Verifying Compliance of Trusted Programs (2009)
Ra Rueda, Dave King, Trent Jaeger
In this paper, we present an approach for verifying that trusted programs correctly enforce system security goals when deployed. A trusted program is trusted to only perform safe operations despite...
PinUP: Pinning User Files to Known Applications (2009)
William Enck, Patrick Mcdaniel, Trent Jaeger
Users commonly download, patch, and use applications such as email clients, office applications, and media-players from the Internet. Such applications are run with the user’s full permissions....
The Pennyslvania State University (2009)
Dave King, Trent Jaeger, Somesh Jha, Sanjit A. Seshia
Programs trusted with secure information should not release that information in ways contrary to system policy. However, when a program contains an illegal flow of information, current...
Abstract High-Performance Caching With The Lava Hit-Server (2009)
Jochen Liedtke, Vsevolod Panteleenko, Trent Jaeger, Nayeem Islam
With the development of new client-server computing models, such as thin clients and network computers, the performance of servers becomes a bottleneck. In these models, servers support a large...
Password Exhaustion: Predicting the End of Password Usefulness (2009)
Luke St. Clair, Lisa Johansen, William Enck, Matthew Pirretti, Patrick Traynor, Patrick Mcdaniel, ...
Abstract. Passwords are currently the dominant authentication mechanism in computing systems. However, users are unwilling or unable to retain passwords with a large amount of entropy. This reality...
Integrating SELinux with Security-typed Languages (2009)
Boniface Hicks, Ra Rueda, Trent Jaeger, Patrick Mcdaniel
Traditionally, operating systems have enforced MAC and information flow policies with minimal dependence on application programs. However, there are many cases where systems depend on user-level...
ABSTRACT Protecting Users From “Themselves” (2008)
William Enck, Ra Rueda, Joshua Schiffman, Yogesh Sreenivasan, Luke St. Clair, Trent Jaeger, ...
Computer usage and threat models have changed drastically since the advent of access control systems in the 1960s. Instead of multiple users sharing a single file system, each user has many devices...
Maintaining the Correctness of the Linux Security Modules Framework Abstract (2008)
Trent Jaeger, Xiaolan Zhang, Antony Edwards
In this paper, we present an approach, supported by software tools, for maintaining the correctness of the Linux Security Modules (LSM) framework (the LSM community is aiming for inclusion in Linux...
Establishing and Sustaining System Integrity via Root of Trust Installation (2008)
Luke St. Clair, Joshua Schiffman, Trent Jaeger, Patrick Mcdaniel
Integrity measurements provide a means by which distributed systems can assess the trustability of potentially compromised remote hosts. However, current measurement techniques simply assert the...
Abstract Building Systems That Flexibly Control Downloaded Executable Content (2008)
Trent Jaeger, Atul Prakash, Aviel D. Rubin, Trent Jaegery, Aviel D. Rubinz, Atul Prakashy
Downloading executable content, which enables principals to run programs from remote sites, is a key technology in a number of emerging applications, including collaborative systems, electronic...
Jonathan Mccune, Ramón Cáceres, Trent Jaeger, Reiner Sailer
Security issues with distributed computing 2 � Mutually distrustful data center customers – Need isolation guarantees to share machines � Data centers want to share physical machines –...
We propose an integrity measurement approach based on information flow integrity, which we call the Policy-Reduced Integrity Measurement Architecture (PRIMA). The recent availability of secure...
ABSTRACT The Case for Analysis Preserving Language Transformation (2008)
Xiaolan Zhang, Trent Jaeger, Larry Koved, Marco Pistoia
Static analysis has gained much attention over the past few years in applications such as bug finding and program verification. As software becomes more complex and componentized, it is common for...
Integrating SELinux with Security-typed Languages (2008)
Boniface Hicks, Ra Rueda, Trent Jaeger, Patrick Mcdaniel
Recent advances in the area of security-typed languages have enabled the development of realistic applications aware of information flow security. Traditionally, operating systems have enforced MAC...
Password Exhaustion: Predicting the End of Password Usefulness (2008)
Luke St. Clair, Lisa Johansen, William Enck, Matthew Pirretti, Patrick Traynor, Patrick Mcdaniel, ...
