anti ping security demo n.
Skip this Video
Download Presentation
Anti-Ping Security Demo

Loading in 2 Seconds...

play fullscreen
1 / 29

Anti-Ping Security Demo - PowerPoint PPT Presentation

  • Uploaded on

Anti-Ping Security Demo. Active Networks Seraphim Security Roy Campbell and Dennis Mickunas University of Illinois at Urbana. Gnip pesky pings. Gnipper Active Network Application. Tasks & Goals. Demonstrate the advantages of active network security Change security dynamically

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Anti-Ping Security Demo' - shani

Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
anti ping security demo

Anti-Ping Security Demo

Active Networks Seraphim Security

Roy Campbell and Dennis Mickunas

University of Illinois at Urbana

gnip pesky pings
Gnip pesky pings...

Gnipper Active Network Application

tasks goals
Tasks & Goals
  • Demonstrate the advantages of active network security
  • Change security dynamically
  • Fine grain security control
  • Security reconfiguration as the packet hops
  • Show security provisions for Classic examples

Unwanted ping packets and traceroutes require active defense from Gnipper Software

  • What does an AN security application look like?
  • Enforcement: Application level versus Security System level
  • Authorization, Domain interaction, Granularity, Revocation
  • Interoperability, Backward Compatibility, Conformance with Architecture
restructured ants



Node OS

Arch Ref








Reference Monitor


Node OS Part

Node OS Part

Restructured ANTS
issues exemplified
Issues Exemplified
  • Masquerading-Can a extra node insert pings?
  • Impersonation- ping like another?
  • Replay- Can a node replay a valid ping?
  • Authorization-When can a principal ping?
  • Revocation- Can ping rights be removed?
  • Can security be dynamically reconfigured?
  • Is Gnipper correct?
advanced issues
Advanced Issues
  • Identifying capsules and capsule intent?
  • Functionality -- capability (for method call) versus application code (interpretation of actions)
  • Non-repudiation of capsule changes and code transformations in routing network
  • Trust model for network architecture
status of project
Status of Project
  • 1st Draft Active Network Security API conforming to Node Architecture and Security Architecture
  • Prototype reference monitor complete
  • Policy enforcement engine
  • Application Security Insights
  • Seraphim Active Network Security Demo
next steps
Next Steps
  • Trust Model
  • Roles and Domains
  • Approved Security Active Network API
  • Formal Verification
  • Demo of Security for Reliable Multicast
news item
News Item

SERAPHIM Project at University of Illinois Announces Secure ANTS

Roy H. Campbell

M. Dennis Mickunas

Seraphim announces the availability of a secure ANTS execution environment for the ABONE. Secure ANTS incorporates the Seraphim security reference monitor and conforms to the Active Network Node OS and Active Network Security Architectures. It provides a wide range of security functions and security policies including discretionary access control and active capabilities. "Gnipper", an authenticated security program written for secure ANTS counters ping ANTS programs by revoking the specific user privileges required to perform ping. Gnipper produces a dynamic firewall that advances towards the source of a selected ping activation, preventing ping packets from penetrating beyond the dynamic firewall.

Current active network research efforts propose novel network architectures to enable fast protocol and service deployment. However the dynamic and proactive nature of these active networks adds a new dimension to the security risks, and increases the of possibility of attacks by malicious user code. The goal of the Seraphim project is to build security architecture for active networks that is dynamic, reconfigurable, extensible and interoperable.

We plan to extend our suite of dynamic security policies using roles and address issues of interoperability across administrative domains. Future security applications are being designed for multicast and to counter a variety of security attacks.