Smart encryption channels for securing virtual machine-based networked applications

We present PARAGON, a novel security protocol for efficiently securing the network communications of web‐deployed enterprise applications. PARAGON relies on an application tag set, which is a collection of metadata entries that specify the backend servers with which the client application is expected to communicate during its lifetime. The application tag set controls the quality of the security mechanisms established on each backend server connection, and allows the security protocol to utilize the trust relationship present between the deployed application and its source server to create a set of public‐key security associations between the source server and the enterprise backend servers on behalf of the client. PARAGON is a multi‐phase security protocol that matures with time. Incrementally, PARAGON approaches a fully symmetric‐key encryption system. The performance advantage becomes evident when the client application communicates with a relatively large set of remote servers. Examples of such clients include web browsers, email clients, file torrent clients, stock exchange applications, etc. A prototype implementing PARAGON's specifications and showing its performance advantages is shown for SUN's J2SE 1.6/J2EE 1.5 platforms. Copyright © 2008 John Wiley & Sons, Ltd.