Roundhouse a security architecture for active networks
Irvine, Cynthia E.
MetadataShow full item record
We describe a high-assurance framework for networked clients and servers. Called Roundhouse consists of the following elements: (1) Pinkerton, a comprehensive model for the implementation of distributed protection domains that provide for robust protection in a networked environment; (2) Iron Horse: Functional and security design of a kernelized host providing essential ring-based protection, packet authentication, and cryptography services for higher layers. (3) DEPOT: Specification, design, and prototype implementation on a PC base of the framework and initial content of dynamically modifiable servers. The intent is that DEPOT clients and servers would take advantage of platform protected modes where available (e.g., Windows NT, Iron Horse) leading to client-server computing in a network of heterogeneously trusted hosts. As a general facility for installing and managing application "hooks" DEPOT incorporates the following key new ideas: (1) the division of sets of hooks by module, (2) the partial ordering of modules, (3) binding hooks to network names, and (4) provision of a run-time model of module behavior with a visible state machine model that abstracts and externalizes the dynamic behavior of that module. The architecture is unique as it composes strong and weak systems securely and permits the dynamic retooling of executing software.
NPS Report NumberNPS-CS-98-002
Showing items related by title, author, creator and subject.
Simultaneous connection management and protection in a distributed multilevel security environment Sears, Joseph D. (Monterey, California. Naval Postgraduate School, 2004-09);The Naval Postgraduate School Center for Information Systems Security Studies and Research (CISR) is designing and developing a distributed multilevel secure (MLS) network known as the Monterey Security Architecture (MYSEA). ...
Schneidewind, Norman F. (1992-04);There are several issues that confront LAN management with respect to allocating servers and files in a LAN. These are: How many servers should be used for a given number of user computers? Should files be replicated ...
Ray, William J. (2001-09);Object-Oriented computing is fast becoming the de-facto standard for software development. Optimal deployment strategies for object servers change given variations in object servers, client applications, operational missions, ...