Showing papers by "Peter Honeyman published in 1999"

Antigone: a flexible framework for secure group communication

Abstract: Many emerging applications on the Internet requiring group communication have varying security requirements. Significant strides have been made in achieving strong semantics and security guarantees within group environments. However, in existing solutions, the scope of available security policies is often limited. This paper presents Antigone, a framework that provides a suite of mechanisms from which flexible application security policies may be implemented. With Antigone, developers may choose a policy that best addresses their security and performance requirements. We describe the Antigone's mechanisms, consisting of a set of micro-protocols, and show how different security policies can be implemented using those mechanisms. We also present a performance study illustrating the security/performance tradeoffs that can be made using Antigone.

The Packet Vault: Secure Storage of Network Data

Abstract: This paper describes the packet vault, a cryptographically secured archiver of network packet data. The vault captures network packets, encrypts them, and writes them to long-term CD-ROM storage for later analysis and for evidentiary purposes. The cryptographic organization of the vault permits selected traffic to be made available without exposing other traffic.

Smartcard integration with Kerberos V5

Abstract: We describe our design and implementation of smartcard integration with Kerberos V5. Authentication is among the most important applications for smartcards and is one of the critical requirements for computer security. By augmenting Kerberos V5 with tamper-resistant hardware, we enhance the security of Kerberos V5 and offer a potential "killer application" leading to wider adoption of smartcard technology.

SCFS: a UNIX filesystem for smartcards

Abstract: Smartcard software developers suffer from the lack of a standard communication framework between a workstation and a smartcard To address this problem, we extended the UNIX filesystem to provide access to smartcard storage, which enables us to use files in a smartcard as though normal UNIX files, but with the additional security properties inherent to smart-cards

Practical security systems with smartcards

Abstract: Secure hardware is a useful tool for enhancing computer system security. Traditionally, researchers have attempted to build secure operating systems by creating secure hardware and developing on top of it. Our approach is to integrate commodity secure hardware, i.e., smartcards, into existing operating systems. The paper describes three projects aimed at practical secure operating systems based on smartcards: smartcard integration with Kerberos V5, a UNIX file system for smartcards, and Internet Protocol on smartcards. The first two are implemented and indicate satisfactory performance, while the last is under development.

The Linux Scalability Project

Abstract: The Linux Scalability Project is adapting Linux for use in enterprise-scale networking environments. We focus on kernel algorithms and data structures that scale poorly when presented with thousands or tens of thousands of simultaneous service requests. For example, we uncovered a “thundering herd” problem in the accept system call. A few dozen lines of code corrects this behavior to awaken only one, instead of all, waiting threads. This small change improves macro-benchmark performance by over 50% on high-performance hardware. Other examples include improving poll performance, adding read-ahead support for sendfile and mmaped files, and identifying areas of significant kernel SMP lock contention. The project is also implementing an open source, reference implementation of NFSv4, a highly scalable evolution of the popular distributed file system. Building relationships between academia, industry, and open source communities is a primary goal of our effort. While our research-oriented, “cathedral” approach is sometimes at odds with the “bazaar” style of software development prevalent in the Linux community, we find ways to build reputation and influence among Linux kernel developers and the growing Linux commercial sector.