Design of the multi-level security network switch system which restricts covert channel Conference: Communication Software and Networks (ICCSN), 2011 IEEE.

Slides:



Advertisements
Similar presentations
Introduction 1 Lecture 13 Transport Layer (Transmission Control Protocol) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer.
Advertisements

1 Agenda TMA2 Feedback TMA3 T821 Bock 2. 2 Packet Switching.
CCNA – Network Fundamentals
1 Reading Log Files. 2 Segment Format
Author: Seungwon Shin, Vinod Yegneswaran, Phillip Porras, Guofei Gu
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Protocols and the TCP/IP Suite
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Data Communications Architecture Models. What is a Protocol? For two entities to communicate successfully, they must “speak the same language”. What is.
VLANs Semester 3, Chapter 3 Allan Johnson Website:
CS335 Networking & Network Administration Tuesday, April 20, 2010.
Copyright © 2012, QoS-aware Network Operating System for Software Defined Networking with Generalized OpenFlows Kwangtae Jeong, Jinwook Kim.
Lecture slides prepared for “Business Data Communications”, 7/e, by William Stallings and Tom Case, Chapter 8 “TCP/IP”.
1.  A protocol is a set of rules that governs the communications between computers on a network.  Functions of protocols:  Addressing  Data Packet.
Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.
Protocols and the TCP/IP Suite Chapter 4. Multilayer communication. A series of layers, each built upon the one below it. The purpose of each layer is.
Process-to-Process Delivery:
1 Kyung Hee University Prof. Choong Seon HONG Network Control.
The 1st European NetFPGA Developers Workshop Design Remote Reconfiguration Supported Security Protection System on NetFPGA and Virtex5 Kai Zhang, Xiaoming.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
Monitoring Architecture for Lawful Interception in VoIP Networks Second International Conference on Internet Monitoring and Protection (ICIMP 2007), IEEE.
Huda AL_Omairl - Network 71 Protocols and Network Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
1 Version 3.0 Module 11 TCP Application and Transport.
SDN based Network Security Monitoring in Dynamic Cloud Networks Xiuzhen CHEN School of Information Security Engineering Shanghai Jiao Tong University,
A Unified Framework for Software Defined Information-centric Network Wen Qi, Jinfan Wang, Yujia Luo, Rui Qin, Weigang Hou, Jing Ren Shucheng Liu, Jianping.
University of the Western Cape Chapter 12: The Transport Layer.
COP 4930 Computer Network Projects Summer C 2004 Prof. Roy B. Levow Lecture 3.
25-Oct-15Network Layer Connecting Devices Networks do not normally operate in isolation.They are connected to one another using connecting devices. The.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
ISA SERVER 2004 Group members : Sagar Bhakta – [intro] Orit Ahmed – [installation] Michael Wijaya [advantages] Rene Salazar - [features]
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
INSIGNIA : A QOS ARCHITECTURAL FRAMEWORK FOR MANETS Course:-Software Architecture & Design Team Members 1.Sameer Agrawal 2.Vivek Shankar Ram.R.
Department of Electronic Engineering City University of Hong Kong EE3900 Computer Networks Protocols and Architecture Slide 1 Use of Standard Protocols.
1 Internet Firewall Security Present by: Ying Fu Department of Computer Science South Eastern University February, 2001.
Early Detection of DDoS Attacks against SDN Controllers
The Internet Book. Chapter 16 3 A Packet Switching System Can Be Overrun Packet switching allows multiple computers to communicate without delay. –Requires.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
1 Kyung Hee University Chapter 11 User Datagram Protocol.
1 Computer Communication & Networks Lecture 23 & 24 Transport Layer: UDP and TCP Waleed Ejaz
A Low Interference Channel Assignment Algorithm for Wireless Mesh Networks Can Que 1,2, Xinming Zhang 1, and Shifang Dai 1 1.Department of Computer Science.
Week #8 OBJECTIVES Chapter #5. CHAPTER 5 Making Networks Work Two Networking Models –OSI OPEN SYSTEMS INTERCONNECTION PROPOSED BY ISO –INTERNATIONAL STANDARDS.
Mr. Sathish Kumar. M Department of Electronics and Communication Engineering I’ve learned that people will forget what you said, people will forget what.
Computer Network Lab. 1 3 장 OSI 기본 참조 모델 n OSI : Open System Interconnection n Basic Reference Model : ISO-7498 n Purpose of OSI Model ~ is to open communication.
Mike Switlick. Overview What is a covert channel? Storage / Timing Requirements Bunratty attack Covert_tcp Questions.
Cisco Router Technology. Overview Topics :- Overview of cisco Overview of cisco Introduction of Router Introduction of Router How Router Works How Router.
IEEE Wireless LAN Standard
Virtual Private Network (VPN) 1. A corporation with multiple geographic sites can use one of two approaches to building a corporate intranet. – Private.
Process-to-Process Delivery:
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
A Classification for Access Control List To Speed Up Packet-Filtering Firewall CHEN FAN, LONG TAN, RAWAD FELIMBAN and ABDELSHAKOUR ABUZNEID Department.
Advanced Science and Technology Letters Vol.53 (AITS 2014), pp An Improved Algorithm for Ad hoc Network.
BASICS Gabriella Paolini (GARR) 27/05/11 - ICCU Roma 1 How INTERNET works !
Distributed Systems.
Process-to-Process Delivery, TCP and UDP protocols
DEPARTMENT OF COMPUTER SCIENCE
Protocols and the TCP/IP Suite
Chapter 3: Open Systems Interconnection (OSI) Model
Chapter 17: Confinement Problem
ECEN “Internet Protocols and Modeling”
Process-to-Process Delivery:
Implementing an OpenFlow Switch on the NetFPGA platform
OSI Model The Seven Layers
Chapter 15 – Part 2 Networks The Internal Operating System
Network Architecture for Cyberspace
Computer Networks Topic :User datagram protocol Transmission Control Protocol -Hemashree S( )
Protocols and the TCP/IP Suite
OpenSec:Policy-Based Security Using Software-Defined Networking
Fast passive scan for FILS
Presentation transcript:

