Roundhouse: A Security Architecture for Active Networks
Progress rept., 21 Jan 1997-30 Apr 1998
NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE
Pagination or Media Count:
We describe a high-assurance framework for networked clients and servers. Called Roundhouse consists of the following elements 1 Pinkerton, a comprehensive model for the implementation of distributed protection domains that provide for robust protection in a networked environment 2 Iron Horse Functional and security design of a kernelized host providing essential ring-based protection, packet authentication, and cryptography services for higher layers. 3 DEPOT Specification, design, and prototype implementation on a PC base of the framework and initial content of dynamically modifiable servers. The intent is that DEPOT clients and servers would take advantage of platform protected modes where available e.g., Windows NT, Iron Horse leading to client-server computing in a network of heterogeneously trusted hosts. As a general facility for installing and managing application hooks DEPOT incorporates the following key new ideas 1 the division of sets of hooks by module, 2 the partial ordering of modules, 3 binding hooks to network names, and 4 provision of a run-time model of module behavior with a visible state machine model that abstracts and externalizes the dynamic behavior of that module. The architecture is unique as it composes strong and weak systems securely and permits the dynamic retooling of executing software.
- Computer Systems
- Computer Systems Management and Standards