Security and Privacy Applied Research Lab

Building Shared Reference Monitor Systems

Trent Jaeger
Department of Computer Science and Engineering
Pennsylvania State University


In this talk, I will describe an architecture for building secure distributed systems based on a Shared Reference Monitor (Shamon). A Shamon consists of distributed security components that collaborate to provide a single, coherent mechanism for enforcing mandatory access control (MAC), achieving the function of a local reference monitor. The challenge is to ensure the guarantees required of a reference monitor: complete mediation over security sensitive operations; tamper-protection of the Shamon mechanism and state; and verifiability of correct enforcement of security goals. I will begin the talk by discussing the vision of future Shamon distributed systems and motivating why the recent emergence of ubiquitous virtual machine systems and trusted computing hardware is necessary to achieve the Shamon goals. I will then discuss our prototype Shamon system, highlighting the design decisions required to satisfy the reference monitor guarantees.


Trent Jaeger is an Associate Professor in the Computer Science and Engineering Department at The Pennsylvania State University and the Co-Director of the Systems and Internet Infrastructure Security Lab. Trent's research interests include operating systems security, access control, and source code and policy analysis tools. He has published over 50 refereed research papers on these subjects. Trent has made a variety of contributions to Linux security, particularly to the Linux Security Modules framework, the SELinux module and policy development, integrity measurement in Linux, and the Xen security architecture. He is active in the security research community, having been a member of the program committees of all the major security conferences. He has been a guest editor of ACM TISSEC and program chair of ACM SACMAT and ACM CCS Government and Industry Track. He is currently the Program Chair for USENIX Hot Topics in Security. Trent has an M.S. and a Ph.D. from the University of Michigan, Ann Arbor in Computer Science and Engineering in 1993 and 1997, respectively.