Passwords are currently the dominant authentication mechanism in computing systems. However, users are unwilling or unable to retain passwords with a large amount of entropy. This reality is...
ABSTRACT Support for the File System Security Requirements of Computational E-Mail Systems (2008)
Computational e-mail systems, which allow mail mes-sages to contain command scripts that automatically ex-ecute upon receipt, can be used as a basis for building a variety of collaborative...
Vinod Ganapathy, David King, Trent Jaeger, Somesh Jha
This paper presents an approach to statically retrofit legacy servers with mechanisms for authorization policy enforcement. The approach is based upon the observation that security-sensitive...
1 Introduction Synchronous IPC over Transparent Monitors (2008)
Trent Jaeger, Jonathon E. Tidswell, Alain Gefflaut, Yoonho Park, Jochen Liedtke, Kevin Elphinstone
Towards Automated Authorization Policy Enforcement (2008)
Vinod Ganapathy, Trent Jaeger, Somesh Jha
In systems with shared resources, authorization policy enforcement ensures that these resources are accessible only to users who are allowed to do so. Recently, there is growing interest to (i)...
We present a framework that represents and adapts the organization coordination knowledge of autonomous agent systems. Organization coordination knowledge represents long-term knowledge about problem...
Trent Jaeger, Vinod Ganapathy, Somesh Jha
� Authorization policies and their enforcement � Three concepts: � Subjects (e.g., users, processes) � Objects (e.g., system resources) � Security-sensitive operations on objects. �...
1 Introduction Synchronous IPC over Transparent Monitors (2008)
Trent Jaeger, Jonathon E. Tidswell, Alain Gefflaut, Yoonho Park, Jochen Liedtke, Kevin Elphinstone
Normally, domain-independent methods, such as structure charts, data ow diagrams, and entityrelationship diagrams, are used to model the requirements of a business. We propose a model, called...
Abstract High-Performance Caching With The Lava Hit-Server (2008)
Jochen Liedtke, Vsevolod Panteleenko, Trent Jaeger, Nayeem Islam
With the development of new client-server computing models, such as thin clients and network computers, the performance of servers becomes a bottleneck. In these models, servers support a large...
Abstract High-Performance Caching With The Lava Hit-Server (2007)
Jochen Liedtke, Jochen Liedtke, Vsevolod Panteleenko, Vsevolod Panteleenko, Trent Jaeger, Trent Jaeger, ...
With the development of new client-server computing models, such as thin clients and network computers, the performance of servers becomes a bottleneck. In these models, servers support a large...
Preventing Denial-of-Service Attacks on a µ-Kernel for WebOSes (2007)
Jochen Liedtke, Nayeem Islam, Trent Jaeger
A goal of World-wide Web operating systems (WebOSes) is to enable clients to download executable content from servers connected to the World-wide Web (WWW). This will make applications more easily...
Irreproducible Benchmarks Might Be Sometimes Helpful (2007)
Jochen Liedtke Nayeem, Jochen Liedtke, Nayeem Islam, Trent Jaeger, Vsevolod Panteleenko, Yoonho Park
es us first hints to guide our research; however, it needs to be substantiated by understanding (2,3), a typical method of science. Without this understanding, benchmarks can be useless because they...
6> 1994 General Motors -- Manufacturing Information Systems Warren, MI Summer Intern: Developed a constraint-based system that automatically adapts the organization coordination knowledge of an...
We present a framework that represents and adapts the organization coordination knowledge of autonomous agent systems. Organization coordination knowledge represents long-term knowledge about problem...
Normally, domain-independent methods, such as structure charts, data flow diagrams, and entityrelationship diagrams, are used to model the requirements of a business. We propose a model, called...
From trusted to secure: Building and executing applications that enforce system security (2007)
Boniface Hicks, Ra Rueda, Trent Jaeger, Patrick Mcdaniel
Commercial operating systems have recently introduced mandatory access controls (MAC) that can be used to ensure system-wide data confidentiality and integrity. These protections rely on restricting...
