Persistent Link:
http://hdl.handle.net/10150/289020
Title:
Escort: Securing scout paths
Author:
Spatscheck, Oliver
Issue Date:
1999
Publisher:
The University of Arizona.
Rights:
Copyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.
Abstract:
It is becoming increasingly common to find special-purpose communication devices--Information Appliances--attached to the Internet. Information appliances include network-attached disks, cameras, and displays; web and file servers; set-top boxes; application routers and firewalls. Many of these systems perform mission critical functions, like company web servers or firewalls, but are built on general purpose operating systems that do not protect them with adequate security measures. This work introduces Escort, a security architecture for the Scout operating system. Escort provides a set of mechanisms designed to protect information appliances. It uses Scout's path abstraction to provide accurate accounting over multiple protection domains, thereby protecting privacy and integrity while enabling the defense against denial of service attacks. Escort also provides a configuration interface that allows the designer of the Information Appliance to configure the functional specification and security policy needed for a given environment. The performance penalty of many secure systems is a deterrent for their deployment. Therefore, an additional goal of Escort is to provide high performance. To achieve this goal, Escort introduces novel mechanisms for shared buffer management and thread migration without introducing security holes. Again, the path abstraction is a major enabling factor for these mechanisms. This work also presents two example Information Appliances, a web server and a TCP forwarder (firewall). They show how secure high performance system's can be built using Escort's mechanisms. The web server shows, in particular, how to deal with denial of service attacks using a path-based resource revocation mechanism, while the firewall demonstrates a path-based optimization enabled by Escort.
Type:
text; Dissertation-Reproduction (electronic)
Keywords:
Computer Science.
Degree Name:
Ph.D.
Degree Level:
doctoral
Degree Program:
Graduate College; Computer Science
Degree Grantor:
University of Arizona
Advisor:
Peterson, Larry L.

Full metadata record

DC FieldValue Language
dc.language.isoen_USen_US
dc.titleEscort: Securing scout pathsen_US
dc.creatorSpatscheck, Oliveren_US
dc.contributor.authorSpatscheck, Oliveren_US
dc.date.issued1999en_US
dc.publisherThe University of Arizona.en_US
dc.rightsCopyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.en_US
dc.description.abstractIt is becoming increasingly common to find special-purpose communication devices--Information Appliances--attached to the Internet. Information appliances include network-attached disks, cameras, and displays; web and file servers; set-top boxes; application routers and firewalls. Many of these systems perform mission critical functions, like company web servers or firewalls, but are built on general purpose operating systems that do not protect them with adequate security measures. This work introduces Escort, a security architecture for the Scout operating system. Escort provides a set of mechanisms designed to protect information appliances. It uses Scout's path abstraction to provide accurate accounting over multiple protection domains, thereby protecting privacy and integrity while enabling the defense against denial of service attacks. Escort also provides a configuration interface that allows the designer of the Information Appliance to configure the functional specification and security policy needed for a given environment. The performance penalty of many secure systems is a deterrent for their deployment. Therefore, an additional goal of Escort is to provide high performance. To achieve this goal, Escort introduces novel mechanisms for shared buffer management and thread migration without introducing security holes. Again, the path abstraction is a major enabling factor for these mechanisms. This work also presents two example Information Appliances, a web server and a TCP forwarder (firewall). They show how secure high performance system's can be built using Escort's mechanisms. The web server shows, in particular, how to deal with denial of service attacks using a path-based resource revocation mechanism, while the firewall demonstrates a path-based optimization enabled by Escort.en_US
dc.typetexten_US
dc.typeDissertation-Reproduction (electronic)en_US
dc.subjectComputer Science.en_US
thesis.degree.namePh.D.en_US
thesis.degree.leveldoctoralen_US
thesis.degree.disciplineGraduate Collegeen_US
thesis.degree.disciplineComputer Scienceen_US
thesis.degree.grantorUniversity of Arizonaen_US
dc.contributor.advisorPeterson, Larry L.en_US
dc.identifier.proquest9946822en_US
dc.identifier.bibrecord.b39916686en_US
All Items in UA Campus Repository are protected by copyright, with all rights reserved, unless otherwise indicated.