• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

Finished Projects

Secure Execution Environments

Type-Enforcing Firewalls - Overview

The diagram below describes an example of an enclave (yellow circle) which contains three hosts (rectangles) protected by a fourth which is a DTE Firewall. The diagram also shows two external foreign hosts. All communication links are encrypted. The enclave's security policy specifies three domains, represented by the colors red, blue, and green. In the diagram, each host contains the colors of the domains it supports. The DTE hosts rely on their DTE kernels to support one or more domains. On the other hand, the non-DTE hosts cannot support any DTE mediation whatsoever. When the DTE Firewall deals with processes from these hosts, it assigns each a domain. In this example, the DTE Firewall assigns the green domain to all the processes on both of the diagram's non-DTE hosts.

The enclave's security policy specifies how processes running in different domains are allowed to interact (if at all). The policy displayed here prevents interaction. Thus, the DTE Firewall ensures that green domain processes on one side of the security perimeter may only interact with green domain processes on the other side, and blue domain process may only interact with blue domain processes. The firewall itself only supports the blue and green domains, so it never passes messages from red domain processes through the security perimeter.

By associating domains with foreign non-DTE hosts, DTE Firewalls are able to extend limited trust relationships to hosts outside of their security perimeters. Similarly, two organizations with DTE hosts may agree upon a number of common domains, in order to enable a partnership with limited resource sharing. Neither of these arrangements are possible with traditional firewalls.

When different DTE enclaves wish to communicate, a common security policy segment, or module, must be present or must be introduced into the DTE firewalls and DTE hosts involved. This research is extending DTE to support dynamic policy module loading. The policy-loading process initially will be a manual process; however, the final goal is to provide a Domain and Type Authority service (similar to DNS) that serves registered common policy modules to the DTE firewalls, which then coordinate the communication between the DTE hosts they protect.