A Logical Specification and Analysis for SELinux MLS (2007)
Boniface Hicks, Sandra Rueda, Luke St. Clair, Trent Jaeger, Patrick Mcdaniel
The SELinux mandatory access control (MAC) policy has recently added a multi-level security (MLS) model which is able to express a fine granularity of control over a subject's access rights. The...
Integrating SELinux with Security-typed Languages (2007)
Boniface Hicks, Sandra Rueda, Trent Jaeger, Patrick Mcdaniel
Traditionally, operating systems have enforced MAC and information flow policies with minimal dependence on application programs. However, there are many cases where systems depend on user-level...
Deuterium: A system for distributed mandatory access control (2006)
Jonathan M. Mccune, Trent Jaeger, Stefan Berger, Ramón Cáceres, Reiner Sailer
We define and demonstrate an approach to securing distributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control (MAC) policies across a distributed set...
Shame on Trust in Distributed Systems (2006)
Trent Jaeger, Patrick Mcdaniel, Luke St. Clair
Approaches for building secure, distributed systems have fundamental limitations that prevent the construction of dynamic, Internet-scale systems. In this paper, we propose a concept of a shared...
Shame on Trust in Distributed Systems (2006)
Trent Jaeger, Patrick Mcdaniel, Luke St. Clair
Approaches for building secure, distributed systems have fundamental limitations that prevent the construction of dynamic, Internet-scale systems. In this paper, we propose a concept of a shared...
Retrofitting legacy code for authorization policy enforcement (2006)
Vinod Ganapathy, Trent Jaeger, Somesh Jha
Researchers have long argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of...
Retrofitting legacy code for authorization policy enforcement (2006)
Vinod Ganapathy, Trent Jaeger, Somesh Jha
Researchers have argued that the best way to construct a secure system is to proactively integrate security into the design of the system. However, this tenet is rarely followed because of economic...
Shame on Trust in Distributed Systems (2006)
Trent Jaeger, Patrick Mcdaniel, Luke St. Clair
Approaches for building secure, distributed systems have fundamental limitations that prevent the construction of dynamic, Internet-scale systems. In this paper, we propose a concept of a shared...
Prima: policy-reduced integrity measurement architecture (2006)
Umesh Shankar, Trent Jaeger, Trent Jaeger, Reiner Sailer, Reiner Sailer
LIMITED DISTRIBUTION NOTICE: This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. Ithas been issued as a Research Report for...
Shame on Trust in Distributed Systems (2006)
Trent Jaeger, Patrick Mcdaniel, Luke St. Clair
Approaches for building secure, distributed systems have fundamental limitations that prevent the construction of dynamic, Internet-scale systems. In this paper, we propose a concept of a shared...
sHype: Secure Hypervisor Approach to Trusted Virtualized Systems (2005)
Reiner Sailer, Enriquillo Valdez, Trent Jaeger, Ronald Perez, Leendert Van Doorn, John Linwood Griffin, ...
been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be...
Building a MAC-based Security Architecture for the Xen (2005)
Opensource Hypervisor, Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ronald Perez, Stefan Berger, ...
been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be...
Building a MAC-based security architecture for the Xen opensource hypervisor (2005)
Reiner Sailer, Trent Jaeger, Enriquillo Valdez, Ramón Cáceres, Ronald Perez, Stefan Berger, ...
We present the sHype hypervisor security architecture and examine in detail its mandatory access control facilities. While existing hypervisor security approaches aiming at high assurance have been...
Trusted Virtual Domains: Toward secure distributed services (2005)
John Linwood Griffin, Trent Jaeger, Ronald Perez, Reiner Sailer, Leendert Van Doorn, Ramón Cáceres
The focus of trusted computing efforts to date has been to create islands of trust in a sea of distrust, identifying these islands as dependable domains with a solid base that can be used for...
Integrity Measurement Architecture (2004)
Reiner Sailer, Xiaolan Zhang, Trent Jaeger, Leendert Van Doorn
Rights to individual papers remain with the author or the author's employer. Permission is granted for noncommercial reproduction of the work for educational or research purposes. This copyright...
