A Policy Framework for Multicast Group Control Salekul Islam and J. William Atwood Concordia University Department of Computer Science and Software Engineering.

Slides:



Advertisements
Similar presentations
Universidade do Minho A Framework for Multi-Class Based Multicast Routing TNC 2002 Maria João Nicolau, António Costa, Alexandre Santos {joao, costa,
Advertisements

Enabling Secure Internet Access with ISA Server
L. Alchaal & al. Page Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.
Chapter 5 standards for multimedia communications
An Associative Broadcast Based Coordination Model for Distributed Processes James C. Browne Kevin Kane Hongxia Tian Department of Computer Sciences The.
Authz work in GGF David Chadwick
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Technical Architectures
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
CS335 Principles of Multimedia Systems Multimedia Over IP Networks -- I Hao Jiang Computer Science Department Boston College Nov. 6, 2007.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.
Membership and Media Management in Centralized Multimedia Conferences based on Internet Engineering Task Force Protocol Building Blocks Author: Ritu Mittal.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
A global, public network of computer networks. The largest computer network in the world. Computer Network A collection of computing devices connected.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
Web 2.0: Concepts and Applications 2 Publishing Online.
Section 2.1 Compare the Internet and the Web Identify Web browser components Compare Web sites and Web pages Describe types of Web sites Section 2.2 Identify.
The Design Discipline.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Multicast routing.
Identity Management Report By Jean Carreon and Marlon Gonzales.
1 CMPT 275 High Level Design Phase Architecture. Janice Regan, Objectives of Design  The design phase takes the results of the requirements analysis.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Connecting to the Network Networking for Home and Small Businesses.
70-411: Administering Windows Server 2012
Department of Computer Science Southern Illinois University Edwardsville Spring, 2010 Dr. Hiroshi Fujinoki CS 547/490 Network.
Group Communications at Concordia J. William Atwood High Speed Protocols Laboratory Concordia University Montreal, Quebec, Canada.
ECE 4450:427/527 - Computer Networks Spring 2015 Dr. Nghi Tran Department of Electrical & Computer Engineering Lecture 2: Overview of Computer Network.
Framework & Requirements for an Access Node Control Mechanism in Broadband Multi-Service Networks ANCP WG IETF 71 – Philadelphia draft-ietf-ancp-framework-05.txt.
Elisa Bertino Purdue University Pag. 1 Security of Distributed Systems Part II Elisa Bertino CERIAS and CS &ECE Departments Purdue University.
Security Issues in PIM-SM Link-local Messages J.W. Atwood, Salekul Islam {bill, Department.
Distributed Authentication in Wireless Mesh Networks Through Kerberos Tickets draft-moustafa-krb-wg-mesh-nw-00.txt Hassnaa Moustafa
11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.
Lector: Aliyev H.U. Lecture №10 Multicast network software design TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES THE DEPARTMENT OF DATA COMMUNICATION.
SAML: An XML Framework for Exchanging Authentication and Authorization Information + SPML, XCBF Prateek Mishra August 2002.
Access Control and Markup Languages Pages 183 – 187 in the CISSP 1.
The Distance Learning Session Management System for the Next Generation Internet Se-Jun Na.
INTRODUCTION. 1.1 Why the Internet Protocol Multimedia Subsystem 1.2 Where did it come from?
07/09/04 Johan Muskens ( TU/e Computer Science, System Architecture and Networking.
Proposal for RBAC Features for SDD James Falkner Sun Microsystems October 11, 2006.
Secure Systems Research Group - FAU 1 A Trust Model for Web Services Ph.D Dissertation Progess Report Candidate: Nelly A. Delessy, Advisor: Dr E.B. Fernandez.
A Standards-Based Approach for Supporting Dynamic Access Policies for a Federated Digital Library K. Bhoopalam, K. Maly, F. McCown, R. Mukkamala, M. Zubair.
PPSP BAR BOF meeting 74th IETF – San Francisco, CA, USA March, 2009 P2P Streaming Protocol (PPSP) Requirements Ning Zong,Huawei Technologies Yunfei Zhang,China.
Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:
Introducing WI Proposal about Authorization Architecture and Policy Group Name: WG4 Source: Wei Zhou, Datang, Meeting Date: Agenda Item:
RSVP Policy Control using XACML Pontifícia Universidade Católica do Paraná PUC-PR, Brazil Presented by: Emir Toktar Emir Toktar Edgard.
Connect. Communicate. Collaborate Deploying Authorization Mechanisms for Federated Services in the eduroam architecture (DAMe)* Antonio F. Gómez-Skarmeta.
Copyright © 2002 Pearson Education, Inc. Slide 3-1 Internet II A consortium of more than 180 universities, government agencies, and private businesses.
Old Dominion University1 eXtensible Access Control Markup Language [OASIS Standard] Kailash Bhoopalam Java and XML.
IP Multicast Receiver Access Control draft-atwood-mboned-mrac-req draft-atwood-mboned-mrac-arch.
XACML Showcase RSA Conference What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation logic n.
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Authorization PDP GE Course (R4) FIWARE Chapter: Security FIWARE GE: Authorization PDP FIWARE GEri: AuthZForce Authorization PDP Owner: Cyril Dangerville,
Multicasting EECS June Multicast One-to-many, many-to-many communications Applications: – Teleconferencing – Database – Distributed computing.
WREC Working Group IETF 49, San Diego Co-Chairs: Mark Nottingham Ian Cooper WREC Working Group.
OGSA Attributes: Requirements, Definitions, and SAML Profile Abstract This document specifies elements and vocabulary for expressing attribute assertions.
Multimedia Communication Systems Techniques, Standards, and Networks Chapter 4 Distributed Multimedia Systems.
XML and Distributed Applications By Quddus Chong Presentation for CS551 – Fall 2001.
1 Implementation of IMS-based S-CSCF with Presence Service Jenq-Muh Hsu and Yi-Han Lin National Chung Cheng University Department of Computer Science &
VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.
Zueyong Zhu† and J. William Atwood‡
Multicast Outline Multicast Introduction and Motivation DVRMP.
ECE 4450:427/527 - Computer Networks Spring 2017
IEEE 802 Scope of OmniRAN Abstract
AAA: A Survey and a Policy- Based Architecture and Framework
Groups and Permissions
Presentation transcript:

