SlideShare une entreprise Scribd logo

6 security130123

ICT PRISTINE
ICT PRISTINE

RINA Workshop 3

Internet
1  sur  19
Télécharger pour lire hors ligne
© John Day, 2013 1 Rights Reserved The Pouzin Society Security in RINA IRATI Workshop Barcelona, Spain John Day Lou Chitkushev
© John Day, 2013 2 Rights Reserved The Pouzin Society First a Word on Method •  When trying to work out the IPC Model absolutely no thought was given to security. All of the focus was just understanding the structure. •  People kept asking, What about Security? Is there a security layer? •  Didn’t Know. Hadn’t thought about it. •  There was the obvious: –  The recursion of the layer provided Isolation. –  That only the Application Name and local port-id were exposed to the correspondents. •  Interesting, but hardly an answer •  But it wasn’t the time for those questions . . . •  At least not yet . . .
© John Day, 2013 3 Rights Reserved The Pouzin Society The Recursion Provided Isolation •  Security by isolation, (not obscurity) •  Hosts can not address any element of the ISP. •  No user hacker can compromise ISP assets. •  Unless ISP is physically compromised. ISP Hosts and ISPs do not share DIFS. (ISP may have more layers
© John Day, 2013 4 Rights Reserved The Pouzin Society How Does It Work? Security •  A Hacker in the Public Internet cannot connect to an Application in another DIF without either joining the DIF, or creating a new DIF spanning both. Either requires authentication and access control. –  Non-IPC applications that can access two DIFs are a potential security problem. •  Certainly promising Public Internet ISP 1 ISP 2 ISP 3 Internet Rodeo Drive Utility SCADA My Net Facebook Boutique Internet Mall of America
© John Day, 2013 5 Rights Reserved The Pouzin Society But When It Was Time •  The question was not, how to put in security? •  The question was, •  What does the IPC Model tell us about security? –  Remember, our first task is always understanding. •  Let the Problem Answer the Question! –  Let the Problem Tell Us What to Do.
© John Day, 2013 6 Rights Reserved The Pouzin Society The Problem Had a Lot to Say •  We Already Mentioned How Little is Exposed the Layer Above. •  The Original OS Model indicated where Access Control went. •  Creating the Application Connection for Enrollment indicated where Authentication belonged, and that –  Authentication of Applications must be done by the Applications themselves. –  All members of the layer are authenticated within policy. •  SDU Protection clearly provided Confidentiality and Integrity. •  That implied that only Minimal trust was necessary: –  Only that the lower layer will deliver something to someone. Port:=Allocate(Dest-Appl, params) Access Control Exercised
© John Day, 2013 7 Rights Reserved The Pouzin Society A Very Unexpected Result •  A DIF with no explicit security mechanisms is inherently more secure than the current Internet under the same conditions! •  It would appear that –  A DIF is a Securable Container.
© John Day, 2013 8 Rights Reserved The Pouzin Society Other Things Fall Into Place •  Data Transfer in RINA is based on Delta-t (Watson, 1980) •  Lot has happened in 30 years, many attacks on TCP have been found: –  Port scanning – Reset Attacks –  SYN attacks – Reassembly Attacks •  Long after delta-t was designed, what about delta-t? •  Short answer: –  None of them work (Boddapati, et al., 2012) •  Amazing, totally unexpected –  Why not? •  Multiple fundamental reasons, but all inherent in the structure: –  First, have to join the DIF (all members are authenticated) –  Second, No Well-Known Ports •  Would have to scan all possible application names! –  Third and more importantly, . . .
