Protected data paths: delivering sensitive data via untrusted proxies

The ability to share sensitive information is a key necessity for today's distributed enterprise applications. This paper presents a kernel-level mechanism for controlling the exchanges of sensitive data, termed Protected Data Paths. The mechanism permits only machines with suitable credentials to cache and manipulate protected data, and it gives protection domains access to such data only as per their rights specified in the capabilities they possess. Our implementation of Protected Data Paths in Linux operates by creating protected communication channels between participating machines. Path establishment requires such machines' kernel domains to have suitable credentials. Data transferred via such paths is made available to application-level domains only as per their current data access capabilities, guaranteed by kernellevel supervision of such data accesses.

[1]  Karsten Schwan,et al.  Differential data protection for dynamic distributed applications , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[2]  Daniela Rosu,et al.  An evaluation of TCP splice benefits in web proxy servers , 2002, WWW.

[3]  Greg Eisenhauer The ECho Event Delivery System , 1999 .

[4]  Oskari Saarenmaa,et al.  SSH File Transfer Protocol , 2006 .

[5]  Ian T. Foster,et al.  A security architecture for computational grids , 1998, CCS '98.

[6]  권태경,et al.  SSL Protocol 기반의 서버인증 , 2003 .

[7]  William E. Johnston,et al.  Certificate-based Access Control for Widely Distributed Resources , 1999, USENIX Security Symposium.

[8]  Peter B. Danzig,et al.  A Hierarchical Internet Object Cache , 1996, USENIX ATC.

[9]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[10]  Karsten Schwan,et al.  KStreams: kernel support for efficient data streaming in proxy servers , 2005, NOSSDAV '05.

[11]  Karsten Schwan,et al.  A middleware toolkit for client-initiated service specialization , 2001, OPSR.

[12]  Patrick M. Widener Dynamic Differential Data Protection for High-Performance and Pervasive Applications , 2005 .

[13]  David A. Maltz,et al.  TCP Splice for application layer proxy performance , 1999, J. High Speed Networks.

[14]  David Jefferson,et al.  Protection in the Hydra Operating System , 1975, SOSP.

[15]  Thomas Y. C. Woo,et al.  Authentication for distributed systems , 1997, Computer.

[16]  Marty Humphrey,et al.  Toward Realizable Restricted Delegation in Computational Grids , 2001, HPCN Europe.

[17]  B. Lampson,et al.  Authentication in distributed systems: theory and practice , 1991, TOCS.

[18]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[19]  Ari Luotonen Tunneling TCP based protocols through Web proxy servers , 1998 .

[20]  Karsten Schwan,et al.  Kernel Plugins: When a VM Is Too Much , 2004, Virtual Machine Research and Technology Symposium.

[21]  David Mazières,et al.  Decentralized user authentication in a global file system , 2003, SOSP '03.