SNP: An Interface for Secure Network Programming
Thomas Y.C. Woo, Raghuram Bindignavle, Shaowen Su and Simon S. Lam
Department of Computer Sciences
The University of Texas at Austin
Austin, Texas 78712-1188
Abstract
SNP provides a high-level abstraction for secure end-to-end network
communications. It supports both stream and datagram semantics with
security guarantees (e.g., data origin authenticity, data integrity
and data con#dentiality). It is designed to resemble the Berkeley
sockets interface so that security can be easily retro#tted into
existing socket programs with only minor modi#cations. SNP is built
on top of GSS-API, thus making it relatively portable across different
authentication mechanisms conforming to GSS-API. SNP hides the
details of GSS-API (e.g., credentials and contexts management), the
communication sublayer as well as the cryptographic sublayer from the
application programmers. It also encapsulates security sensitive
information, thus preventing accidental or intentional disclosure by
an application program.
Download the full text of this paper in
ASCII (87,946 bytes) and
POSTSCRIPT (214,438 bytes) form.
To Become a USENIX Member, please see our
Membership Information.