Title :
Poly2 paradigm: a secure network service architecture
Author :
Bryant, Eric ; Early, James ; Gopalakrishna, Rajeev ; Roth, Gregory ; Spafford, Eugene H. ; Watson, Keith ; William, P. ; Yost, Scott
Author_Institution :
Center for Educ. & Res. in Inf. Assurance & Security, Purdue Univ., West Lafayette, IN, USA
Abstract :
General-purpose operating systems provide a rich computing environment both to the user and the attacker. The declining cost of hardware and the growing security concerns of software necessitate a revalidation of the many assumptions made in network service architectures. Enforcing sound design principles while retaining usability and flexibility is key to practical security. Poly2 is an approach to build a hardened framework for network services from commodity hardware and software. Guided by well-known security design principles such as least common mechanism and economy of mechanism, and driven by goals such as psychological acceptability and immediate usability, Poly2 provides a secure platform for network services. It also serves as a testbed for several security-related research areas such as intrusion detection, forensics, and high availability. This paper discusses the overall design and philosophy of Poly2, presents an initial implementation, and outlines future work.
Keywords :
operating systems (computers); security of data; Poly2 paradigm; operating system; secure network service architecture; Availability; Computer architecture; Costs; Forensics; Hardware; Intrusion detection; Operating systems; Psychology; Testing; Usability;
Conference_Titel :
Computer Security Applications Conference, 2003. Proceedings. 19th Annual
Print_ISBN :
0-7695-2041-3
DOI :
10.1109/CSAC.2003.1254339
