Anti ping security demo
This presentation is the property of its rightful owner.
Sponsored Links
1 / 29

Anti-Ping Security Demo PowerPoint PPT Presentation


  • 89 Views
  • Uploaded on
  • Presentation posted in: General

Anti-Ping Security Demo. Active Networks Seraphim Security Roy Campbell and Dennis Mickunas University of Illinois at Urbana. Gnip pesky pings. Gnipper Active Network Application. Tasks & Goals. Demonstrate the advantages of active network security Change security dynamically

Download Presentation

Anti-Ping Security Demo

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Anti ping security demo

Anti-Ping Security Demo

Active Networks Seraphim Security

Roy Campbell and Dennis Mickunas

University of Illinois at Urbana


Gnip pesky pings

Gnip pesky pings...

Gnipper Active Network Application


Tasks goals

Tasks & Goals

  • Demonstrate the advantages of active network security

  • Change security dynamically

  • Fine grain security control

  • Security reconfiguration as the packet hops

  • Show security provisions for Classic examples


Problem

Problem

Unwanted ping packets and traceroutes require active defense from Gnipper Software


Issues

Issues

  • What does an AN security application look like?

  • Enforcement: Application level versus Security System level

  • Authorization, Domain interaction, Granularity, Revocation

  • Interoperability, Backward Compatibility, Conformance with Architecture


The ping problem

The Ping Problem


Ping traverses network

Ping Traverses Network


Response travels back

Response travels back


Source of pings

Source of Pings?


Gnipper app removes unwanted pings

Gnipper App. removes unwanted pings


Restructured ants

Secure

ANTS

Node OS

Arch Ref

Model

Active

Capabilities

EE PART

Classic

ANTS

Seraphim

Reference Monitor

EE PART

Node OS Part

Node OS Part

Restructured ANTS


Innoculate the network

Innoculate the network

GNIPPER

VACCINE


A new ping arrives

A new ping arrives


Gnipper revokes permission to reply

Gnipper revokes permission to reply


Gnipper traces ping if permitted installs gnipper

Gnipper traces ping, if permitted installs Gnipper


Only one hop no further info

Only one hop - no further info


Classic anet has no security assurance

Classic Anet has no security assurance

CLASSIC

ANET


Classic anet lacks hop source security identification

Classic Anet lacks hop source security identification

Security identification

CLASSIC

ANET


Another pesky ping

Another pesky ping


No permission to reply

No permission to reply


Gnipper traverse classic anet to node with security

Gnipper traverse Classic Anet to node with security

CLASSIC

ANET


Now pings stopped close to source

Now Pings stopped close to source

OLD

ANET

OLD

ANET


Broadcast gnipper

Broadcast Gnipper

CLASSIC

ANET


Multicast gnipper

Multicast Gnipper

CLASSIC

ANET


Issues exemplified

Issues Exemplified

  • Masquerading-Can a extra node insert pings?

  • Impersonation- ping like another?

  • Replay- Can a node replay a valid ping?

  • Authorization-When can a principal ping?

  • Revocation- Can ping rights be removed?

  • Can security be dynamically reconfigured?

  • Is Gnipper correct?


Advanced issues

Advanced Issues

  • Identifying capsules and capsule intent?

  • Functionality -- capability (for method call) versus application code (interpretation of actions)

  • Non-repudiation of capsule changes and code transformations in routing network

  • Trust model for network architecture


Status of project

Status of Project

  • 1st Draft Active Network Security API conforming to Node Architecture and Security Architecture

  • Prototype reference monitor complete

  • Policy enforcement engine

  • Application Security Insights

  • Seraphim Active Network Security Demo


Next steps

Next Steps

  • Trust Model

  • Roles and Domains

  • Approved Security Active Network API

  • Formal Verification

  • Demo of Security for Reliable Multicast


News item

News Item

SERAPHIM Project at University of Illinois Announces Secure ANTS

Roy H. Campbell

M. Dennis Mickunas

Seraphim announces the availability of a secure ANTS execution environment for the ABONE. Secure ANTS incorporates the Seraphim security reference monitor and conforms to the Active Network Node OS and Active Network Security Architectures. It provides a wide range of security functions and security policies including discretionary access control and active capabilities. "Gnipper", an authenticated security program written for secure ANTS counters ping ANTS programs by revoking the specific user privileges required to perform ping. Gnipper produces a dynamic firewall that advances towards the source of a selected ping activation, preventing ping packets from penetrating beyond the dynamic firewall.

Current active network research efforts propose novel network architectures to enable fast protocol and service deployment. However the dynamic and proactive nature of these active networks adds a new dimension to the security risks, and increases the of possibility of attacks by malicious user code. The goal of the Seraphim project is to build security architecture for active networks that is dynamic, reconfigurable, extensible and interoperable.

We plan to extend our suite of dynamic security policies using roles and address issues of interoperability across administrative domains. Future security applications are being designed for multicast and to counter a variety of security attacks.


  • Login