Computer Security Applications Conference, Annual (2003)
Las Vegas, Nevada
Dec. 8, 2003 to Dec. 12, 2003
Eric Bryant , Purdue University
James Early , Purdue University
Rajeev Gopalakrishna , Purdue University
Gregory Roth , Purdue University
Eugene H. Spafford , Purdue University
Keith Watson , Purdue University
Paul Williams , Purdue University
Scott Yost , Purdue University
General-purpose operating systems provide a rich computing environment both to the user and the attacker. The declining cost of hardware and the growing security concerns of software necessitate a revalidation of the many assumptions made in network service architectures. Enforcing sound design principles while retaining usability and flexibility is key to practical security. Poly<sup>2</sup> is an approach to build a hardened framework for network services from commodity hardware and software. Guided by well-known security design principles such as least common mechanism and economy of mechanism, and driven by goals such as psychological acceptability and immediate usability, Poly<sup>2</sup> provides a secure platform for network services. It also serves as a testbed for several security-related research areas such as intrusion detection, forensics, and high availability. This paper discusses the overall design and philosophy of Poly<sup>2</sup>, presents an initial implementation, and outlines future work.
R. Gopalakrishna et al., "Poly<sup>2</sup> Paradigm: A Secure Network Service Architecture," Computer Security Applications Conference, Annual(ACSAC), Las Vegas, Nevada, 2003, pp. 342.