2003 Articles

Drop-in Security for Distributed and Portable Computing Elements

Prevelakis, Vassilis; Keromytis, Angelos D.

The widespread use of mobile computing and telecommuting has increased the need for effective protection of computing platforms. Traditional schemes that involve strengthening the security of individual systems, or the use of firewalls at network entry points have difficulty accommodating the special requirements of remote and mobile users. We propose the use of a special purpose drop-in firewall/VPN gateway called Sieve, that can be inserted between the mobile workstation and the network to provide individualized security services for that particular station. Sieve is meant to be used like an external modem: the user only needs to plug it in. Its existence is transparent to the user, requiring no modification to the workstation configuration. To function in this role, Sieve has been designed to be compact, low-cost, requiring little administration or maintenance. In this paper, we discuss the features and advantages of our system. We demonstrate how Sieve was used in various application areas (home, university environment, etc.) and describe our future plans.