论文信息 - Securing the Network Client

Securing the Network Client

We enumerate and compare a number of security-enabling architectures for network clients. These architectures, either proposed as methodologies or currently implemented in software and/or hardware, are capable of protecting the client’s software integrity and its environment. The most important methodologies include the reference monitor model, firewalls and virtual machines. Software implementations are the Java sandbox and the code signing concept. Hardware that can be used includes smart cards. We describe their most important features and provide a review and comparative study based on a number of criteria. We believe that ongoing research can empower these mechanisms for protecting network clients in a more effective way.

Diomidis Spinellis | Victoria Skoularidou

[1] Santiago Romero Iglesias. VMWare GSX Server , 2001 .

[2] Jerome H. Saltzer,et al. End-to-end arguments in system design , 1984, TOCS.

[3] James P Anderson,et al. Computer Security Technology Planning Study , 1972 .

[4] Edward W. Felten,et al. Hand-Held Computers Can Be Better Smart Cards , 1999, USENIX Security Symposium.

[5] Frank Yellin,et al. The Java Virtual Machine Specification , 1996 .

[6] William Stallings. Network and Internetwork Security: Principles and Practice , 1994 .

[7] Diomidis Spinellis,et al. Addressing Threats and Security Issues in World Wide Web Technology , 1997 .

[8] Elliott I. Organick,et al. The multics system: an examination of its structure , 1972 .

[9] Anup K. Ghosh. E-Commerce Security: Weak Links, Best Defenses , 1998 .

[10] Benedict G. E. Wiedemann. Protection? , 1998, Science.

[11] Anurag Acharya,et al. MAPbox: Using Parameterized Behavior Classes to Confine Untrusted Applications , 2000, USENIX Security Symposium.

[12] Elizabeth D. Zwicky,et al. Building internet firewalls , 1995 .

[13] 王莹. 使用Security—Enhanced Linux增强系统安全 , 2003 .