Using firewalls to enforce enterprise-wide policies over standard client-server interactions

We propose and evaluate a novel framework for enforcing global coordination and control policies over message passing software components in enterprise computing environments. This framework combines the use of firewalls, both per-node software and dedicated firewalls, with an existing coordination and control system to enforce policies that, among other properties, are stateful and communal. The firewalls act as a set of distributed reference monitors that filter messages exchanged between the interacting software components. The coordination and control system coordinates the firewalls to enforce a specific set of policies, passing only messages allowed by these policies. Filtering decisions may be based on credentials presented to the coordination and control system as well as system state accumulated over time. This filtering approach decouples coordination and control from application implementation, allowing the coordination and control mechanism and application implementations to evolve independently of each other. We demonstrate the power of our framework by using it to specify and enforce an RBAC policy with delegation, revocation, and separation-of-duty over accesses to a cluster of NFS and SMB file servers without changing any client or server implementations. Measurements show that our framework imposes acceptable overheads when enforcing this policy.