- MinimaLT, previously noted
An annotated computer systems security bibliography; Jon A. Solworth, editor (broken link 2013-07-11)
W. Michael Petullo; Rethinking Operating System Interfaces to Support Robust Network Applications; Ph.D. Dissertation; University of Illinois, Chicago; 2013; 260 pages.
This dissertation describes the network programming environment provided by Ethos, an operating system designed for security. Often, the interfaces provided by existing systems are very low-level. Experience shows that programmers on these systems have difficulty managing the resulting complexity when writing network applications. They must implement or integrate their own key isolation, encryption, authentication protocols, and authorization policies. Administrators must configure the same, often independently for each application. Ethos eases the burden on application programmers and system administrators by providing more abstract interfaces and reducing code duplication. Instead of relying on applications to protect secret keys, Ethos keeps them in kernel space and allows their indirect use by applications through cryptographic system calls (e.g., sign). Ethos encrypts all network traffic and performs network authentication at the system level. Moving these protections to the operating system kernel allows Ethos to provide more informed access control, reducing the need for application-internal controls. Thus Ethos provides a number of security properties unavailable in other systems. In many cases, Ethos application developers can write robust applications with zero lines of application-specic security code. Likewise, administrators do not need to learn application-specific configuration options. Instead, the majority of their work uses system-wide mechanisms, affecting all applications individually and the system in aggregate. Many of the protections provided by Ethos sound straightforward to implement. However, we shall show that the system design that makes them possible is highly interconnected and not entirely self-evident. For example, how can Ethos authenticate at the system level when it is impossible for a system administrator to know every user that may be encountered on the Internet? In other cases, our design decisions became feasible only recently due to developments in hardware. Our hope is that our design appears clean, concise, and possibly — in retrospect — somewhat obvious.
W. Michael Petullo, Xu Zhang, Jon A. Solworth, Daniel J. Bernstein, Tanja Lange; MinimaLT: Minimal-Latency Networking Through Better Security; In Some Conference; 2013; 13 pages.
Minimal Latency Tunneling (MinimaLT) is a new network protocol that provides ubiquitous encryption for maximal confidentiality, including protecting packet headers. MinimaLT provides server and user authentication, extensive Denial-of-Service protections, and IP mobility while approaching perfect forward secrecy. We describe the protocol, demonstrate its performance relative to TLS and unencrypted TCP/IP, and analyze its protections, including its resilience against DoS attacks. By exploiting the properties of its cryptographic protections, MinimaLT is able to eliminate three-way handshakes and thus create connections faster than unencrypted TCP/IP.
W. Michael Petullo, Jon A Solworth; Poster: Rethinking Operating System Interfaces to Support Robust Applications; In IEEE Security Something Something; 2012; poster; 2 pages.
In current systems, application developers must provide substantial security-critical code — including code to handle authentication — in their applications. The result is that application flaws often undermine system security. We are building Ethos, an Operating System (OS) that leverages the kernel’s complete mediation property to guarantee more security protections—including network encryption and authentication—across all applications. Here we provide an overview of Ethos and a subset of its system call interface.
Via: backfill, backfill