Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999.

Slides:

Advertisements

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

Advertisements

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.

Towards Application Security On Untrusted OS

Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration.

Key Management in Cryptography

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Privacy Issues in Vehicular Ad Hoc Networks.

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, October 2002 Marco Casassa Mont Richard.

A Security-Aware Routing Protocol for Wireless Ad Hoc Networks

Distributed systems – Part 2  Bluetooth 4 Anila Mjeda.

1 22 August 2001 The Security Architecture of the M&M Mobile Agent Framework P. Marques, N. Santos, L. Silva, J. Silva CISUC, University of Coimbra, Portugal.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

CSC8320. Outline Content from the book Recent Work Future Work.

Secure Credential Manager Claes Nilsson - Sony Ericsson

CHAPTER TEN AUTHORING.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Doc.: IEEE /137r2 Submission June 2000 Tim Godfrey, IntersilSlide 1 TGe Requirements Version r2 8 June 2000.

Authentication Mechanism for Port Control Protocol (PCP) draft-wasserman-pcp-authentication-01.txt Margaret Wasserman Sam Hartman Painless Security Dacheng.

New Cryptographic Techniques for Active Networks Sandra Murphy Trusted Information Systems March 16, 1999.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Application Layer Security Mike Pajevski (NASA/JPL) April 2009.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.

Netprog: Corba Object Services1 CORBA 2.0 Object Services Ref: The Essential Distributed Objects Survival Guide: Orfali, Harky & Edwards.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Information Security in Distributed Systems Distributed Systems1.

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

Securing Data Transmission and Authentication. Securing Traffic with IPSec IPSec allows us to protect our network from within IPSec secures the IP protocol.

Module 10: Windows Firewall and Caching Fundamentals.

© 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2010 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

Deny-by-Default Distributed Security Policy Enforcement in MANETs Joint work with Mansoor AlicherryAngelos D. Keromytis Columbia University Angelos Stavrou.

Task Force CoRD Meeting / XML Security for Statistical Data Exchange Gregory Farmakis Agilis SA.

7.6 Secure Network Security / G.Steffen1. In This Section Threats to Protection List Overview of Encrypted Processing Example.

Extended QoS Authorization for the QoS NSLP Hannes Tschofenig, Joachim Kross.

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Presented by: Sonali Pagade Nibha Dhagat paper1.pdf.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.

COMP1321 Digital Infrastructure Richard Henson March 2016.

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

1 Network Security. 2 Security Services Confidentiality: protection of any information from being exposed to unintended entities. –Information content.

ArcGIS for Server Security: Advanced

Encryption and Network Security

Application Layer Security Mike Pajevski (NASA/JPL) April 2009

Cryptography and Network Security

Seraphim : A Security Architecture for Active Networks

NAAS 2.0 Features and Enhancements

draft-ipdvb-sec-01.txt ULE Security Requirements

Security in SDR & cognitive radio

Presentation transcript:

Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999

Secure Active Network Prototypes Goal Produce a sequence of secure prototypes designed for ever increasingly complex environments; provide for dynamic policies and policy distribution Guide / participate in determination of Active Network security architecture

Work Completed First prototype: Enterprise Networks –Environment: enterprise LAN, single administrative control, common knowledge of identities and keys –Completed July 1998 Security Architecture –First version completed June 1998 Connection to ABONE active

Prototype Features Source authentication and integrity protection Hop-by-hop authentication and integrity protection Authorization of access to Node services based on source

Prototype Components Extension of ANTS, MIT’s Active Network environment Ported to JDK 1.2 beta3/beta4 (from JDK 1.0.2) Used JDK 1.2 cryptographic interface –DSA only authentication algorithms available Used JDK 1.2 security architecture –protection domains, permission objects, policy files, stack introspection

Prototype Design Source signature over unvarying packet contents Variant packet contents –initial value included in packet –used in signature and verification Hop-by-hop signature of inter-node communications –prevents outsider attacks

Prototype Design Node policy relates permissions to key id in packet Incoming active applications are given reference to “wrapper” object instead of reference to Node API Wrapper object intercepts calls to Node services and checks policy Source of request is checked as well as parameters of the service

Current Work - Completed Porting to JDK v2 (release of JDK 1.2) Incorporation of JCE cryptography Investigation of mechanisms for dynamic policy change

Current Work - In Progress Common AN credential / packet format –credentials will carry security attributes –packet might carry crypto related to packet sender, code author, prior node, modifying node, etc. Preparation for Team #6 demo –implementation of ANTS version of PLAN application exhibiting interesting security requirements

Current Work - In Progress Policy representation –Keynote and Keynote Engine strong possibilities Redesign of class hierarchy of ANTS for extensibility (e.g., signatures) and provision for shareable resources

Work To Come Extension of protection to active code services and resources –adopt same “wrapper” paradigm, if possible to create code on the fly Credential retrieval Policy distribution Backward compatibility with unauthenticated packets

Security Assumptions: Node NodeOS provides API to EE NodeOS establishes channels/flows, assigns resources to channels/flows and controls usage NodeOS starts EE’s as a channel Any channel/flow can start subchannels/flows with a portion of their resources

Security Assumptions: EE’s Multiple EE’s in a Node –small number –installed, replaced, terminated dynamically –changes to an EE and the number of EE’s are infrequent EE’s can share services and resources –NodeOS API must provide for inter-EE calls, creation of shared state, provision for EE policy governance of inter-EE calls and sharing

Security Assumptions: EE’s EE’s provide their API to the code in active packets EE’s have services and resources to protect Active packet’s code (Active code) runs *inside* EE –I.e., active code is not NodeOS level object using EE library

Security Assumptions: Active Packet/Code Active codes share services and resources –EE must provide for inter-active code calls, creation of shared state, provision for active code policy governance over calls and sharing Active code can change EE state (and therefore Node state), including leaving itself behind for other active code to use Packet can be modified by Node, EE or Active Code

Security Enforcement EE can create a separate subflow for active code EE relates a principal with subflow EE informs NodeOS of principal behind each NodeOS API call –otherwise, call is mediated and charged to EE principal EE’s are trusted to accurately inform the NodeOS of the principal

Policies Node, EE, and Active Code and Packet Source all have policies governing their use: –Node: e.g., packets from the following source may use no more than K units of bandwidth –EE: code from the following author can install itself here –Active Code: active code from the following source may use my data –Packet Source: payload confidentiality must be protected

Policies Existing policies are safety properties Liveness properties not possible to ensure –rely on fairness assumptions –rely on design Ergo, cannot ensure that requested service will be supplied Termination turned into safety property

Network Operation Packet arrives and is assigned to channel Active Code is executed in the channel Channel may transmit one or several subsequent packets Output packets have no necessary relationship to incoming packets Active Code, EE or Node may determine route of outgoing packets