1 / 16

Secure Virtual Enclaves February 4, 2000

Secure Virtual Enclaves February 4, 2000. Deborah Shands, Richard Yee Jay Jacobs, E. John Sebes. Outline. Project Overview SVE Architecture Observations Results/Conclusions. Coalition Examples.

herndons
Download Presentation

Secure Virtual Enclaves February 4, 2000

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Virtual Enclaves February 4, 2000 Deborah Shands, Richard Yee Jay Jacobs, E. John Sebes

  2. Outline • Project Overview • SVE Architecture • Observations • Results/Conclusions

  3. Coalition Examples • Commercial: outsourcing, contractors, or customers needing limited access to corporate data • Civilian: disaster/incident response teams and crisis management • Military: joint task forces engaged in distributed collaborative planning

  4. SVE Project Goals • Support collaborative computing • Provide mechanisms to control sharing • Enable unified approach to multiple distributed application technologies (e.g., Java, DCOM, web apps.) • Support dynamic access policies, allowing changes to: SVE membership, resources to be shared, and access types permitted

  5. SVE Project Constraints • Ensure application transparency • Retain organizational autonomy over local resources • Use only standard network protocols • Use only commercially available operating systems

  6. STOP Concept of Operation enclaveB.com enclaveA.com Services in SVE Principals in SVE Legend: Services partly in SVE Services not in SVE Principals not in SVE

  7. SVE Concept of Operation • Virtual enclave: formed by collaborators sharing resources and services • Enclaves define limited trust relationships with one another • Each enclave specifies internal resources accessible to partners • Secure virtual enclave: each enclave’s exports are • Protected from access by non-SVE members • Available to SVE members as specified by access policy • Dynamic modification: automatic reconfiguration due to changes in SVE membership, resources, access policy

  8. Outline • Project Overview • SVE Architecture • Observations • Results/Conclusions

  9. Client-Server Architecture Enclave A Server Server SVE Interceptor/ Enforcer SVE Gateway Interceptor/ Enforcer Client Client Enclave B

  10. Policy GUI Policy GUI SPEX Admin GUI SPEX Admin GUI SPEX Controller SPEX Controller Interceptor/ Enforcer Interceptor/ Enforcer Interceptor/ Enforcer Interceptor/ Enforcer Interceptor/ Enforcer Interceptor/ Enforcer Interceptor/ Enforcer Interceptor/ Enforcer Access Calculator Access Calculator Access Calculator Access Calculator Access Calculator Access Calculator Enclave A Enclave B SVE Infrastructure Architecture SVE Control Messages

  11. SVE Policy Semantics • Current SVE policy semantics are very similar to Object-Oriented Domain and Type Enforcement (OODTE) • Principals are mapped to a domain equivalence class using a set of domain derivation rules • Resources are mapped to a type equivalence class • Access matrix is formed by associating a set of types with a given domain • Principal recognition rules are domain derivation rules that are published by an SVE member to allow its principals to be recognized by other SVE members

  12. Outline • Project Overview • SVE Architecture • Observations • Results/Conclusions

  13. Enclave Autonomy • Organizations require a certain level of autonomy • Autonomy is a difficult requirement for distributed security systems • SVE system supports autonomy • Most components of access policy used only within the local enclave • An enclave may unilaterally withdraw from an SVE at any time • Need to balance autonomy and collaborationrequirements via business decisions

  14. Ambiguous Policy Semantics • Meaning of policy statements known only within defining enclave (e.g., “manager” role) • How to prevent misunderstandings as coalitions are formed??? • Establish semantics offline • Represent and negotiate semantics within system

  15. Outline • Project Overview • SVE Architecture • Observations • Results/Conclusions

  16. SVE Prototype Results • Supports coalition sharing • Supports dynamic changes to both coalition membership and resource access policies • Supports enclave autonomy • Provides experimental platform for studying security policies for distributed systems

More Related