A Policy Framework for Multicast Group Control Salekul Islam and J. William Atwood Concordia University Department of Computer Science and Software Engineering Montreal, Quebec, Canada Workshop on Peer-to-Peer Multicasting IEEE CCNC 2007

2007/01/11A Policy Framework for Multicast Group Control2 Contents  Introduction  Control policy for popular multicast applications  Related work  Proposed policy framework  Policy specification example in XACML  Conclusion

2007/01/11A Policy Framework for Multicast Group Control3 Introduction Transmit Data Sender Receiver IGMP Message Keep Membership Information Determine Best Path to Forward Data Multicast Routing Messages Figure 1: Present IP Multicast Architecture AR CR

2007/01/11A Policy Framework for Multicast Group Control4 Motivation  In multicasting – anonymity of the senders and receivers  Classical model – any one can send or receive  Advantage of multicast – bandwidth conservation  Network Service Providers (NSP) can generate significant revenue by deploying multicast  The reality is  Multicast based applications are not in place  Network Service Providers (NSP) are not supporting multicast

2007/01/11A Policy Framework for Multicast Group Control5 How to break the cycle?  Lack of control over multicast groups  NSPs and Content Providers: no simple mechanism to get revenue  To establish a revenue stream from end users:  Add AAA functionalities to present multicast model  Access Router will act as Network Access Server (NAS)  IGMP must carry end user authentication data

2007/01/11A Policy Framework for Multicast Group Control6 Internet Group Management Protocol with Access Control (IGMP-AC)  Is based on IGMPv3  Supports “source filtering”  Supports different types of authentications  Access control is optional  Does not disrupt usual IGMPv3  Adds least functionality and minimal workload  Sends authentication data a minimal number of times Figure 2: The IGMP-AC architecture IGMP-AC Diameter

2007/01/11A Policy Framework for Multicast Group Control7 Multicast Group Security Policy  Policy—a set of rules that dictates a system  Security policy—conditions to be satisfied to access the components of a system  Multicast group security policy—rules for elements of a group  Two categories  Access control policy: deals with member authentication, join, leave, billing, etc.  Data policy: deals with data integrity and authentication, key management, etc.  This paper—a policy framework for multicast access control policy

2007/01/11A Policy Framework for Multicast Group Control8 Multicast Control Policy for Different Applications  Multicast access control policy is composed of  Authentication policy—straight-forward  Authorization and accounting policy—hard to specify  Multicast applications are divided into  One-to-Many (1toM): single sender multiple receivers  Many-to-many (MtoM): multiple receivers and senders

2007/01/11A Policy Framework for Multicast Group Control9 One-to-Many (1toM) Applications  Audio/video streaming  Internet TV Authentication during joining Authorized for any channel any time or subscribed to a specific program on a time slot Accounting policy based on subscription  Distance learning Class lectures are multicast Only a registered student can access Authorization is simple, no accounting policy  Push media :News and weather updates, sports scores  Non-essential, requires low bandwidth  Simple authentication, no authorization and accounting policy

2007/01/11A Policy Framework for Multicast Group Control10 Many-to-Many (MtoM) Applications  Multimedia conferencing  Audio, video and whiteboard  Participants with different roles—role based authorization  For corporate meeting—authentication is required, no accounting policy  Multi-player game  Distributed and interactive application with chat group  In free subscription—no authorization and accounting  For paid users—relevant authorization and accounting policy

