Show simple item record

dc.contributor.advisorPeterson, Larry L.en_US
dc.contributor.authorSpatscheck, Oliver
dc.creatorSpatscheck, Oliveren_US
dc.date.accessioned2013-05-09T09:25:39Z
dc.date.available2013-05-09T09:25:39Z
dc.date.issued1999en_US
dc.identifier.urihttp://hdl.handle.net/10150/289020
dc.description.abstractIt is becoming increasingly common to find special-purpose communication devices--Information Appliances--attached to the Internet. Information appliances include network-attached disks, cameras, and displays; web and file servers; set-top boxes; application routers and firewalls. Many of these systems perform mission critical functions, like company web servers or firewalls, but are built on general purpose operating systems that do not protect them with adequate security measures. This work introduces Escort, a security architecture for the Scout operating system. Escort provides a set of mechanisms designed to protect information appliances. It uses Scout's path abstraction to provide accurate accounting over multiple protection domains, thereby protecting privacy and integrity while enabling the defense against denial of service attacks. Escort also provides a configuration interface that allows the designer of the Information Appliance to configure the functional specification and security policy needed for a given environment. The performance penalty of many secure systems is a deterrent for their deployment. Therefore, an additional goal of Escort is to provide high performance. To achieve this goal, Escort introduces novel mechanisms for shared buffer management and thread migration without introducing security holes. Again, the path abstraction is a major enabling factor for these mechanisms. This work also presents two example Information Appliances, a web server and a TCP forwarder (firewall). They show how secure high performance system's can be built using Escort's mechanisms. The web server shows, in particular, how to deal with denial of service attacks using a path-based resource revocation mechanism, while the firewall demonstrates a path-based optimization enabled by Escort.
dc.language.isoen_USen_US
dc.publisherThe University of Arizona.en_US
dc.rightsCopyright © is held by the author. Digital access to this material is made possible by the University Libraries, University of Arizona. Further transmission, reproduction or presentation (such as public display or performance) of protected items is prohibited except with permission of the author.en_US
dc.subjectComputer Science.en_US
dc.titleEscort: Securing scout pathsen_US
dc.typetexten_US
dc.typeDissertation-Reproduction (electronic)en_US
thesis.degree.grantorUniversity of Arizonaen_US
thesis.degree.leveldoctoralen_US
dc.identifier.proquest9946822en_US
thesis.degree.disciplineGraduate Collegeen_US
thesis.degree.disciplineComputer Scienceen_US
thesis.degree.namePh.D.en_US
dc.identifier.bibrecord.b39916686en_US
refterms.dateFOA2018-09-06T06:56:22Z
html.description.abstractIt is becoming increasingly common to find special-purpose communication devices--Information Appliances--attached to the Internet. Information appliances include network-attached disks, cameras, and displays; web and file servers; set-top boxes; application routers and firewalls. Many of these systems perform mission critical functions, like company web servers or firewalls, but are built on general purpose operating systems that do not protect them with adequate security measures. This work introduces Escort, a security architecture for the Scout operating system. Escort provides a set of mechanisms designed to protect information appliances. It uses Scout's path abstraction to provide accurate accounting over multiple protection domains, thereby protecting privacy and integrity while enabling the defense against denial of service attacks. Escort also provides a configuration interface that allows the designer of the Information Appliance to configure the functional specification and security policy needed for a given environment. The performance penalty of many secure systems is a deterrent for their deployment. Therefore, an additional goal of Escort is to provide high performance. To achieve this goal, Escort introduces novel mechanisms for shared buffer management and thread migration without introducing security holes. Again, the path abstraction is a major enabling factor for these mechanisms. This work also presents two example Information Appliances, a web server and a TCP forwarder (firewall). They show how secure high performance system's can be built using Escort's mechanisms. The web server shows, in particular, how to deal with denial of service attacks using a path-based resource revocation mechanism, while the firewall demonstrates a path-based optimization enabled by Escort.


Files in this item

Thumbnail
Name:
azu_td_9946822_sip1_m.pdf
Size:
3.264Mb
Format:
PDF

This item appears in the following Collection(s)

Show simple item record