© John Day, 2013 9 Rights Reserved The Pouzin Society Decoupling Port Allocation and Synchronization •  No Way to Know What CEP-ids are Being Used, Since There is No Relation Between Port-id and CEP-id. –  Syn Attack: must guess which of 2^16 CEP-id. –  Data Transfer: must guess CEP-id and seq num within window! –  Reassembly attack: Reassembly only done once. Synchronization Connection Endpoint Port Allocation Port-id Connection
© John Day, 2013 10 Rights Reserved The Pouzin Society Decoupling Port Allocation and Synchronization: No IPSec •  IPsec is necessary with TCP/IP because no authentication and Sequence numbers turn over too quickly: don’t repeat sequence number with same CEP-id. •  With RINA and delta-t, IPC Processes all authenticated, SDU Protection does the encryption, and packet sequence numbers slows rollover, but if it does, then simply allocate a new connection •  And bind it to the same port-ids, old one disappears after 2MPL. Connection Endpoint Port Allocation Port-id Connection SDU Protection SDU Protection
© John Day, 2013 11 Rights Reserved The Pouzin Society RINA is Inherently More Secure and Less Work •  A DIF is a Securable Container. (Small, 2011) –  What info required to mount an attack, How to get the info –  Small does a threat analysis at the architecture level •  Implies that Firewalls are Unnecessary, –  The DIF is the Firewall! •  RINA Security is considerably Less Complex than the Current Internet Security (Small, 2012) –  Only do a rough estimate counting protocols and mechanisms. •  See paper for details.
© John Day, 2013 12 Rights Reserved The Pouzin Society 802.3 802.3 802.3 802.3 IP IP IP IP TCP TCP Browser Server MACsec MACsec MACsec MACsec EAPOL EAPOL EAPOL EAPOL IPsec IPsec IKE IKE UDP UDP TLS TLS Protocols: 15 Non-Security: 89 Security: 28 Copyright © 2012, Jeremiah Small. All Rights Reserved.
© John Day, 2013 13 Rights Reserved The Pouzin Society What Does This Mean? •  Protocols – We Know What That Refers To •  Security Mechanisms – Authentication, Access Control, Integrity, Confidentiality, Non-Repudiation. •  Non-Security Mechanisms – All the others listed in the book: delimiting, relaying, ordering, multiplexing, fragmentation/reassembly, Lost and Duplicate Detection, Flow Control, Retransmission Control, Compession, Addressing, Initial State Synchronization.
© John Day, 2013 14 Rights Reserved The Pouzin Society 1-DIF 1-DIF 1-DIF 1-DIF 2-DIF 2-DIF 2-DIF 2-DIF Browser Server Backbone-DIF Backbone-DIF AppSec-DIF AppSec-DIF Protocols: 3 Non-Security: 15 Security: 5 Copyright © 2012, Jeremiah Small. All Rights Reserved.
© John Day, 2013 15 Rights Reserved The Pouzin Society Internet RINA Protocols 15 3 Non-Security Mechanisms 89 15 Security Mechanisms 28 7 Totals Copyright © 2012, Jeremiah Small. All Rights Reserved.
© John Day, 2013 16 Rights Reserved The Pouzin Society Internet RINA Protocols 8 0 Non-Security Mechanisms 59 0 Security Mechanisms 28 7 To Add Security Copyright © 2012, Jeremiah Small. All Rights Reserved.
© John Day, 2013 17 Rights Reserved The Pouzin Society Why Is Internet Security So Bad? •  The Standard Rationale One Sees is that They Didn’t Think About It at the Beginning. –  Neither did We. –  Nor did Watson. –  But RINA and delta-t are more secure. •  That Seems to Imply that –  Good Design May be More Important to Security than Security Is.
© John Day, 2013 18 Rights Reserved The Pouzin Society Conclusion •  This is a MAJOR Improvement in Internet Security. –  Not only more secure, but for less cost, with less overhead. •  So is Internet Security solved? –  Hardly. –  Still need: to develop the plug-in policy modules –  to consider DDoS (we have some ideas) –  As well as protecting against Rogue IPC Processes –  and much more to explore. •  Most attacks are in the Applications, this does nothing about that. –  But Much of this applies equally well to DAFs •  Model implies that OS security reduces to Bounds Checking on Memory and IPC Security. –  May also make it harder, might be able to deflect more DDoS attacks
© John Day, 2013 19 Rights Reserved The Pouzin Society Questions?

