Managing application whitelists in trusted distributed systems
Many distributed batch systems, such as computational grids, require a level of integrity protection to guarantee the proper execution of a job or workflow. One way of achieving this, implicit in many trusted computing proposals, is to use application whitelisting to prevent unknown and untrusted ap...
Main Authors: | , , , |
---|---|
Format: | Journal article |
Published: |
2010
|
_version_ | 1797088978221924352 |
---|---|
author | Huh, J Lyle, J Namiluko, C Martin, A |
author_facet | Huh, J Lyle, J Namiluko, C Martin, A |
author_sort | Huh, J |
collection | OXFORD |
description | Many distributed batch systems, such as computational grids, require a level of integrity protection to guarantee the proper execution of a job or workflow. One way of achieving this, implicit in many trusted computing proposals, is to use application whitelisting to prevent unknown and untrusted applications from being executed on remote services. However, this approach has significant shortcomings across multiple administrative domains, as conflicts between locally-managed whitelists will result in many useful services appearing untrustworthy to users. This has the potential to limit availability and prevent trusted distributed systems from ever being successfully deployed. We propose a set of requirements for a system which will manage these conflicts, and provide a mechanism for updating application whitelists that will increase service availability and trustworthiness. We also suggest and specify a set of components, including a centralised configuration manager, which will meet these requirements. |
first_indexed | 2024-03-07T02:57:51Z |
format | Journal article |
id | oxford-uuid:afef19dd-ddb0-4a3c-80cb-53a616082c1a |
institution | University of Oxford |
last_indexed | 2024-03-07T02:57:51Z |
publishDate | 2010 |
record_format | dspace |
spelling | oxford-uuid:afef19dd-ddb0-4a3c-80cb-53a616082c1a2022-03-27T03:52:51ZManaging application whitelists in trusted distributed systemsJournal articlehttp://purl.org/coar/resource_type/c_dcae04bcuuid:afef19dd-ddb0-4a3c-80cb-53a616082c1aDepartment of Computer Science2010Huh, JLyle, JNamiluko, CMartin, AMany distributed batch systems, such as computational grids, require a level of integrity protection to guarantee the proper execution of a job or workflow. One way of achieving this, implicit in many trusted computing proposals, is to use application whitelisting to prevent unknown and untrusted applications from being executed on remote services. However, this approach has significant shortcomings across multiple administrative domains, as conflicts between locally-managed whitelists will result in many useful services appearing untrustworthy to users. This has the potential to limit availability and prevent trusted distributed systems from ever being successfully deployed. We propose a set of requirements for a system which will manage these conflicts, and provide a mechanism for updating application whitelists that will increase service availability and trustworthiness. We also suggest and specify a set of components, including a centralised configuration manager, which will meet these requirements. |
spellingShingle | Huh, J Lyle, J Namiluko, C Martin, A Managing application whitelists in trusted distributed systems |
title | Managing application whitelists in trusted distributed systems |
title_full | Managing application whitelists in trusted distributed systems |
title_fullStr | Managing application whitelists in trusted distributed systems |
title_full_unstemmed | Managing application whitelists in trusted distributed systems |
title_short | Managing application whitelists in trusted distributed systems |
title_sort | managing application whitelists in trusted distributed systems |
work_keys_str_mv | AT huhj managingapplicationwhitelistsintrusteddistributedsystems AT lylej managingapplicationwhitelistsintrusteddistributedsystems AT namilukoc managingapplicationwhitelistsintrusteddistributedsystems AT martina managingapplicationwhitelistsintrusteddistributedsystems |