Attestation-based Policy Enforcement for Remote Access (2004)
Reiner Sailer, Trent Jaeger, Xiaolan Zhang, Leendert Van Doorn
Intranet access has become an essential function for corporate users. At the same time, corporation’s security administrators have little ability to control access to corporate data once it is...
Integrity Measurement Architecture (2004)
Reiner Sailer, Xiaolan Zhang, Trent Jaeger, Leendert Van Doorn, Reiner Sailer, Xiaolan Zhang, ...
been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be...
Secure coprocessor-based intrusion detection (2002)
Xiaolan Zhang, Leendert Doorn, Trent Jaeger, Ronald Perez, Reiner Sailer
The SawMill framework for virtual memory diversity (2001)
Mohit Aron, Jochen Liedtke, Kevin Elphinstone, Yoonho Park, Trent Jaeger, Luke Deller
We present a framework that allows applications to build and customize VM services on the L4 microkernel. While the L4 microkernel's abstractions are quite powerful, using these abstractions...
The sawmill multiserver approach (2000)
Alain Gefflaut, Trent Jaeger, Yoonho Park, Jochen Liedtke, Kevin Elphinstone, Volkmar Uhlig, ...
Synchronous IPC over transparent monitors (2000)
Trent Jaeger, Jonathon E. Tidswell, Yoonho Park, Kevin J. Elphinstone, Jochen Liedtke
Interprocess (IPC) monitoring enables the examination of any IPC between a source and a destination.
The sawmill multiserver approach (2000)
Trent Jaeger, Yoonho Park, Jochen Liedtke, Kevin J. Elphinstone, Volkmar Uhlig, Jonathon E. Tidswell
y
The sawmill multiserver approach (2000)
Alain Gefflaut, Trent Jaeger, Yoonho Park, Jochen Liedtke, Kevin Elphinstone, Volkmar Uhlig, ...
y Lars Reuther z
Synchronous IPC over transparent monitors (2000)
Trent Jaeger, Jonathon E. Tidswell, Alain Gefflaut, Yoonho Park, Jochen Liedtke, Kevin Elphinstone
Interprocess (IPC) monitoring enables the examination of any IPC between a source and a destination. IPC monitoring is useful for a variety of purposes, including debugging,
Flexible access control using IPC redirection (1999)
Trent Jaeger, Kevin Elphinstone, Jochen Liedtke, Vsevolod Panteleenko, Yoonho Park
We present a mechanism for inter-process communication (IPC) redirection that enables efficient and flexible access control for micro-kernel systems. In such systems, services are implemented at...
Flexible control of downloaded executable content (1999)
We present a security architecture that enables system and application access control requirements to be enforced on applications composed from downloaded executable content. Downloaded executable...
Flexible Control of Downloaded Executable Content (1999)
Trent Jaeger, Atul Prakash, Jochen Liedtke, Nayeem Islam
this paper, we define an access control model with the following properties: (1) system administrators can define system access control requirements on applications and (2) application developers can...
The SawMill Framework for Virtual Memory Diversity (1999)
Mohit Aron, Jochen Liedtke, Kevin Elphinstone, Yoonho Park, Trent Jaeger, ...
We present a framework that allows applications to build and customize VM services on the L4 microkernel. While the L4 microkernel's abstractions are quite powerful, using these abstractions...
Flexible access control using IPC redirection (1999)
Trent Jaeger, Kevin Elphinstone, Jochen Liedtke, Vsevolod Panteleenko, Yoonho Park
We present a mechanism for inter-process communication (IPC) redirection that enables efficient and flexible access control for micro-kernel systems. In such systems, services are implemented at...
Jochen Liedtke, Nayeem Islam, Trent Jaeger, Vsevolod Panteleenkoyoonho Park, Thomas J
+ ma-chines; 10,000 + are typical for medium-sized or-ganizations like a university or a bank. Current network technology is so ubiqitious and so powerfulthat we increasingly use these crowds of...
