MYSEA: The Monterey Security Architecture

Irvine, Cynthia E.; Nguyen, Thuy D.; Shifflett, David J.; Levin, Timothy E.; Khosalim, Jean; Prince, Charles W.; Clark, Paul; Gondree, Mark

doi:10.21236/ada518680

Cited by 5 publications

(8 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Geo-locality has been addressed by several large organizations, such as National Security Agency, ENISA, Department of Defense, Department of Education, and A4Cloud research project. The [14], [16], [18], [20], [21], [23], [26] referred to the geo-locality as as an obligatory part of a federal or local law, whereby in our case we would like to consider it as cross domain (geographical, federal, regional, administrative) issue required for assessing overall assurance. Next to our interest is the observation perspective of a system, where we wanted to investigate if the system was observed from a holistic or a homogeneous perspective.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Towards Continuous Cloud Service Assurance for Critical Infrastructure IT

Hudic

Hecht

Tauber

et al. 2014

2014 International Conference on Future Internet of Things and Cloud

View full text Add to dashboard Cite

The momentum behind Cloud Computing has revolutionized how ICT services are provided, adopted and delivered. Features such as high scalability, fast provisioning, on demand resource availability makes it an attractive proposition for deploying complex and demanding systems. Clouds are also very suitable for deploying systems with unpredictable load patterns including Critical infrastructure services. Though, the major obstacle in hosting Critical infrastructures is often a lack of assurance. The transparency and flexibility offered by the Cloud, abstracts per definition over e.g. data placement, hardware, service migration. This makes it very hard to assure security properties. We present an investigation of assurance approaches, an analysis of their suitability for Critical Infrastructure Services being deployed in the Cloud and presents our approach.

show abstract

Section: Discussionmentioning

confidence: 99%

“…The Monterey Security Architecture [26](MYSEA) 3 is a research project to build a robust enterprise-level architecture that provides multi-domain authentication and security policy enforcement. The MYSEA cloud consists of high-assurance servers and authentication components for security services.…”

Section: ) Myseamentioning

confidence: 99%

Towards Continuous Cloud Service Assurance for Critical Infrastructure IT

Hudic

Hecht

Tauber

et al. 2014

2014 International Conference on Future Internet of Things and Cloud

View full text Add to dashboard Cite

show abstract

“…The combination of mature Linux virtualization stacks, the strong isolation afforded by microkernels, which also reliably encapsulates VMs, and the excellent performance of hardware-supported VMs have led to the use of this architecture in production systems [14]. The requirement of direct access to the Fiasco.OC kernel API required a Linuxbased agent to first gain control of the L4Linux kernel 6 . We will now show that even an application lacking this ability can use the covert channel, albeit with lower bandwidth.…”

Section: L4linux Scenariosmentioning

confidence: 99%

“…But often one considered other tasks, cf. [6]. A more rigorous approach -building systems on small secure kernels -has been long acknowledged both in industry, security agencies, cf.…”

Section: Introductionmentioning

confidence: 99%

Undermining Isolation Through Covert Channels in the Fiasco.OC Microkernel

Peter

Petschick

Vetter

et al. 2015

Lecture Notes in Electrical Engineering

View full text Add to dashboard Cite

Abstract-In the new age of cyberwars, system designers have come to recognize the merits of building critical systems on top of small kernels for their ability to provide strong isolation at system level. This is due to the fact that enforceable isolation is the prerequisite for any reasonable security policy. Towards this goal we examine some internals of Fiasco.OC, a microkernel of the prominent L4 family. Despite its recent success in certain highsecurity projects for governmental use, we prove that Fiasco.OC is not suited to ensure strict isolation between components meant to be separated.Unfortunately, in addition to the construction of system-wide denial of service attacks, our identified weaknesses of Fiasco.OC also allow covert channels across security perimeters with high bandwidth. We verified our results in a strong affirmative way through many practical experiments. Indeed, for all potential use cases of Fiasco.OC we implemented a full-fledged system on its respective archetypical hardware: Desktop server/workstation on AMD64 x86 CPU, Tablet on Intel Atom CPU, Smartphone on ARM Cortex A9 CPU. The measured peak channel capacities ranging from ∼13500 bits/s (Cortex-A9 device) to ∼30500 bits/s (desktop system) lay bare the feeble meaningfulness of Fiasco.OC's isolation guarantee. This proves that Fiasco.OC cannot be used as a separation kernel within high-security areas.

show abstract

“…Additionally, the MYSEA system supports a secure unforgeable bidirectional connection, called a trusted path, between the user and the trusted elements of the system. Several aspects of this research provide innovative advances in the state of the art for protecting multiple domains of information and for the management of security policies and security services in support of critical applications (for a discussion of related work, see [8] …”

Section: Introductionmentioning

confidence: 99%