whose reference monitor design requires only 13 authorization checks, only 5 of which apply to normal processing (others are for policy setup). We show that, through our architecture, distributed computations can be protected and controlled coherently across all the machines involved in the computation.

Original languageEnglish (US)
Title of host publicationProceedings - Annual Computer Security Applications Conference, ACSAC
Pages23-32
Number of pages10
DOIs
StatePublished - Dec 1 2006
Event22nd Annual Computer Security Applications Conference, ACSAC 2006 - Miami Beach, FL, United States
Duration: Dec 11 2006Dec 15 2006

Publication series

NameProceedings - Annual Computer Security Applications Conference, ACSAC
ISSN (Print)1063-9527

Other

Other22nd Annual Computer Security Applications Conference, ACSAC 2006
Country/TerritoryUnited States
CityMiami Beach, FL
Period12/11/0612/15/06

All Science Journal Classification (ASJC) codes

  • Software
  • General Engineering

Fingerprint

Dive into the research topics of 'Shamon: A system for distributed mandatory access control'. Together they form a unique fingerprint.

Cite this