Security architecture for component-based operating systems (1998)
Trent Jaeger, Jochen Liedtke, Vsevolod Panteleenko, Yoonho Park
(email: fjaegert,jochen,vvp,yoonho,nayeemg @ watson.ibm.com) We present a security architecture that system administrators, users, and application developers can use to
Security architecture for component-based operating systems (1998)
Trent Jaeger, Jochen Liedtke, Vsevolod Panteleenko, Yoonho Parknayeem Islam
Jochen Liedtke, Nayeem Islam, Trent Jaeger, Vsevolod Panteleenko, Yoonho Park
There are 100+ million computers in the world. Even smaller organizations have easily 100+ machines; 10,000+ are typical for medium-sized organizations like a university or a bank. Current network...
Security architecture for component-based operating systems (1998)
Trent Jaeger, Jochen Liedtke, Vsevolod Panteleenko, Yoonho Parknayeem Islam
Irreproducible benchmarks might be sometimes useful (1998)
Jochen Liedtke, Nayeem Islam, Trent Jaeger, Vsevolod Panteleenko
Historically, benchmarks have been used for commercial purposes. A customer develops or selects a benchmark that generates a load that is considered to be typical for her/his applications. The...
Operating System Protection for Fine-Grained Programs (1998)
Trent Jaeger, Jochen Liedtke, Nayeem Islam
We present an operating system-level security model for controlling ne-grained programs, such asdownloaded executable content, and compare this security model's implementation to that of...
Jochen Liedtke, Volkmar Uhlig, Kevin Elphinstone, Trent Jaeger, Yoonho Park
You can read it as a paper that treats a concrete problem motivated in Section 1: How can we permit untrusted user processes to pin their virtual pages in memory most flexibly and as unlimited as...
Operating System Protection for Fine-Grained Programs (1998)
Trent Jaeger, Trent Jaeger, Jochen Liedtke, Jochen Liedtke, Nayeem Islam, Nayeem Islam
We present an operating system-level security model for controlling #ne-grained programs, suchasdownloaded executable content, and compare this security model's implementation to that of...
Security architecture for component-based operating systems (1998)
Trent Jaeger, Jochen Liedtke, Vsevolod Panteleenko, Yoonho Park
We present a security architecture that system administrators, users, and application developers can use to compose secure systems from components. There are
Jochen Liedtke, Volkmar Uhlig, Kevin Elphinstone, Trent Jaeger, Yoonho Park
this paper.
High-Performance Caching With The Lava Hit-Server (1998)
Jochen Liedtke Vsevolod, Jochen Liedtke, Vsevolod Panteleenko, Trent Jaeger, Nayeem Islam
USENIX 1998 Annual Technical Conference, June 15--19, 1998 in New Orleans, Lousiana With the development of new client-server computing models, such as thin clients and network computers, the...
High-Performance Caching With The Lava Hit-Server (1998)
Jochen Liedtke, Vsevolod Panteleenko, Trent Jaeger, Nayeem Islam
With the development of new client-server computing models, such as thin clients and network computers, the performance of servers becomes a bottleneck. In these models, servers support a large...
Irreproducible benchmarks might be sometimes useful (1998)
Jochen Liedtke, Nayeem Islam, Trent Jaeger, Vsevolod Panteleenko
Historically, benchmarks have been used for commercial purposes. A customer develops or selects a benchmark that generates a load that is considered to be typical for her/his applications. The...
Operating System Protection for Fine-Grained Programs (1998)
Trent Jaeger, Jochen Liedtke, Nayeem Islam
We present an operating system-level security model for controlling ne-grained programs, such asdownloaded executable content, and compare this security model's implementation to that of...
Jochen Liedtke, Volkmar Uhlig, Kevin Elphinstone, Trent Jaeger, Yoonho Park
You can read it as a paper that treats a concrete problem motivated in Section 1: How can we permit untrusted user processes to pin their virtual pages in memory most flexibly and as unlimited as...
Jochen Liedtke, Nayeem Islam, Trent Jaeger, Vsevolod Panteleenkoyoonho Park, Thomas J
+ ma-chines; 10,000 + are typical for medium-sized or-ganizations like a university or a bank. Current network technology is so ubiqitious and so powerfulthat we increasingly use these crowds of...
