Article

Enclaves: enabling secure collaboration over the internet

Author:

Li GongAuthors Info & Claims

SSYM'96: Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

Page 15

Published: 22 July 1996 Publication History

Abstract

The rapid expansion of the Internet means that users increasingly want to interact with each other. Due to the openness and unsecure nature of the net, users often have to rely on firewalls to protect their connections. Firewalls, however, make real-time interaction and collaboration more difficult. Firewalls are also complicated to configure and expensive to install and maintain, and are inaccessible to small home offices and mobile users.

The Enclaves approach is to transform user machines into "enclaves," which are protected from outside interference and attacks. Using Enclaves, a group of collaborators can dynamically form a secure virtual subnet within which to conduct their joint business.

This paper describes the design and implementation of the Enclaves toolkit, and some applications we have built using the toolkit.

References

[1]

{1} R.J. Anderson. Why Cryptosystems Fail. Communications of the ACM, 37(11):32-40, November 1994.]]

Digital Library

[2]

{2} A.J. Ballardie and J. Crowcroft. Multicast-Specific Security Threats and Counter-Measures. In Proceedings of the Internet Society Symposium on Network and Distributed System Security, San Diego, California, February 1995.]]

Digital Library

[3]

{3} K.P. Birman. The Process Group Approach to Reliable Distributed Computing. Communications of the ACM, 36(12):37-53/103, December 1993.]]

Digital Library

[4]

{4} W.R. Cheswick and S.M. Bellovin. Firewalls and Internet Security. Addison-Wesley, 1994.]]

Digital Library

[5]

{5} D. Coleman and R. Khanna, editors. Groupware Technology and Applications. Prentice-Hall, Upper Saddle River, New Jersey, 1995.]]

Digital Library

[6]

{6} S. Deering. Host Extensions for IP Multicasting. Request for Comments 1112, Internet Network Working Group, August 1989.]]

Digital Library

[7]

{7} H. Eriksson. MBONE: The Multicast Backbone. Communications of the ACM, 37(8):54-60, August 1994.]]

Digital Library

[8]

{8} L. Gong. Optimal Authentication Protocols Resistant to Password Guessing Attacks. In Proceedings of the 8th IEEE Computer Security Foundations Workshop, pages 24-29, County Kerry, Ireland, June 1995.]]

Digital Library

[9]

{9} L. Gong and N. Shacham. Multicast Security and Its Extension to a Mobile Environment. ACM-Baltzer Journal of Wireless Networks, 1(3):281-295, October 1995.]]

Digital Library

[10]

{10} L. Gong and P. Syverson. Fail-Stop Protocols: An Approach to Designing Secure Protocols. In Proceedings of the 5th IFIP Working Conference on Dependable Computing for Critical Applications, Dependable Computing and Fault-Tolerant Systems, pages 44-55, Urbana-Champaign, Illinois, September 1995. Springer-Verlag.]]

[11]

{11} M. Knister and A. Prakash. Issues in the Design of a Toolkit for Supporting Multiple Group Editors. Computing Systems, 6(2):135-166, Spring 1993.]]

[12]

{12} D.E. Knuth. The Art of Computer Programming, Vol.2: Seminumerical Algorithms. Addison-Wesley, Reading, Massachusetts, 1969. Revised edition.]]

Digital Library

[13]

{13} J.K. Ousterhout. Tcl and the Tk Toolkit. Addison Wesley, Menlo Park, California, 1994.]]

Digital Library

[14]

{14} M. Reiter. Secure Agreement Protocols: Reliable and Atomic Group Multicast in Rampart. In Proceedings of the 2nd ACM Conference on Computer and Communications Security, pages 68-80, Fairfax, Virginia, November 1994.]]

Digital Library

[15]

{15} M. Roseman and S. Greenberg. Building Real Time Groupware with GroupKit, a Groupware Toolkit. ACM Transactions on Computer Human Interaction, 1996. To appear.]]

