NASA Logo

NTRS

NTRS - NASA Technical Reports Server

Due to the lapse in federal government funding, NASA is not updating this website. We sincerely regret this inconvenience.

Back to Results
Addressing the Tension Between Strong Perimeter Control an UsabilityThis paper describes a strong perimeter control system for a general purpose processing system, with the perimeter control system taking significant steps to address usability issues, thus mitigating the tension between strong perimeter protection and usability. A secure front end enforces two-factor authentication for all interactive access to an enclave that contains a large supercomputer and various associated systems, with each requiring their own authentication. Usability is addressed through a design in which the user has to perform two-factor authentication at the secure front end in order to gain access to the enclave, while an agent transparently performs public key authentication as needed to authenticate to specific systems within the enclave. The paper then describes a proxy system that allows users to transfer files into the enclave under script control, when the user is not present to perform two-factor authentication. This uses a pre-authorization approach based on public key technology, which is still strongly tied to both two-factor authentication and strict control over where files can be transferred on the target system. Finally the paper describes an approach to support network applications and systems such as grids or parallel file transfer protocols that require the use of many ports through the perimeter. The paper describes a least privilege approach that dynamically opens ports on a host-specific, if-authorized, as-needed, just-in-time basis.
Document ID
20060051802
Acquisition Source
Ames Research Center
Document Type
Preprint (Draft being sent to journal)
Authors
Hinke, Thomas H.
(NASA Ames Research Center Moffett Field, CA, United States)
Kolano, Paul Z.
(AMTI Moffett Field, CA, United States)
Keller, Chris
(AMTI Moffett Field, CA, United States)
Date Acquired
September 7, 2013
Publication Date
January 1, 2006
Subject Category
Mathematical And Computer Sciences (General)
Meeting Information
Meeting: 11th ACM Symposium on Access Control Models and Technologies (SACMAT 2006)
Location: Lake Tahoe, CA
Country: United States
Start Date: June 7, 2006
End Date: June 9, 2006
Sponsors: Association for Computing Machinery
Distribution Limits
Public
Copyright
Work of the US Gov. Public Use Permitted.
No Preview Available