Shamon: A System for Distributed Mandatory Access Control

Miami Beach, Florida, USA December 11-December 15

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.47

22nd Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Jonathan M. McCune Articles by Trent Jaeger Articles by Stefan Berger Articles by Ramon Caceres Articles by Reiner Sailer

	ASCII Text	x
	Jonathan M. McCune, Trent Jaeger, Stefan Berger, Ramon Caceres, Reiner Sailer, "Shamon: A System for Distributed Mandatory Access Control," Computer Security Applications Conference, Annual, pp. 23-32, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006.

	BibTex	x
	@article{ 10.1109/ACSAC.2006.47, author = {Jonathan M. McCune and Trent Jaeger and Stefan Berger and Ramon Caceres and Reiner Sailer}, title = {Shamon: A System for Distributed Mandatory Access Control}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2006}, issn = {1063-9527}, pages = {23-32}, doi = {http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.47}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Shamon: A System for Distributed Mandatory Access Control SN - 1063-9527 SP23 EP32 A1 - Jonathan M. McCune, A1 - Trent Jaeger, A1 - Stefan Berger, A1 - Ramon Caceres, A1 - Reiner Sailer, PY - 2006 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Jonathan M. McCune, Carnegie Mellon University, USA

Trent Jaeger, Pennsylvania State University, USA

Stefan Berger, IBM T.J. Watson Research Center, USA

Ramon Caceres, IBM T.J. Watson Research Center, USA

Reiner Sailer, IBM T.J. Watson Research Center, USA

We define and demonstrate an approach to securing dis- tributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies across a distributed set of machines. The Shamon enables local reference monitor guarantees to be attained for a set of reference monitors on these machines. We im- plement a prototype system on the Xen hypervisor with a trusted MAC virtual machine built on Linux 2.6 whose reference monitor design requires only 13 authorization checks, only 5 of which apply to normal processing (others are for policy setup). We show that, through our architec- ture, distributed computations can be protected and con- trolled coherently across all the machines involved in the computation.

Citation:

Jonathan M. McCune, Trent Jaeger, Stefan Berger, Ramon Caceres, Reiner Sailer, "Shamon: A System for Distributed Mandatory Access Control," acsac, pp.23-32, 22nd Annual Computer Security Applications Conference (ACSAC'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.