Recommandé

Lost layer talk 2014
Lost layer talk 2014Lost layer talk 2014
Lost layer talk 2014
ICT PRISTINE
 
RINA Introduction, part II
RINA Introduction, part IIRINA Introduction, part II
RINA Introduction, part II
ICT PRISTINE
 
RINA Introduction, part I
RINA Introduction, part IRINA Introduction, part I
RINA Introduction, part I
ICT PRISTINE
 
3 addressingthe problem130123
3 addressingthe problem1301233 addressingthe problem130123
3 addressingthe problem130123
Eleni Trouva
 
RINA Tutorial @ IEEE Globecom 2014
RINA Tutorial @ IEEE Globecom 2014RINA Tutorial @ IEEE Globecom 2014
RINA Tutorial @ IEEE Globecom 2014
Eleni Trouva
 
RINA: Recursive Inter Network Architecture
RINA: Recursive Inter Network ArchitectureRINA: Recursive Inter Network Architecture
RINA: Recursive Inter Network Architecture
Miguel Ponce de Leon @ TSSG / Waterford Institute of Technology
 
Next generation web protocols
Next generation web protocolsNext generation web protocols
Next generation web protocols
Daniel Austin
 
IRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE WorkshopIRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE Workshop
Eleni Trouva
 

Recommandé

Lost layer talk 2014
Lost layer talk 2014Lost layer talk 2014
Lost layer talk 2014
ICT PRISTINE
 
RINA Introduction, part II
RINA Introduction, part IIRINA Introduction, part II
RINA Introduction, part II
ICT PRISTINE
 
RINA Introduction, part I
RINA Introduction, part IRINA Introduction, part I
RINA Introduction, part I
ICT PRISTINE
 
3 addressingthe problem130123
3 addressingthe problem1301233 addressingthe problem130123
3 addressingthe problem130123
Eleni Trouva
 
RINA Tutorial @ IEEE Globecom 2014
RINA Tutorial @ IEEE Globecom 2014RINA Tutorial @ IEEE Globecom 2014
RINA Tutorial @ IEEE Globecom 2014
Eleni Trouva
 
RINA: Recursive Inter Network Architecture
RINA: Recursive Inter Network ArchitectureRINA: Recursive Inter Network Architecture
RINA: Recursive Inter Network Architecture
Miguel Ponce de Leon @ TSSG / Waterford Institute of Technology
 
Next generation web protocols
Next generation web protocolsNext generation web protocols
Next generation web protocols
Daniel Austin
 
IRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE WorkshopIRATI Experimentation, US-EU FIRE Workshop
IRATI Experimentation, US-EU FIRE Workshop
Eleni Trouva
 
IRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OSIRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OS
ICT PRISTINE
 
Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012
Eleni Trouva
 
Always Offline: Delay-Tolerant Networking for the Internet of Things
Always Offline: Delay-Tolerant Networking for the Internet of ThingsAlways Offline: Delay-Tolerant Networking for the Internet of Things
Always Offline: Delay-Tolerant Networking for the Internet of Things
Daniel Austin
 
IETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routingIETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routing
APNIC
 
Net essentials6e ch4
Net essentials6e ch4Net essentials6e ch4
Net essentials6e ch4
APSU
 
Janet access solutions
Janet access solutionsJanet access solutions
Janet access solutions
Jisc
 
Networking Basic and Cisco History
Networking Basic and Cisco History Networking Basic and Cisco History
Networking Basic and Cisco History
Er Aadarsh Srivastava
 
Net essentials6e ch6
Net essentials6e ch6Net essentials6e ch6
Net essentials6e ch6
APSU
 
Securing IP Fax - A New Standard Approach
Securing IP Fax - A New Standard ApproachSecuring IP Fax - A New Standard Approach
Securing IP Fax - A New Standard Approach
James Rafferty
 
Materi Perkuliahan Jaringan Komputer Teknik Informatika Chapter 2
Materi Perkuliahan Jaringan Komputer Teknik Informatika Chapter 2Materi Perkuliahan Jaringan Komputer Teknik Informatika Chapter 2
Materi Perkuliahan Jaringan Komputer Teknik Informatika Chapter 2
Raga Yustia
 
Rina IRATI GLIF Singapore 2013
Rina IRATI GLIF Singapore 2013Rina IRATI GLIF Singapore 2013
Rina IRATI GLIF Singapore 2013
Eleni Trouva
 
Evolution of internet by Ali Kashif
Evolution of internet by Ali KashifEvolution of internet by Ali Kashif
Evolution of internet by Ali Kashif
Ali Kashif Bashir. Ph.D, MIEEE
 
Ch01 ce
Ch01 ceCh01 ce
Ch01 ce
khamisseif
 
Experience Using RIR Whois
Experience Using RIR WhoisExperience Using RIR Whois
Experience Using RIR Whois
APNIC
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network Operators
APNIC
 
Peer to peer Networks
Peer to peer Networks Peer to peer Networks
Peer to peer Networks
Nicola Cerami
 
Networking Basics - Ferdon
Networking Basics - FerdonNetworking Basics - Ferdon
Networking Basics - Ferdon
Susan Ferdon
 
Managing and monitoring large scale data transfers - Networkshop44
Managing and monitoring large scale data transfers - Networkshop44Managing and monitoring large scale data transfers - Networkshop44
Managing and monitoring large scale data transfers - Networkshop44
Jisc
 
1. RINA motivation - TF Workshop
1. RINA motivation - TF Workshop1. RINA motivation - TF Workshop
1. RINA motivation - TF Workshop
ARCFIRE ICT
 
Overlay network
Overlay networkOverlay network
Overlay network
iQra Rafaqat
 
Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
Lancope, Inc.
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
Lancope, Inc.
 

