Roundhouse: a security architecture for active networks

Loading...
Thumbnail Image
Authors
Irvine, Cynthia E.
Subjects
Military intelligence
Electronic intelligence
Information warfare
Cryptography
Advisors
Date of Issue
1998-05-01
Date
Publisher
Monterey, California. Naval Postgraduate School
Language
Abstract
We describe a high-assurance framework for networked clients and servers. Called Roundhouse consists of the following elements: (1) Pinkerton, a comprehensive model for the implementation of distributed protection domains that provide for robust protection in a networked environment; (2) Iron Horse: Functional and security design of a kernelized host providing essential ring-based protection, packet authentication, and cryptography services for higher layers. (3) DEPOT: Specification, design, and prototype implementation on a PC base of the framework and initial content of dynamically modifiable servers. The intent is that DEPOT clients and servers would take advantage of platform protected modes where available (e.g., Windows NT, Iron Horse) leading to client-server computing in a network of heterogeneously trusted hosts. As a general facility for installing and managing application "hooks" DEPOT incorporates the following key new ideas: (1) the division of sets of hooks by module, (2) the partial ordering of modules, (3) binding hooks to network names, and (4) provision of a run-time model of module behavior with a visible state machine model that abstracts and externalizes the dynamic behavior of that module. The architecture is unique as it composes strong and weak systems securely and permits the dynamic retooling of executing software.
Type
Technical Report
Description
Series/Report No
Department
Computer Science
Identifiers
NPS Report Number
NPS-CS-98-002
Sponsors
Funder
Format
Citation
Distribution Statement
Approved for public release; distribution is unlimited.
Rights
Collections