Design and Implementation of Virtual Private Services

Linz, Austria June 09-June 11

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ENABL.2003.1231419

Twelfth International Workshop on Ena ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Sotiris Ioannidis Articles by Steven M. Bellovin Articles by John Ioannidis Articles by Angelos D. Keromytis Articles by Jonathan M. Smith

	ASCII Text	x
	Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, Jonathan M. Smith, "Design and Implementation of Virtual Private Services," Enabling Technologies, IEEE International Workshops on, pp. 269, Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003.

	BibTex	x
	@article{ 10.1109/ENABL.2003.1231419, author = {Sotiris Ioannidis and Steven M. Bellovin and John Ioannidis and Angelos D. Keromytis and Jonathan M. Smith}, title = {Design and Implementation of Virtual Private Services}, journal ={Enabling Technologies, IEEE International Workshops on}, volume = {0}, year = {2003}, issn = {1080-1383}, pages = {269}, doi = {http://doi.ieeecomputersociety.org/10.1109/ENABL.2003.1231419}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Enabling Technologies, IEEE International Workshops on TI - Design and Implementation of Virtual Private Services SN - 1080-1383 SP EP A1 - Sotiris Ioannidis, A1 - Steven M. Bellovin, A1 - John Ioannidis, A1 - Angelos D. Keromytis, A1 - Jonathan M. Smith, PY - 2003 KW - null VL - 0 JA - Enabling Technologies, IEEE International Workshops on ER -

Sotiris Ioannidis, University of Pennsylvania

Steven M. Bellovin, AT&T Labs - Research

John Ioannidis, AT&T Labs - Research

Angelos D. Keromytis, Columbia University

Jonathan M. Smith, University of Pennsylvania

Large scale distributed applications such as electronic commerce and online marketplaces combine network access with multiple storage and computational elements. The distributed responsibility for resource control creates new security and privacy issues, which are exacerbated by the complexity of the operating environment. In order to handle policies at multiple locations, the usual tools available (firewalls and compartmented file storage) get to be used in ways that are clumsy and prone to failure.

We propose a new approach, virtual private services. Our approach relies on two functional divisions. First, we split policy specification and policy enforcement, providing local autonomy within the constraints of the global security policy. Second, we create virtual security domains, each with its own security policy. Every domain has an associated set of privileges and permissions restricting it to the resources it needs to use and the services it must perform. Virtual private services ensure security and privacy policies are adhered to through coordinated policy enforcement points. We describe our architecture and a prototype implementation, and present a preliminary performance evaluation confirming that our overhead of policy enforcement using is small.

Citation:

Sotiris Ioannidis, Steven M. Bellovin, John Ioannidis, Angelos D. Keromytis, Jonathan M. Smith, "Design and Implementation of Virtual Private Services," wetice, pp.269, Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.