Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999.

Published byDinah Wood Modified over 8 years ago

Similar presentations

Presentation on theme: "Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999."— Presentation transcript:

1 Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999

2 Secure Active Network Prototypes Goal Produce a sequence of secure prototypes designed for ever increasingly complex environments; provide for dynamic policies and policy distribution Guide / participate in determination of Active Network security architecture

3 Work Completed First prototype: Enterprise Networks –Environment: enterprise LAN, single administrative control, common knowledge of identities and keys –Completed July 1998 Security Architecture –First version completed June 1998 Connection to ABONE active

4 Prototype Features Source authentication and integrity protection Hop-by-hop authentication and integrity protection Authorization of access to Node services based on source

5 Prototype Components Extension of ANTS, MIT’s Active Network environment Ported to JDK 1.2 beta3/beta4 (from JDK 1.0.2) Used JDK 1.2 cryptographic interface –DSA only authentication algorithms available Used JDK 1.2 security architecture –protection domains, permission objects, policy files, stack introspection

6 Prototype Design Source signature over unvarying packet contents Variant packet contents –initial value included in packet –used in signature and verification Hop-by-hop signature of inter-node communications –prevents outsider attacks

7 Prototype Design Node policy relates permissions to key id in packet Incoming active applications are given reference to “wrapper” object instead of reference to Node API Wrapper object intercepts calls to Node services and checks policy Source of request is checked as well as parameters of the service

8 Current Work - Completed Porting to JDK v2 (release of JDK 1.2) Incorporation of JCE cryptography Investigation of mechanisms for dynamic policy change

9 Current Work - In Progress Common AN credential / packet format –credentials will carry security attributes –packet might carry crypto related to packet sender, code author, prior node, modifying node, etc. Preparation for Team #6 demo –implementation of ANTS version of PLAN application exhibiting interesting security requirements

10 Current Work - In Progress Policy representation –Keynote and Keynote Engine strong possibilities Redesign of class hierarchy of ANTS for extensibility (e.g., signatures) and provision for shareable resources

11 Work To Come Extension of protection to active code services and resources –adopt same “wrapper” paradigm, if possible to create code on the fly Credential retrieval Policy distribution Backward compatibility with unauthenticated packets

12 Security Assumptions: Node NodeOS provides API to EE NodeOS establishes channels/flows, assigns resources to channels/flows and controls usage NodeOS starts EE’s as a channel Any channel/flow can start subchannels/flows with a portion of their resources

13 Security Assumptions: EE’s Multiple EE’s in a Node –small number –installed, replaced, terminated dynamically –changes to an EE and the number of EE’s are infrequent EE’s can share services and resources –NodeOS API must provide for inter-EE calls, creation of shared state, provision for EE policy governance of inter-EE calls and sharing

14 Security Assumptions: EE’s EE’s provide their API to the code in active packets EE’s have services and resources to protect Active packet’s code (Active code) runs *inside* EE –I.e., active code is not NodeOS level object using EE library

15 Security Assumptions: Active Packet/Code Active codes share services and resources –EE must provide for inter-active code calls, creation of shared state, provision for active code policy governance over calls and sharing Active code can change EE state (and therefore Node state), including leaving itself behind for other active code to use Packet can be modified by Node, EE or Active Code

16 Security Enforcement EE can create a separate subflow for active code EE relates a principal with subflow EE informs NodeOS of principal behind each NodeOS API call –otherwise, call is mediated and charged to EE principal EE’s are trusted to accurately inform the NodeOS of the principal

17 Policies Node, EE, and Active Code and Packet Source all have policies governing their use: –Node: e.g., packets from the following source may use no more than K units of bandwidth –EE: code from the following author can install itself here –Active Code: active code from the following source may use my data –Packet Source: payload confidentiality must be protected

18 Policies Existing policies are safety properties Liveness properties not possible to ensure –rely on fairness assumptions –rely on design Ergo, cannot ensure that requested service will be supplied Termination turned into safety property

19 Network Operation Packet arrives and is assigned to channel Active Code is executed in the channel Channel may transmit one or several subsequent packets Output packets have no necessary relationship to incoming packets Active Code, EE or Node may determine route of outgoing packets

Download ppt "Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999."

Similar presentations

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu www.list.gmu.edu.

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.

Authored by: Rachit Rastogi Computer Science & Engineering Deptt., College of Technology, G.B.P.U.A. & T., Pantnagar.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.

Rob Jaeger, University of Maryland, Department of Computer Science 1 Active Networking “ The active network provides a platform on which network services.
Towards Application Security On Untrusted OS

Towards Application Security On Untrusted OS
Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration.

Presented by, Sai Charan Obuladinne MYSEA Technology Demonstration.
Key Management in Cryptography

Key Management in Cryptography
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Similar presentations

Ads by Google