Security architecture for component-based operating systems (1998)
Trent Jaeger, Jochen Liedtke, Vsevolod Panteleenko, Yoonho Park
(email: fjaegert,jochen,vvp,yoonho,nayeemg @ watson.ibm.com) We present a security architecture that system administrators, users, and application developers can use to
Jochen Liedtke, Nayeem Islam, Trent Jaeger, Vsevolod Panteleenko, Yoonho Park
There are 100+ million computers in the world. Even smaller organizations have easily 100+ machines; 10,000+ are typical for medium-sized organizations like a university or a bank. Current network...
Achieved IPC Performance (Still The Foundation For Extensibility) (1997)
Jochen Liedtke, Kevin Elphinstone, Sebastian Schönberg, Hermann Härtig, Gernot Heiser, Nayeem Islam, ...
6th Workshop on Hot Topics in Operating Systems (HotOS) May 5-6, 1997, Chatham (Cape Code), Massachusetts Extensibility can be based on cross-address-space communication or on grafting...
Achieved IPC Performance (Still the Foundation for Efficiency) (1997)
Liedtke, Jochen, Schonberg, Sebastian, Hartig, Hermann, Islam, Nayeem, ...
Extensibility can be based on cross-address-space communication or on grafting application-specific modules into the operating system. For comparing both approaches, we need to explore the best...
Supporting Multi-User, Multi-Applet Workspaces in CBE (1996)
Jang Ho Lee, Atul Prakash, Trent Jaeger, Gwobaw Wu
Our experience with Internet-based scientific collaboratories indicates that they need to be user-extensible, allow users to add tools and objects dynamically to shared workspaces, permit users to...
Preserving integrity in remote file location and retrieval (1996)
We present a service for locating and retrieving files from an untrusted network such that the integrity of the retrieved files can be verified. This service enables groups of people in...
Building Systems that Flexibly Control Downloaded Executable Context (1996)
Trent Jaeger, Atul Prakash, Aviel D. Rubin, Trent Jaegery, Aviel D. Rubinz, Atul Prakashy
Downloading executable content, which enables principals to run programs from remote sites, is a key technology in a number of emerging applications, including collaborative systems, electronic...
We present a service for locating and retrieving files from an untrusted network such that the integrity of the retrieved files can be verified. This service enables groups of people in...
Supporting Multi-User, Multi-Applet Workspaces in CBE (1996)
Jang Ho, Atul Prakash, Trent Jaeger, Gwobaw Wu
Our experience with Internet-based scientific collaboratories indicates that they need to be user-extensible, allow users to add tools and objects dynamically to shared workspaces, permit users to...
Supporting Multi-User, Multi-Applet Workspaces in CBE (1996)
Jang Ho Lee, Atul Prakash, Trent Jaeger, Gwobaw Wu
Our experience with Internet-based scientific collaboratories indicates that they need be user-extensible, allow users to add tools and objects dynamically to shared workspaces, permit users to move...
We present a service for locating and retrieving files from an untrusted network such that the integrity of the retrieved files can be verified. This service enables groups of people in...
Preserving Integrity in Remote File Location and Retrieval (1996)
We present a service for locating and retrieving files from an untrusted network such that the integrity of the retrieved files can be verified. This service enables groups of people in...
Requirements of Role-based Access Control for Collaborative Systems (1995)
In many collaborative systems, users can trigger the execution of commands in a process owned by another user. Unless the access rights of such processes are limited, any user in the collaboration...
Implementation of a Discretionary Access Control Model for Script-based Systems (1995)
Powerful applications can be implemented using command scripts. A command script is a program written by one user, called a writer, and made available to another user, called the reader, who executes...
Management and Utilization of Knowledge for the Automatic ImprovementofWorkflow Performance (1995)
We present a framework that enables reengineers to build a base of performance improvement knowledge that can be used to automatically improve workflow performance. Automatic improvement of workflow...
A Framework for Automatic Improvement of Workflows to Meet Performance Goals (1994)
Trent Jaeger, Atul Prakash, Masayuki Ishikawa
Business performance improvement is arguably the most important factor in the development or reengineering of a business information system. We present a framework that, given a model of a business...
Support for the File System Security Requirements of Computational E-Mail Systems (1994)
Computational e-mail systems, which allow mail messages to contain command scripts that automatically execute upon receipt, can be used as a basis for building a variety of collaborative...