Name
Abstract | ||
|---|---|---|
In today's data processing systems, both the policies protecting stored data and the mechanisms for their enforcement are spread over many software components and configuration files, increasing the risk of policy violation due to bugs, vulnerabilities and misconfigurations. Guardat addresses this problem. Users, developers and administrators specify file protection policies declaratively, concisely and separate from code, and Guardat enforces these policies by mediating I/O in the storage layer. Policy enforcement relies only on the integrity of the Guardat controller and any external policy dependencies. The semantic gap between the storage layer enforcement and per-file policies is bridged using cryptographic attestations from Guardat. We present the design and prototype implementation of Guardat, enforce example policies in a Web server, and show experimentally that its overhead is low. |
Year | DOI | Venue |
|---|---|---|
2015 | 10.1145/2741948.2741958 | EuroSys |
Keywords | Field | DocType |
distributed algorithms,extensibility | Control theory,Computer science,Cryptography,Computer security,Semantic gap,Data processing system,Real-time computing,Distributed algorithm,Enforcement,Component-based software engineering,Web server | Conference |
Citations | PageRank | References |
9 | 0.55 | 35 |
Authors | ||
8 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| A. Vahldiek | 1 | 33 | 3.80 |
| Eslam Elnikety | 2 | 58 | 4.37 |
| Aastha Mehta | 3 | 13 | 1.28 |
| Deepak Garg | 4 | 581 | 45.48 |
| Peter Druschel | 5 | 8715 | 861.36 |
| Rodrigo Rodrigues | 6 | 1049 | 53.56 |
| Johannes Gehrke | 7 | 13362 | 1055.06 |
| Ansley Post | 8 | 596 | 29.59 |