View article

We define and demonstrate an approach to securing distributed computation based on a distributed reference monitor that enforces mandatory access control (MAC) policy across machines. Securing distributed computation is difficult because of the asymmetry of trust in different computing environments and the complexity of managing MAC policies across machines, when they are already complex for one machine (eg, Fedora Core 4 SELinux policy). We leverage recent work in three areas as a basis for our solution:(1) remote attestation as a basis to establish mutual acceptance of reference monitoring function;(2) IPsec with MAC labels to ensure the protection and authorization of commands across machines; and (3) virtual machines for isolation and to simplify the MAC policies. We define a distributed computing architecture based on these mechanisms and show how local reference monitor guarantees can be …