1 / 9

A Secure Code Deployment Scheme for Active Networks

Amdjed Mokhtari Leïla Kloul 22 November 2005. A Secure Code Deployment Scheme for Active Networks. Outline. Introduction & Motivation Code distribution mechanisms Security mechanisms Conclusions and future works. Code distribution. Code identification

gamba
Download Presentation

A Secure Code Deployment Scheme for Active Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Amdjed Mokhtari Leïla Kloul 22 November 2005 A Secure Code Deployment Scheme for Active Networks

  2. Outline • Introduction & Motivation • Code distribution mechanisms • Security mechanisms • Conclusions and future works

  3. Code distribution Code identification address Filter (@source, …) and type (TCP, …) limited to one user class Identifier : hash code (MD5, …) links an identifier to its developer Code deployment In band persistence and sharing of codes Out band pre-selection of nodes, multiple path

  4. 4 Publication Web Site User 5 3 6 1 Code developer 2 Active Node 7 CISS 1 – Active code sending 6- Request of referenced code 4-Consultation of the application service and recuperation of the identifier 2- identifier sending 3- Publication on the web site 5- Active data packets and reference sending 7– Active code sending Code distribution • CISS Approach (Code Identification and Storage Server) Deployment phase Referencing phase Publication phase

  5. Code distribution Approach multi CISS Repartition of CISS Placed at the edge of the network Code base management Distributed code bases Replicated code bases Guarantee the uniqueness of the identifier Distributed code bases management

  6. C Passive node User 3 4 A 3 B D 3 1 2 4 Active node CISS 1- Code request 3- Code request 2 – Active code sending 4 - Active code sending - Code distribution • MixedApproach : combines CISS approach and Hop by Hop approach (Node by Node defined in ANTS) Previous node A Packet header Injection phase Migration Phase

  7. Security mechanisms Security in code distribution Authentication CAAN (Certificate Authority for Active Network) Key for each entity : CISS, nodes, developers, users and also the code Execution authorization Utilization of a temporary keys Adaptation of ROSA technique [BAGNULO et al 02]

  8. CAAN User 4 Certificate authentication request Certificate authentication request 6 5 Code developer 1 7 2 Active node 3 CISS 8 4- Certificate sending with a temporary key request 1 – Certificate sending with code publication request 7- Request of code and its key 5- Temporary key sending after verification 2- Code reception acceptation 8– Active code and its key sending 3 – Active code sending 6- Active data packets with reference sending and temporary key Security mechanisms • Security in code distribution Deployment phase Referencing phase Publication phase

  9. Conclusions & Future works • Conclusions • Global scheme for code distribution based on • A Code Identification and Storage Server (CISS) • A Publication Site Web of the CISS code base • Global scheme for the security based on • Utilization temporary keys for the code deployment • A certification authority (CAAN) • Future works • Performance analysis of the defined techniques in large scale network • Evaluate the cost of the developed security mechanisms in terms of execution times

More Related