|
USENIX Technical Program - Abstract - Security Symposium 99
Vaulted VPN: Compartmented Virtual Private Networks On Trusted Operating Systems
Tse-Huong Choo, Hewlett-Packard Laboratories, Bristol, United Kingdom
Abstract
Virtual Private Networks for IPSec based on an
intermediate packet-redirector in network-protocol stacks are becoming increasingly common
for many standard operating systems and represent a well-understood method for
retro-fitting such systems with IPSec support. This report describes how a different
design structured around a Trusted Operating System can offer better security, performance
and robustness. We describe in detail an implementation of an IPSec VPN consisting of a
series of compartmented, concurrently executing IPSec stacks. The motivations and
security-related benefits behind each design decision are discussed. In addition, we show
how a configuration of independent IPSec stacks based on this design can be configured to
execute in parallel for greater performance on single-threaded kernels, and how its design
allows individual component-failures without affecting the system as a whole.
- View the full text of this paper in
HTML form and PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|
Need help? Use our Contacts page.
Technical Program