Design of the multi-level security network switch system which restricts covert channel Conference: Communication Software and Networks (ICCSN), 2011 IEEE 3rd International Conference on Authors: Xiong Liu, Haiwei Xue, Xiaoping Feng, Yiqi Dai, Department of Computer Science and Technology, Tsinghua University, Beijing 10084, China 1

Covert channel In computer security, a covert channel is a type of computer security attack that creates a capability to transfer information objects between processes that are not supposed to be allowed to communicate by the computer security policy. 2

Multi-level Security Local Area Network system (MSL) The low level host can send data packet to high level host, but high level host cannot send data packet to low level host. TCP/IP SYN/ACK packet cannot be sent back in the above mechanism. So it must allow the sending of SYN/ACK. The SYN/ACK may become a loophole for the covert channel. 3 Low level High level host

System architecture Monitor in each hosts Controller Filter 4

System architecture- Monitor The system can monitor the hosts’ actions to specify the hosts’ security level by the monitors. The user must install the monitor in their computer. Monitor communicate to the controller. 5

System architecture- controller Functions: –Host registering: Make sure that all the hosts and switches connected to the network are authorized. –Flow computing: Compute the packet’s flow path based on the network’s topological structure. It can make sure all of the data flow paths are compatible with the system’s security policy 6 Level: 2Level: 3

System architecture- controller (cont.d) –Flow updating: When the flow path has been computed, the Controller updates the flow tables of switches which locate on the path to set up it. 7

System architecture- filter Content check module –Level 1: Check the data field and flags field. –Level 2: Check the unused fields and optional field. –Level 3: Check the sequence number and acknowledgement number. –Level 4: Check the covert channel which uses packet retransmission or packet loss to send information. 8

Experiment 9

Conclusion This paper proposed a design of multi- level security network switch system which can restrict covert channel. The design can guarantee the availability and security of the information exchange among hosts in multi-level security network system. The experiment showed that the design is available. 10

Reference [L-BLP security model in local area network], stract/abstract44.shtmlhttp:// stract/abstract44.shtml 11

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.