Check out the new USENIX Web site. next up previous
Next: Toolkit Implementation Up: Enclaves Design Previous: Technical Approaches

Comparison with Related Work

There are related works on group security in the context of distributed computing systems. The Rampart system [14] functions on the fundamental concept of secure process groups that are also virtually synchronized. A major difference between Rampart and Enclaves is that the target application domains differ significantly. Rampart aims to be a toolkit for developing highly secure and fault-tolerant systems. As a result, its protocols are relatively complicated and expensive to run. Enclaves, on the other hand, deals with user-level groups that operate in a different fashion. For example, since users do not necessarily engage in identical activities, maintaining a virtual synchrony between group members is not meaningful and can only waste system resources and slow down the applications. Nevertheless, certain types of group activities in Enclaves may benefit from the stronger semantics guaranteed by the reliable and atomic multicast protocols.

Another related work is IP-multicast [6] and its security considerations [2]. Superficially, IP-multicast and Enclaves have a lot in common: they both form user groups over the Internet and facilitate group-oriented activities. However, the two have very distinctive characteristics in reality. The typical group formed using IP-multicast technology over the M-bone [7] is large in scale, loose in user interaction, and difficult to control in terms of security. In contrast, Enclaves seeks to support close user interaction and collaboration, good real-time response, and high quality of security control. Moreover, Enclaves is extremely lightweight and runs directly over TCP/IP protocols. In comparison, the deployment of IP-multicast requires special routers or tunnels and sometimes the recompilation of operating system kernels to incorporate IP-multicast software.

The topic area popularly known as groupware or computer-supported cooperative work (CSCW), which includes collaborative systems for workflow management, shared whiteboard, teleconferencing, and shared editing (e.g., [11, 15]), is obviously related. A major difference is that these systems have not yet paid serious attention to security issues. A recent survey of the field [5] shows that only a tiny number of vendors discuss security at all or show concerns over privacy issues resulting from collaboration. The discussion often stops at how to provide password controlled access and encrypted electronic mail. Enclaves, on the other hand, is built on the basis of a secure group management layer and a secure multicast abstraction, and thus can provide very strong security guarantees.

A few systems that provide secure file sharing (such as [16]) have drawbacks, compared with Enclaves, in that they do not necessarily support real-time interaction; they also depend on good user behavior to maintain consistency of shared files. Moreover, they may have to share a real (rather than a virtual) file system.

Recently, there have been proposals to use firewalls (such as SunScreen from Sun Microsystems) to structure secure virtual networks over the open Internet. The idea is to use a pair of firewalls on each link between different parts of an organization. With automatic encryption and other support by the firewalls, machines behind these firewalls can function as if they are connected via a private network.

The secure subnet concept in the Enclaves system extends to individual users and machines, and thus can provide security functionality in the absence of firewalls, such as in the case of small companies, where maintaining firewalls is too expensive, or in the case of mobile users (e.g., using laptop computers) where a separate firewall is often unavailable. In this respect, Enclaves is closer to the concept of ``joint-ventures'', where partners with limited mutual trust must perform restricted collaborative activities [4]. The Enclaves system can also supplement firewall protection in that it is more user-friendly to configure corporate firewalls to support an acceptable level of protection policy while leaving certain fine-grained controls to individual users. In fact, by running Enclaves as firewalls and proxies, secure subnets can be formed in a similar fashion to using pairs of firewalls.


next up previous
Next: Toolkit Implementation Up: Enclaves Design Previous: Technical Approaches

Li Gong
Fri May 17 15:07:56 PDT 1996
?Need help? Use our Contacts page.

Last changed: 1 May 2002 aw
Conference Index
USENIX home