Policy-Friendly Remote Access to Computer Resources: The Successor to SSH

Keith Winstein, David Mazières, Ben Calvert, Erwin Lopez, Ashley Tolbert 2017 - 2018

Policy-Friendly Remote Access to Computer Resources: The Successor to SSH

From its introduction in 1995, the Secure Shell (SSH) has become a ubiquitous tool for users to connect securely with networked and “cloud” servers. But as the importance of cybersecurity has increased in the last two decades, and as systems like the Secure Web and TLS have seen considerable evolution, SSH has yet to realize commensurate improvements in its manageability, auditability, or support of prudent security policies. This project is a collaboration between PIs at the Stanford Computer Science Department and in the Cyber Security organization of SLAC, a national laboratory that Stanford operates for the U.S. Department of Energy. The Computer Science PIs have prior experience developing SSH-like systems that have been deployed to millions of users. The SLAC PIs create cybersecurity policies that govern SLAC’s use of SSH, and implement these policies subject to federal cybersecurity regulations and oversight. Together, we will develop a successor to SSH that is responsive to today’s real-world cybersecurity concerns and deployable at security-conscious and policy-driven organizations. Relative to today’s SSH, the improvements will focus on three areas: policy-friendliness, allowing the implementation and analysis (including “what if?” questions) of cybersecurity policies governing authentication and authorization, security improvements, and usability improvements to encourage consistent and appropriate use. We will use SLAC as a motivating “launch customer”: if the new system can be welcomed and deployed in a security-conscious and regulated environment like SLAC, we believe it will see widespread use.

Researchers

fsi_bio

Keith Winstein

close
fsi_bio

Keith Winstein

Assistant Professor of Computer Science and Assistant Professor of Law (by courtesy)
I am an assistant professor at Stanford University. From 2011–2014, I did my Ph.D. at MIT, advised by Hari Balakrishnan. Previously, I spent a year at Ksplice, Inc., a startup company (now part of Oracle Corp.) where I was the vice president of product management and business development and also cleaned the bathroom. Before that, I worked for three years as a staff reporter at The Wall Street Journal, covering health care, medicine, science and technology. I did my undergraduate work at MIT, where I received a B.S. (2004) and M.Eng. (2005) in electrical engineering and computer science. I also received an E.E. degree in 2014.
fsi_bio

David Mazières

close
fsi_bio

David Mazières

Professor of Computer Science
David Mazières is a professor of Computer Science at Stanford University, where he leads the Secure Computer Systems research group. He also serves as Chief Scientist at Stellar Development Foundation, and is a founder of Intrinsic, Inc. Prof. Mazières received a BS in Computer Science from Harvard in 1994 and a Ph.D. in Electrical Engineering and Computer Science from MIT in 2000. Prof. Mazières's research interests include Operating Systems and Distributed Systems, with a particular focus on security. Some of the projects he and his students have worked on include SFS (a self-certifying network file system), SUNDR (a file system that introduced the notion of fork linearizability), Kademlia (a widely used peer-to-peer routing algorithm), Coral (a peer-to-peer content distribution network), HiStar (a secure operating system based on decentralized information flow control), tcpcrypt (a TCP option providing forward-secure encryption), Hails (a web framework that can preserve privacy while incorporating untrusted third-party apps), Dune (a driver granting linux processes safe access to privileged CPU features), and COWL (an information-flow-control-based browser security architecture). Prof. Mazières has several awards including an Oakland distinguished paper award (2014), Sloan award (2002), USENIX best paper award (2001), NSF CAREER award (2001), MIT Sprowls best thesis in computer science award (2000).
fsi_bio

Ben Calvert

Chief Information Security Officer at SLAC National Accelerator Laboratory
close
fsi_bio

Ben Calvert

Chief Information Security Officer at SLAC National Accelerator Laboratory