Poly/sup 2/ paradigm: a secure network service architecture
Author
E Bryant, J Early, R Gopalakrishna, G Roth, E Spafford, K Watson, P William, S Yost
Abstract
General-purpose operating systems provide a rich computing environment both to the user and the attacker. The declining cost of hardware and the growing security concerns of software necessitate a revalidation of the many assumptions made in network service architectures. Enforcing sound design principles while retaining usability and flexibility is key to practical security. Poly/sup 2/ is an approach to build a hardened framework for network services from commodity hardware and software. Guided by well-known security design principles such as least common mechanism and economy of mechanism, and driven by goals such as psychological acceptability and immediate usability, Poly/sup 2/ provides a secure platform for network services. It also serves as a testbed for several security-related research areas such as intrusion detection, forensics, and high availability. This paper discusses the overall design and philosophy of Poly/sup 2/, presents an initial implementation, and outlines future work.
Journal
Computer Security Applications Conference, 2003. Proceedings. 19th Annual
Publication Date
2003-12-01