poster

Data path credentials for high-performance capabilities-based networks

Author:

Tilman WolfAuthors Info & Claims

ANCS '08: Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

Pages 129 - 130

https://doi.org/10.1145/1477942.1477965

Published: 06 November 2008 Publication History

Get Access

Abstract

Capabilities-based networks present a fundamental shift in the security design of network architectures. Instead of permitting the transmission of packets from any source to any destination, routers deny forwarding by default. For a successful transmission, packets need to positively identify themselves and their permissions to the router. The analysis of the data path credentials data structure that we propose shows that as few as 128 bits are sufficient to reduce the probability of unauthorized traffic reaching its destination to a fraction of a percent.

References

[1]

Anderson, T., Roscoe, T., and Wetherall, D. Preventing Internet denial-of-service with capabilities. SIGCOMM Computer Communication Review 34, 1 (Jan. 2004), 39--44.

Digital Library

Google Scholar

[2]

Ballani, H., Chawathe, Y., Ratnasamy, S., Roscoe, T., and Shenker, S. Off by default! In Proc. of Fourth Workshop on Hot Topics in Networks (HotNets-IV) (College Park, MD, Nov. 2005).

Google Scholar

[3]

Wolf, T. A credential-based data path architecture for assurable global networking. In Proc. of the 2007 IEEE Conference on Military Communications (MILCOM) (Orlando, FL, Oct. 2007).

Crossref

Google Scholar

[4]

Wolf, T. Design of a network architecture with inherent data path security. In Proc. of ACM/IEEE Symposium on Architectures for Networking and Communication Systems (ANCS) (Orlando, FL, Dec. 2007), pp. 39--40.

Digital Library

Google Scholar

Cited By

View all

Sultana SGhinita GBertino EShehab M(2015)A Lightweight Secure Scheme for Detecting Provenance Forgery and Packet DropAttacks in Wireless Sensor NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2013.4412:3(256-269)Online publication date: May-2015
https://doi.org/10.1109/TDSC.2013.44
Wolf TNatarajan SVasudevan K(2013)High-performance capabilities for 1-hop containment of network attacksIEEE/ACM Transactions on Networking10.1109/TNET.2013.224046321:6(1931-1946)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1109/TNET.2013.2240463
Sultana SGhinita GBertino EShehab M(2012)A Lightweight Secure Provenance Scheme for Wireless Sensor NetworksProceedings of the 2012 IEEE 18th International Conference on Parallel and Distributed Systems10.1109/ICPADS.2012.24(101-108)Online publication date: 17-Dec-2012
https://dl.acm.org/doi/10.1109/ICPADS.2012.24
Show More Cited By

Index Terms

Data path credentials for high-performance capabilities-based networks
1. Security and privacy
  1. Network security

Recommendations

High-performance architectures for IP-based multihop 802.11 networks

The concept of a forwarding node, which receives packets from upstream nodes and then transmits these packets to downstream nodes, is a key element of any multihop network, wired or wireless. While high-speed IP router architectures have been ...
Performance Evaluation of Advanced High-Speed Data Transfer Methods in Long-Distance Broadband Networks
AINAW '08: Proceedings of the 22nd International Conference on Advanced Information Networking and Applications - Workshops

Remote backup and some grid applications transfer large amounts of data over long distance networks. The throughput of TCP Reno and NewReno over LFNs (large fat pipe networks) is much smaller than application requirements. High speed protocols are being ...
Performance evaluation of TCP-BIAD in high-speed, long-distance networks

In this paper, the performance of Binary Increase Adaptive Decrease (TCP-BIAD) congestion control algorithm in high-speed long-distance networks is evaluated. As its name implies, this TCP variant is a combination of an enhanced binary increase ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ANCS '08: Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems

November 2008

191 pages

ISBN:9781605583464

DOI:10.1145/1477942

General Chair:
Mark Franklin
Washington University in St. Louis
,
Program Chairs:
D. K. Panda
Ohio State University
,
Dimitri Stiliadis
Bell Laboratory

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Poster

Funding Sources

SPAWAR Systems Center Pacific, Space and Naval Warfare Systems Command

Conference

ANCS '08

Sponsor:

ANCS '08: Symposium on Architecture for Networking and Communications Systems

November 6 - 7, 2008

California, San Jose

Acceptance Rates

ANCS '08 Paper Acceptance Rate 17 of 67 submissions, 25%;

Overall Acceptance Rate 88 of 314 submissions, 28%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
165
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 26 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Sultana SGhinita GBertino EShehab M(2015)A Lightweight Secure Scheme for Detecting Provenance Forgery and Packet DropAttacks in Wireless Sensor NetworksIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2013.4412:3(256-269)Online publication date: May-2015
https://doi.org/10.1109/TDSC.2013.44
Wolf TNatarajan SVasudevan K(2013)High-performance capabilities for 1-hop containment of network attacksIEEE/ACM Transactions on Networking10.1109/TNET.2013.224046321:6(1931-1946)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1109/TNET.2013.2240463
Sultana SGhinita GBertino EShehab M(2012)A Lightweight Secure Provenance Scheme for Wireless Sensor NetworksProceedings of the 2012 IEEE 18th International Conference on Parallel and Distributed Systems10.1109/ICPADS.2012.24(101-108)Online publication date: 17-Dec-2012
https://dl.acm.org/doi/10.1109/ICPADS.2012.24
Chasaki DWolf TLin BMogul JIyer R(2010)Design of a secure packet processorProceedings of the 6th ACM/IEEE Symposium on Architectures for Networking and Communications Systems10.1145/1872007.1872011(1-10)Online publication date: 25-Oct-2010
https://dl.acm.org/doi/10.1145/1872007.1872011
Wolf TVasudevan K(2009)A high-performance capabilities-based network protocol2009 5th IEEE Workshop on Secure Network Protocols10.1109/NPSEC.2009.5342257(1-6)Online publication date: Oct-2009
https://doi.org/10.1109/NPSEC.2009.5342257

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

High-performance architectures for IP-based multihop 802.11 networks

Performance Evaluation of Advanced High-Speed Data Transfer Methods in Long-Distance Broadband Networks

Performance evaluation of TCP-BIAD in high-speed, long-distance networks

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations