1 / 7

Panel: Dynamic Security in Active Networks

Panel: Dynamic Security in Active Networks. Roy Campbell University of Illinois at Urbana-Champaign. Panel: U of I Proposal. Dynamic Security Policies Secure Active Node Architecture Reference Monitor Active Capabilities Network Administration. Architecture: Dynamic Security Policies.

lamar-mathis
Download Presentation

Panel: Dynamic Security in Active Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Panel: Dynamic Security in Active Networks Roy Campbell University of Illinois at Urbana-Champaign

  2. Panel: U of I Proposal • Dynamic Security Policies • Secure Active Node Architecture • Reference Monitor • Active Capabilities • Network Administration

  3. Architecture: Dynamic Security Policies • Security is a Foundation!!! No afterthought. • Node security/integrity guarantees • A universal policy is inadequate for Active Networks • Allow varied security schemes for anticipated unknown applications

  4. Reference Monitor • All accesses to node resources go through reference monitor • Core security services verify the signature on the active capability • Reference monitor evaluates the active capability to check access

  5. Active Capabilities • Global capabilities • Specify access user has to node resources, independent of execution environment • Issued by the administrator • Local capabilities • Specific capabilities issued by the Administrative E.E. in response to global ones

  6. Network Administration • Administrative Execution Environment capsules have highest priority • Preempt all other capsules • Policy change • Capability revocations • Certificate revocations • Universal naming of node resources (e.g. like SNMP)

  7. Secure Active Node Architecture Resource Reference & Local Capability Local Capability Revocation Policy Change Flow Flow Flow Flow Flow Flow EE EE Admin. EE Node OS Core Reference Monitor Node Resources

More Related