HP Labs Technical Reports Click here for full text: 
Vaulted VPN: Compartmented Virtual Private Networks On Trusted Operating Systems Choo, Tse-Huong HPL-1999-44 Keyword(s): VPN; virtual vault; IPSec Abstract: Virtual Private Networks for IPSec based on an intermediate packet-redirector in network- protocol stacks are becoming increasingly common for many standard operating systems and represent a well- understood method for retro-fitting such systems with IPSec support. This report describes how a different design structured around a Trusted Operating System can offer better security, performance and robustness. We describe in detail an implementation of an IPSec VPN consisting of a series of compartmented, concurrently executing IPSec stacks. The motivations and security-related benefits behind each design decision are discussed. In addition, we show how a configuration of independent IPSec stacks based in this design can be configured to execute in parallel for greater performance, and how its design allows individual component-failures without affecting the system as a whole. 15 Pages | ||
[Research] [News] [Tech Reports] [Palo Alto] [Bristol] [Japan] [Israel] [Site Map] [Home] [Hewlett-Packard]