Enforcement of Security Policy Compliance in Virtual Private Networks
نویسندگان
چکیده
Virtual Private Networks (VPNs) enable an organization’s members to telecommute from home or while traveling. Although members may use computers that are shared, borrowed, or rented from others to connect to a VPN, VPN protocols, such as IPsec, typically do not authenticate the configuration of users’ computers. If a computer used for VPN access is compromised, an attacker can exploit it to gain unauthorized access. We propose the use of attestations to overcome this vulnerability. An attestation is a disclosure of a computer’s configuration, signed by a secure coprocessor. We contribute protocol enhancements that enable attestation to be combined with IPsec, such that only an organization’s members that use uncompromised computers can gain and maintain access to the organization’s VPN. Experiments demonstrate the efficacy and efficiency of our solution.
منابع مشابه
Virtual Private Services: Coordinated Policy Enforcement for Distributed Applications
Large scale distributed applications combine network access with multiple storage and computational elements. The distributed responsibility for resource control creates new security issues, caused by the complexity of the operating environment. In particular, policies at multiple layers and locations force conventional mechanisms such as firewalls and compartmented file storage into roles wher...
متن کاملDesign and Implementation of Virtual Private Services
Large scale distributed applications such as electronic commerce and online marketplaces (e.g., auction services) combine network access with multiple storage and computational elements. The distributed responsibility for resource control creates new security and privacy issues, caused by the complexity of the operating environment. In particular, policies at multiple layers and locations force...
متن کاملTowards automated security policy enforcement in multi-tenant virtual data centers
Virtual data centers allow the hosting of virtualized infrastructures (networks, storage, machines) that belong to several customers on the same physical infrastructure. Virtualization theoretically provides the capability for sharing the infrastructure among different customers. In reality, however, this is rarely (if ever) done because of security concerns. A major challenge in allaying such ...
متن کاملBehavior-based Attestation of Policy Enforcement among Trusted Virtual Domains
With serious situation of data leakage in many enterprises, sensitive dataflow protection based on Trusted Virtual Domains (TVD) has been gradually paid much attention to. Remote attestation among two or more entities across trusted virtual domains is an important means to ensure sensitive dataflow. According to behavior compliance, this paper proposes a behavior-based attestation of policy enf...
متن کاملConsidering the Coefficient of Relationship between the Students’ Attitude toward Social Networks Policy making with Social Security Feeling
Abstract:This study aims at measuring the relationship between students‟ attitude toward govern-ment‟s virtual social network policy making with social security feeling, in another word, to which extent social security feeling emphasizing on social networks is determined via users‟ attitude toward government‟s media policy making? Analytical-descriptive method including survey is used in ...
متن کامل