Poly2 paradigm: a secure network service architecture

General-purpose operating systems provide a rich computing environment both to the user and the attacker. The declining cost of hardware and the growing security concerns of software necessitate a revalidation of the many assumptions made in network service architectures. Enforcing sound design principles while retaining usability and flexibility is key to practical security. Poly² is an approach to build a hardened framework for network services from commodity hardware and software. Guided by well-known security design principles such as least common mechanism and economy of mechanism, and driven by goals such as psychological acceptability and immediate usability, Poly² provides a secure platform for network services. It also serves as a testbed for several security-related research areas such as intrusion detection, forensics, and high availability. This paper discusses the overall design and philosophy of Poly², presents an initial implementation, and outlines future work.