Policy-Friendly Remote Access to Computer Resources: The Successor to SSH
From its introduction in 1995, the Secure Shell (SSH) has become a ubiquitous tool for users to connect securely with networked and “cloud” servers. But as the importance of cybersecurity has increased in the last two decades, and as systems like the Secure Web and TLS have seen considerable evolution, SSH has yet to realize commensurate improvements in its manageability, auditability, or support of prudent security policies. This project is a collaboration between PIs at the Stanford Computer Science Department and in the Cyber Security organization of SLAC, a national laboratory that Stanford operates for the U.S. Department of Energy. The Computer Science PIs have prior experience developing SSH-like systems that have been deployed to millions of users. The SLAC PIs create cybersecurity policies that govern SLAC’s use of SSH, and implement these policies subject to federal cybersecurity regulations and oversight. Together, we will develop a successor to SSH that is responsive to today’s real-world cybersecurity concerns and deployable at security-conscious and policy-driven organizations. Relative to today’s SSH, the improvements will focus on three areas: policy-friendliness, allowing the implementation and analysis (including “what if?” questions) of cybersecurity policies governing authentication and authorization, security improvements, and usability improvements to encourage consistent and appropriate use. We will use SLAC as a motivating “launch customer”: if the new system can be welcomed and deployed in a security-conscious and regulated environment like SLAC, we believe it will see widespread use.