Transparent Access to Encrypted Data Using Operating System Network Stack Extensions

  • Ero Rademer
  • Stephen D. Wolthusen
Chapter
Part of the IFIP — The International Federation for Information Processing book series (IFIPAICT, volume 64)

Abstract

The Cipress system provides security enhancements for general purpose operating systems by adding kernel level functionality for cryptographic and steganographic operations and keeping both users and application programs unmolested as far as possible. This paper describes the transparent network filtering and encryption mechanisms used in the Microsoft Windows NT implementation that allow integrated access and use control over confidential or otherwise restricted data at client systems.

Keywords

Access Control File System Mutual Authentication Digital Watermark Registered Document 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download to read the full chapter text

References

  1. Andersen, D. B. (1997a). Windows Sockets 2 Application Provider Interface. Technical report, Intel Corp. Version 2.2. 1.Google Scholar
  2. Andersen, D. B. (1997b). Windows Sockets 2 Service Provider Interface. Technical report, Intel Corp. Version 2.2. 1.Google Scholar
  3. Busch, C., Funk, W., and Wolthusen, S. (1999). Digital watermarking: From concepts to real-time video applications. IEEE Computer Graphics and Applications, 19 (1): 25–35.CrossRefGoogle Scholar
  4. Busch, C., Graf, F., Wolthusen, S., and Zeidler, A. (2000). A system for intellectual property protection. In Proceedings of the World Multiconference on Systemics, Cybernetics, and Informatics (SCI 2000) /Int’l Conf on Information Systems Analysis and Synthesis (ISAS 2000), Orlando, FL, pages 225–230.Google Scholar
  5. Butterklee, B., Hua, W., and Ohlund, J. (1999). Unraveling the Mysteries of Writing a Winsock 2 Layered Service Provider. Microsoft System Journal.Google Scholar
  6. Computer Security Institute (2000). 2000 Computer Crime and Security Survey. Federal Bureau of Investigation Computer Intrusion Squad.Google Scholar
  7. Dierks, T. and Allen, C. (1999). RFC 2246: The TLS Protocol Version 1. 0.Google Scholar
  8. Frier, A., Karlton, P., and Kocher, P. (1996). The Secure Socket Layer (SSL) 3. 0 Protocol. Technical report, Netscape Communications Corp.Google Scholar
  9. Jones, M. B. (1993). Interposition agents: Transparently interposing user code at the system interface. In Liskov, B., editor, Proceedings of the 14th Symposium on Operating Systems Principles, pages 80–93, New York, NY, USA. ACM Press.Google Scholar
  10. McKusick, M. K., Bostic, K., Karels, M. J., and Quarterman, J. S. (1996). The Design and Implementation of the 4.4 BSD UNIX Operating System. Addison-Wesley. Publishing Company.Google Scholar
  11. National Institute for Standards and Technology (U. S.) (1995). Secure Hash Standard (SHA). Federal information processing standards publication 1801, NIST, Gaithersburg, MD, USA.Google Scholar
  12. National Institute of Standards and Technology (U. S.) (1994). Data Encryption Standard (DES). Federal information processing standards publication 46–2, NIST, Gaithersburg, MD, USA. Supersedes FIPS PUB 46–1–1988 January 22.Google Scholar
  13. Reynolds, F. and Heller, J. (1991). Kernel support for network protocol servers. In USENIX, editor, Proceedings of the USENIX Mach Symposium: November 20 22, 1991, Monterey, California, USA, pages 149–162, Berkeley, CA, USA. USENIX.Google Scholar
  14. Snider, L. B. and Seikaly, D. S. (2000). Report on Investigation: Improper Handling of Classified Information by John M. Deutch. Central Intelligence Agency Inspector General Report 1998–0028-IG. Unclassified, FOUO.Google Scholar
  15. Solomon, D. (1998). Inside Windows NT. Microsoft Press, Bellevue, WA, USA, 2nd edition.Google Scholar
  16. Solomon, D. and Russinovich, M. (2000). Inside Windows 2000. Microsoft Press, Bellevue, WA, USA, 3rd edition.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2001

Authors and Affiliations

  • Ero Rademer
    • 1
  • Stephen D. Wolthusen
    • 1
  1. 1.Fraunhofer-IGDDarmstadtGermany

Personalised recommendations