Shamon: A System for Distributed Mandatory Access Control
- 1 December 2006
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
- No. 10639527,p. 23-32
- https://doi.org/10.1109/acsac.2006.47
Abstract
We define and demonstrate an approach to securing distributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies across a distributed set of machines. The Shamon enables local reference monitor guarantees to be attained for a set of reference monitors on these machines. We implement a prototype system on the Xen hypervisor with a trusted MAC virtual machine built on Linux 2.6 whose reference monitor design requires only 13 authorization checks, only 5 of which apply to normal processing (others are for policy setup). We show that, through our architecture, distributed computations can be protected and controlled coherently across all the machines involved in the computationKeywords
This publication has 21 references indexed in Scilit:
- Understanding SPKI/SDSI using first-order logicInternational Journal of Information Security, 2005
- Delegation logicACM Transactions on Information and System Security, 2003
- The Chinese Wall security policyPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2003
- TerraPublished by Association for Computing Machinery (ACM) ,2003
- Xen and the art of virtualizationPublished by Association for Computing Machinery (ACM) ,2003
- SETI@homeCommunications of the ACM, 2002
- The Anatomy of the Grid: Enabling Scalable Virtual OrganizationsThe International Journal of High Performance Computing Applications, 2001
- Authentication in distributed systemsACM Transactions on Computer Systems, 1992
- A retrospective on the VAX VMM security kernelIEEE Transactions on Software Engineering, 1991
- Program confinement in KVM/370Published by Association for Computing Machinery (ACM) ,1977