120 likes | 202 Views
SECURITY, QoS, and (File) Content Differentiation. -Sujeeth Narayan -Ankur Patwa -Francisco Torres. Introduction. A new policy based document sharing application Differentiation of document sections according to intended user roles. Secure transfer of information with QoS
E N D
SECURITY, QoS, and (File) Content Differentiation -Sujeeth Narayan -Ankur Patwa -Francisco Torres
Introduction • A new policy based document sharing application • Differentiation of document sections according to intended user roles. • Secure transfer of information with QoS • Alert on receiving information based on document priority labeling
What would be used? • LDAP – for authentication and credentials • Bandwidth reservation + GRE Tunnels – for file transfer • PasTMon tool + Tunneling for inter-network exchange • RSVP + Tunneling for intra-network exchange • XML Parser – for parsing a document to be sent • Different modes of sending a new message alert • Voice message • Email • SMS
Components • Cluster of Servers • LDAP Authentication • XML Parsing Service • Notification Service • File Transfer service • Cluster of File Systems • Document distribution • Client side tool • Proposed Tool
Proposed Tool • Allow user to classify the information • Insert xml tags differentiating between classified information • Encrypt the document and send it to xml parser
Scenario 1 • Login to LDAP • Download user Credentials • Sets the user priority value • Routing decision based on priority • Intranet Routing with RSVP/GRE Tunnel if needed • Internet Routing with decisions based on QoS measured. 3 2 1 3 3 2 1
Scenario 2 An User logs into the system, and then sends a document If Receiver is on-line, document is delivered; otherwise, a notice will be sent to him IF document has been labeled as URGENT Encrypted document Based on list of receivers, XML sends their copies to receivers’X500 XML Parser decrypts document using Public Key and makes copies of it Choose best option between DMZ and User’s X500 Encrypted document Encrypted document User’s Private Key
Scenario 3 An User logs into the system, and a document is waiting for him X500 verifies the existence of the document, and sends it back to DMZ • User logs in: • Normal Session • As result of a notice • sent by the system DMZ where user got authenticated, checks with user’s X500 for a potential document for him Document delivered to user
Conclusion • Future work • Research of QoS implementation in this project • Bell-Lapadula Model (write-down/read-up)? • Images, Sound, Videoconferences? How to differentiate these on such a scenario?
Conclusion • References • Protection: http://www.research.microsoft.com/~lampson/09-protection/Acrobat.pdf • Identity Systems: http://books.nap.edu/html/id_questions/ • Trusted Computer System Evaluation Criteria: http://www.boran.com/security/tcsec.html • Security of the Internet: http://www.cert.org/encyc_article/tocencyc.html • Int. to Computer Security: http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf • Designing an Authentication System: http://web.mit.edu/kerberos/www/dialogue.html • Home Network Security: http://www.cert.org/tech_tips/home_networks.html • Open Shortest Path First (OSPF): http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ospf.htm • How routing algorithms work: http://computer.howstuffworks.com/routing-algorithm3.htm • Wired-Wireless Network Architectures: http://www.symbol.com/category.php?fileName=WP-32_network_architectures.xml • pasTmon Tool : www.pastmon.sourceforge.net • RSVP: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rsvp.htm • GRE with RSVP: http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801982ae.shtml • Open LDAP: http://www.openldap.org/ • X 500: http://www.terena.nl/library/gnrt/specialist/x500.html