CT-IS: Shamon: Systems Approaches for Constructing Distributed Trust

CT-IS：Shamon：构建分布式信任的系统方法

• 批准号: 0627551
• 负责人: Trent Jaeger
• 金额: $ 40万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2006
• 资助国家: 美国
• 起止时间: 2006-09-01 至 2010-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0627551&HistoricalAwards=false
• 关键词: CT; Shamon; Systems; Approaches; Constructing

Existing distributed authorization systems focus on the formulation ofpolicy, but enforcement remains a per-host issue. Failure of anycomponent to faithfully enforce policy can lead to vulnerabilities,and in the extreme, renders authorization impotent. Without greaterassurance in the integrity of authorization enforcement, that scalesto Internet-wide applications, reliable, distributed authorizationcannot be built.The Shared Reference Monitor (Shamon) project leverages advances inintegrity measurement and virtual machines to compose a coherentauthorization system for distributed applications. A Shamon consistsof a set of reference monitors on multiple, physical machines that areintegrity-verified to enforce a consistent security policy acrossvirtual machines that define an application. The use of virtualmachines provides coarse-grained isolation that simplifies securitypolicy for large-scale distributed systems, and the integritymeasurement ensures that each member of the Shamon can verify that theothers are enforcing this policy.The Shamon project focuses on building the services tocompose and maintain such shared reference monitors. First, alogic-based approach is defined that enables composition of trust inthe enforcement of a consistent policy by the Shamon referencemonitors. Such trust composition will be robust in the presence ofsystem dynamics including the joining, leaving and migration ofvirtual machines. Second, the Xen hypervisor system is augmented withthese trust composition services. In this way, monitored applicationswill only communicate with systems whose regulation is consistent withits Shamon policy.

现有的分布式授权系统侧重于策略的制定，但执行仍然是每个主机的问题。 任何组件未能忠实地执行策略都可能导致漏洞，并且在极端情况下，会导致授权无能为力。 如果不能更好地保证授权执行的完整性（扩展到互联网范围内的应用程序），就无法构建可靠的分布式授权。共享参考监视器（Shamon）项目利用完整性测量和虚拟机方面的进步来为分布式应用程序构建一致的授权系统。 Shamon 由多台物理计算机上的一组参考监视器组成，这些监视器经过完整性验证，可在定义应用程序的虚拟机上强制执行一致的安全策略。 虚拟机的使用提供了粗粒度的隔离，简化了大规模分布式系统的安全策略，完整性测量确保 Shamon 的每个成员都可以验证其他成员是否正在执行此策略。 Shamon 项目专注于构建服务来组成和维护此类共享引用监视器。 首先，定义了基于逻辑的方法，该方法能够在 Shamon 参考监视器执行一致策略时建立信任组合。 这种信任组合在存在系统动态（包括虚拟机的加入、离开和迁移）的情况下将是稳健的。 其次，Xen 管理程序系统通过这些信任组合服务得到增强。 这样，受监控的应用程序将仅与其监管与其 Shamon 策略一致的系统进行通信。