Computer Security Applications Conference, Annual (2006)
Miami Beach, Florida, USA
Dec. 11, 2006 to Dec. 15, 2006
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ACSAC.2006.47
Jonathan M. McCune , Carnegie Mellon University, USA
Trent Jaeger , Pennsylvania State University, USA
Stefan Berger , IBM T.J. Watson Research Center, USA
Ramon Caceres , IBM T.J. Watson Research Center, USA
Reiner Sailer , IBM T.J. Watson Research Center, USA
We define and demonstrate an approach to securing dis- tributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies across a distributed set of machines. The Shamon enables local reference monitor guarantees to be attained for a set of reference monitors on these machines. We im- plement a prototype system on the Xen hypervisor with a trusted MAC virtual machine built on Linux 2.6 whose reference monitor design requires only 13 authorization checks, only 5 of which apply to normal processing (others are for policy setup). We show that, through our architec- ture, distributed computations can be protected and con- trolled coherently across all the machines involved in the computation.
T. Jaeger, S. Berger, R. Caceres, R. Sailer and J. M. McCune, "Shamon: A System for Distributed Mandatory Access Control," 2006 22nd Computer Security Applications Conference(ACSAC), Miami Beach, FL, 2006, pp. 23-32.