Skip to main content

Managing application whitelists in trusted distributed systems

Jun Ho Huh‚ John Lyle‚ Cornelius Namiluko and Andrew Martin

Abstract

Many distributed batch systems, such as computational grids, require a level of integrity protection to guarantee the proper execution of a job or workflow. One way of achieving this, implicit in many trusted computing proposals, is to use application whitelisting to prevent unknown and untrusted applications from being executed on remote services. However, this approach has significant shortcomings across multiple administrative domains, as conflicts between locally-managed whitelists will result in many useful services appearing untrustworthy to users. This has the potential to limit availability and prevent trusted distributed systems from ever being successfully deployed. We propose a set of requirements for a system which will manage these conflicts, and provide a mechanism for updating application whitelists that will increase service availability and trustworthiness. We also suggest and specify a set of components, including a centralised configuration manager, which will meet these requirements.

ISSN
0167−739X
Journal
Future Generation Computer Systems
Keywords
"Configuration management"‚ "Trusted computing"‚"Trusted grid"‚ "Virtual organisations"‚ "Whitelisting"
Volume
In Press‚ Accepted Manuscript
Year
2010