2007/01/11A Policy Framework for Multicast Group Control11 IETF Policy Framework Figure 3: The IETF policy framework PEP: responsible for enforcement of policy PDP: produces policy decisions Policy Repository: location to store policy Policy Management Tool: an interface for the network manager to update policies

2007/01/11A Policy Framework for Multicast Group Control12 Comparison Among Different Multicast Policy Frameworks MethodData Policy Control Policy Specification Language Policy Protocol Follows IETF Policy FW Fits with MSEC FW GSAKMPYesPartiallyToken basedSpecifiedNoYes XMLYesNoXMLNot specified NoYes AntigoneYes Not specifiedSpecifiedNo DCCMYesNo Cryptographic Context Negotiation Template Cryptographic Context Negotiation Protocol No MGMSYesNoGMLNot specified No Table 1: Comparison Among Different Policy Frameworks

2007/01/11A Policy Framework for Multicast Group Control13 Summary of Different Methods  None of the methods conforms with the IETF Policy Framework  Only Antigone addresses complete access control policy  Antigone, DCCM and MGMS are for “secure group communication”  Only two comply with MSEC Framework  In conclusion: a flexible, scalable, easily adaptable multicast access control policy architecture is needed.

2007/01/11A Policy Framework for Multicast Group Control14 Proposed Policy Framework: Design Requirements  Should extend the IGMP-AC architecture  The entities of the MSEC Framework should be present  Will follow the IETF Policy Framework  Will deal with multicast data policy and access control policy independently—can deploy any group key management scheme  Should not depend on any specification language or policy protocol

2007/01/11A Policy Framework for Multicast Group Control15 Proposed Policy Framework Figure 4: Proposed policy framework IGMP-AC Diameter NAS will act as PEP PDP is collocated with GC/KS, may be distributed Policy server Policy will be communicated

2007/01/11A Policy Framework for Multicast Group Control16 Policy Specification and Protocol  eXtensible Access Control Markup Language (XACML) for policy specification  Security Assertion Markup Language (SAML) for the communication between a PEP and a PDP  Any other language/protocol can be used  XACML:  XML-based for access control  Query-response language  OASIS standard specifies transportation of XACML query/response inside SAML

2007/01/11A Policy Framework for Multicast Group Control17 Policy Specification in XACML  XACML with SAML is used widely for access control  Flexible to express different needs of access control policy  Extensible to support new requirements  The developers can reuse their existing code to support policy language  Sun Microsystems, Inc. has already implemented XACML using Java

2007/01/11A Policy Framework for Multicast Group Control18 Components of XACML Policy ………. ………. ………. ………. The most elementary unit of a Policy, consists of a Target and a Condition Composition of Subjects, Resources, and Actions to which a Rule is applied Actors with specific attributes. May have more than one Subjects. Data, service or a system component. May have more than one Resources. An operation on a Resource. May have more than one Actions. An expression either true or false.

2007/01/11A Policy Framework for Multicast Group Control19 XACML Architecture Figure 5: The XACML policy framework

2007/01/11A Policy Framework for Multicast Group Control20 Figure 6: Proposed policy framework with XACML and SAML Proposed Policy Framework: revisited with XACML and SAML Policy specified in XACML Creates XACML query SAML carries XACML query Creates XACML response SAML carries XACML response

2007/01/11A Policy Framework for Multicast Group Control21 Policy for On-line Course  An access control policy for the on-line course, INTE290  Offered by Concordia University from September to December, 2006  address and password for authentication  Lecture will be multicast during the class hours  Receive a lecture through  Students send questions in text/voice format in class hours  Two groups:  1toM for sending multimedia class lecture (shown in example)  MtoM of text/voice for sending questions (not shown in example)

2007/01/11A Policy Framework for Multicast Group Control22 XACML Policy for On-line Course If a request is successfully matched against this rule an evaluating PDP will return Permit Password Both address and password must match to get access

2007/01/11A Policy Framework for Multicast Group Control23 XACML Policy for On-line Course Read Lectures will be multicast here The only permitted action is to read/receive data

2007/01/11A Policy Framework for Multicast Group Control24 XACML Policy for On-line Course Flexible condition Any date between 1 st of September and 31 st of December, 2006 is valid

2007/01/11A Policy Framework for Multicast Group Control25 Conclusion and future work  A new policy framework for multicast access control  The proposed framework  is based on XACML  fully complies with the MSEC Framework  follows the IETF Policy Framework.  An example access control policy for an on-line course  Future goals:  Complete the IGMP-AC project  Define inter domain behaviour  Performance study

2007/01/11A Policy Framework for Multicast Group Control26 For more information  High Speed Protocols Laboratory of Concordia University is doing extensive research on IP multicast,  To know more about IGMP-AC visit,  For questions and comments:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.