ABSTRACT
Capabilities-based networks present a fundamental shift in the security design of network architectures. Instead of permitting the transmission of packets from any source to any destination, routers deny forwarding by default. For a successful transmission, packets need to positively identify themselves and their permissions to the router. The analysis of the data path credentials data structure that we propose shows that as few as 128 bits are sufficient to reduce the probability of unauthorized traffic reaching its destination to a fraction of a percent.
- Anderson, T., Roscoe, T., and Wetherall, D. Preventing Internet denial-of-service with capabilities. SIGCOMM Computer Communication Review 34, 1 (Jan. 2004), 39--44. Google ScholarDigital Library
- Ballani, H., Chawathe, Y., Ratnasamy, S., Roscoe, T., and Shenker, S. Off by default! In Proc. of Fourth Workshop on Hot Topics in Networks (HotNets-IV) (College Park, MD, Nov. 2005).Google Scholar
- Wolf, T. A credential-based data path architecture for assurable global networking. In Proc. of the 2007 IEEE Conference on Military Communications (MILCOM) (Orlando, FL, Oct. 2007).Google ScholarCross Ref
- Wolf, T. Design of a network architecture with inherent data path security. In Proc. of ACM/IEEE Symposium on Architectures for Networking and Communication Systems (ANCS) (Orlando, FL, Dec. 2007), pp. 39--40. Google ScholarDigital Library
Index Terms
- Data path credentials for high-performance capabilities-based networks
Recommendations
High-performance architectures for IP-based multihop 802.11 networks
The concept of a forwarding node, which receives packets from upstream nodes and then transmits these packets to downstream nodes, is a key element of any multihop network, wired or wireless. While high-speed IP router architectures have been ...
Performance Evaluation of Advanced High-Speed Data Transfer Methods in Long-Distance Broadband Networks
AINAW '08: Proceedings of the 22nd International Conference on Advanced Information Networking and Applications - WorkshopsRemote backup and some grid applications transfer large amounts of data over long distance networks. The throughput of TCP Reno and NewReno over LFNs (large fat pipe networks) is much smaller than application requirements. High speed protocols are being ...
Performance evaluation of TCP-BIAD in high-speed, long-distance networks
In this paper, the performance of Binary Increase Adaptive Decrease (TCP-BIAD) congestion control algorithm in high-speed long-distance networks is evaluated. As its name implies, this TCP variant is a combination of an enhanced binary increase ...
Comments