Digital Library

[16]

{16} T. Takahashi, A. Shimbo, and M. Murota. File-Based Network Collaboration System. In Proceedings of the 5th USENIX UNIX Security Symposium , pages 95-104, Salt Lake City, Utah, June 1995.]]

Digital Library

Cited By

Krishnan RNiu JSandhu RWinsborough W(2011)Group-Centric Secure Information-Sharing Models for Isolated GroupsACM Transactions on Information and System Security10.1145/2043621.204362314:3(1-29)Online publication date: 1-Nov-2011
https://dl.acm.org/doi/10.1145/2043621.2043623
Choi M(2005)Design security for internet-based workflow management systems adopting security agentsProceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases10.5555/1363642.1363659(1-9)Online publication date: 13-Feb-2005
https://dl.acm.org/doi/10.5555/1363642.1363659
Wiechers WDaskapan SVree W(2004)Simulating the establishment of trust infrastructures in multi-agent systemsProceedings of the 6th international conference on Electronic commerce10.1145/1052220.1052253(255-264)Online publication date: 25-Mar-2004
https://dl.acm.org/doi/10.1145/1052220.1052253
Show More Cited By

Index Terms

Enclaves: enabling secure collaboration over the internet

Recommendations

Enclaves: enabling secure collaboration over the Internet

The rapid expansion of the Internet means that users increasingly want to interact with each other. Due to the openness and unsecure nature of the Net, users often have to rely on firewalls to protect their connections. Firewalls, however, make real-...
SmashEx: Smashing SGX Enclaves Using Exceptions
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Exceptions are a commodity hardware functionality which is central to multi-tasking OSes as well as event-driven user applications. Normally, the OS assists the user application by lifting the semantics of exceptions received from hardware to program-...
Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation
CYSARM'20: Proceedings of the 2nd Workshop on Cyber-Security Arms Race

Systems that protect enclaves from privileged software must consider software-based side-channel attacks. Our system isolates enclaves on separate secure cores to stop attackers from running on the same core as the victim, which mitigates intra-core ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Guide Proceedings

SSYM'96: Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6

July 1996

189 pages

Sponsors

UniForum
USENIX Assoc: USENIX Assoc

Publisher

USENIX Association

United States

Publication History

Published: 22 July 1996

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
17
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Krishnan RNiu JSandhu RWinsborough W(2011)Group-Centric Secure Information-Sharing Models for Isolated GroupsACM Transactions on Information and System Security10.1145/2043621.204362314:3(1-29)Online publication date: 1-Nov-2011
https://dl.acm.org/doi/10.1145/2043621.2043623
Choi M(2005)Design security for internet-based workflow management systems adopting security agentsProceedings of the 4th WSEAS International Conference on Artificial Intelligence, Knowledge Engineering Data Bases10.5555/1363642.1363659(1-9)Online publication date: 13-Feb-2005
https://dl.acm.org/doi/10.5555/1363642.1363659
Wiechers WDaskapan SVree W(2004)Simulating the establishment of trust infrastructures in multi-agent systemsProceedings of the 6th international conference on Electronic commerce10.1145/1052220.1052253(255-264)Online publication date: 25-Mar-2004
https://dl.acm.org/doi/10.1145/1052220.1052253
Shands DJacobs JYee RSebes E(2001)Secure virtual enclavesACM Transactions on Information and System Security10.1145/501963.5019644:2(103-133)Online publication date: 1-May-2001
https://dl.acm.org/doi/10.1145/501963.501964
McDaniel PPrakash AHoneyman P(1999)AntigoneProceedings of the 8th conference on USENIX Security Symposium - Volume 810.5555/1251421.1251430(9-9)Online publication date: 23-Aug-1999
https://dl.acm.org/doi/10.5555/1251421.1251430

View Options

View options

Media

Figures

Other

Tables

View Table of Contents