Contenu connexe

Tendances

IRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OSIRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OS
ICT PRISTINE
 
Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012
Eleni Trouva
 
Net essentials6e ch6
Net essentials6e ch6Net essentials6e ch6
Net essentials6e ch6
APSU
 
Materi Perkuliahan Jaringan Komputer Teknik Informatika Chapter 2
Materi Perkuliahan Jaringan Komputer Teknik Informatika Chapter 2Materi Perkuliahan Jaringan Komputer Teknik Informatika Chapter 2
Materi Perkuliahan Jaringan Komputer Teknik Informatika Chapter 2
Raga Yustia
 
Managing and monitoring large scale data transfers - Networkshop44
Managing and monitoring large scale data transfers - Networkshop44Managing and monitoring large scale data transfers - Networkshop44
Managing and monitoring large scale data transfers - Networkshop44
Jisc
 

Tendances (20)

IRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OSIRATI: an open source RINA implementation for Linux/OS
IRATI: an open source RINA implementation for Linux/OS
 
Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012Irati fire-engineering-workshop-nov2012
Irati fire-engineering-workshop-nov2012
 
Always Offline: Delay-Tolerant Networking for the Internet of Things
Always Offline: Delay-Tolerant Networking for the Internet of ThingsAlways Offline: Delay-Tolerant Networking for the Internet of Things
Always Offline: Delay-Tolerant Networking for the Internet of Things
 
IETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routingIETF 112: Internet centrality and its impact on routing
IETF 112: Internet centrality and its impact on routing
 
Net essentials6e ch4
Net essentials6e ch4Net essentials6e ch4
Net essentials6e ch4
 
Janet access solutions
Janet access solutionsJanet access solutions
Janet access solutions
 
Networking Basic and Cisco History
Networking Basic and Cisco History Networking Basic and Cisco History
Networking Basic and Cisco History
 
Net essentials6e ch6
Net essentials6e ch6Net essentials6e ch6
Net essentials6e ch6
 
Securing IP Fax - A New Standard Approach
Securing IP Fax - A New Standard ApproachSecuring IP Fax - A New Standard Approach
Securing IP Fax - A New Standard Approach
 
Materi Perkuliahan Jaringan Komputer Teknik Informatika Chapter 2
Materi Perkuliahan Jaringan Komputer Teknik Informatika Chapter 2Materi Perkuliahan Jaringan Komputer Teknik Informatika Chapter 2
Materi Perkuliahan Jaringan Komputer Teknik Informatika Chapter 2
 
Rina IRATI GLIF Singapore 2013
Rina IRATI GLIF Singapore 2013Rina IRATI GLIF Singapore 2013
Rina IRATI GLIF Singapore 2013
 
Evolution of internet by Ali Kashif
Evolution of internet by Ali KashifEvolution of internet by Ali Kashif
Evolution of internet by Ali Kashif
 
Ch01 ce
Ch01 ceCh01 ce
Ch01 ce
 
Experience Using RIR Whois
Experience Using RIR WhoisExperience Using RIR Whois
Experience Using RIR Whois
 
DDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network OperatorsDDoS Threat Landscape - Challenges faced by Network Operators
DDoS Threat Landscape - Challenges faced by Network Operators
 
Peer to peer Networks
Peer to peer Networks Peer to peer Networks
Peer to peer Networks
 
Networking Basics - Ferdon
Networking Basics - FerdonNetworking Basics - Ferdon
Networking Basics - Ferdon
 
Managing and monitoring large scale data transfers - Networkshop44
Managing and monitoring large scale data transfers - Networkshop44Managing and monitoring large scale data transfers - Networkshop44
Managing and monitoring large scale data transfers - Networkshop44
 
1. RINA motivation - TF Workshop
1. RINA motivation - TF Workshop1. RINA motivation - TF Workshop
1. RINA motivation - TF Workshop
 
Overlay network
Overlay networkOverlay network
Overlay network
 

Similaire à 6 security130123

Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
Lancope, Inc.
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
Lancope, Inc.
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
Great Bay Software
 
Internal host-reputation-webinar
Internal host-reputation-webinarInternal host-reputation-webinar
Internal host-reputation-webinar
Lancope, Inc.
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
KerimBozkanli
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Emulex Corporation
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
Lancope, Inc.
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
James Sutter
 
Man in the Binder
Man in the BinderMan in the Binder
Man in the Binder
nitayart
 

Similaire à 6 security130123 (20)

Protecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber CrimeProtecting Financial Networks from Cyber Crime
Protecting Financial Networks from Cyber Crime
 
Challenges2013
Challenges2013Challenges2013
Challenges2013
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Internal host-reputation-webinar
Internal host-reputation-webinarInternal host-reputation-webinar
Internal host-reputation-webinar
 
lec security
lec securitylec security
lec security
 
OMG Data-Distribution Service Security
OMG Data-Distribution Service SecurityOMG Data-Distribution Service Security
OMG Data-Distribution Service Security
 
Technology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityTechnology & Policy Interaction Panel at Inform[ED] IoT Security
Technology & Policy Interaction Panel at Inform[ED] IoT Security
 
iotsecurity-171108154118.pdf
iotsecurity-171108154118.pdfiotsecurity-171108154118.pdf
iotsecurity-171108154118.pdf
 
Philippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTsPhilippines Cybersecurity Conference 2021: The role of CERTs
Philippines Cybersecurity Conference 2021: The role of CERTs
 
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
Cybersecurity: Do Your Have a Plan to Address Threats and Prevent Liability?
 
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber ThreatsUsing NetFlow to Streamline Security Analysis and Response to Cyber Threats
Using NetFlow to Streamline Security Analysis and Response to Cyber Threats
 
Check Point designing a security
Check Point designing a securityCheck Point designing a security
Check Point designing a security
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
Emerging Threats and Attack Surfaces
Emerging Threats and Attack SurfacesEmerging Threats and Attack Surfaces
Emerging Threats and Attack Surfaces
 
Security in the News
Security in the NewsSecurity in the News
Security in the News
 
Man in the Binder
Man in the BinderMan in the Binder
Man in the Binder
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
 
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please!, by Eric Vyncke [APNI...
 
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
Internet of Things... Let's Not Forget Security Please, by Eric Vyncke [APNI...
 
IoT Security
IoT SecurityIoT Security
IoT Security
 

Plus de ICT PRISTINE

Plus de ICT PRISTINE (20)

Assuring QoS Guarantees for Heterogeneous Services in RINA Networks with ΔQ
Assuring QoS Guarantees for Heterogeneous Services in RINA Networks with ΔQAssuring QoS Guarantees for Heterogeneous Services in RINA Networks with ΔQ
Assuring QoS Guarantees for Heterogeneous Services in RINA Networks with ΔQ
 
Benefits of programmable topological routing policies in RINA-enabled large s...
Benefits of programmable topological routing policies in RINA-enabled large s...Benefits of programmable topological routing policies in RINA-enabled large s...
Benefits of programmable topological routing policies in RINA-enabled large s...
 
The hague rina-workshop-nfv-diego
The hague rina-workshop-nfv-diegoThe hague rina-workshop-nfv-diego
The hague rina-workshop-nfv-diego
 
The hague rina-workshop-interop-deployment_vincenzo
The hague rina-workshop-interop-deployment_vincenzoThe hague rina-workshop-interop-deployment_vincenzo
The hague rina-workshop-interop-deployment_vincenzo
 
The hague rina-workshop-congestioncontrol-peyman
The hague rina-workshop-congestioncontrol-peymanThe hague rina-workshop-congestioncontrol-peyman
The hague rina-workshop-congestioncontrol-peyman
 
The hague rina-workshop-mobility-eduard
The hague rina-workshop-mobility-eduardThe hague rina-workshop-mobility-eduard
The hague rina-workshop-mobility-eduard
 
The hageu rina-workshop-security-peter
The hageu rina-workshop-security-peterThe hageu rina-workshop-security-peter
The hageu rina-workshop-security-peter
 
Th hauge rina-workshop-sdn-virtualisation_neil
Th hauge rina-workshop-sdn-virtualisation_neilTh hauge rina-workshop-sdn-virtualisation_neil
Th hauge rina-workshop-sdn-virtualisation_neil
 
The hague rina-workshop-intro-eduard
The hague rina-workshop-intro-eduardThe hague rina-workshop-intro-eduard
The hague rina-workshop-intro-eduard
 
The hague rina-workshop-welcome-miguel
The hague rina-workshop-welcome-miguelThe hague rina-workshop-welcome-miguel
The hague rina-workshop-welcome-miguel
 
Eucnc rina-tutorial
Eucnc rina-tutorialEucnc rina-tutorial
Eucnc rina-tutorial
 
2016 06-10-ieee-sdn (1)
2016 06-10-ieee-sdn (1)2016 06-10-ieee-sdn (1)
2016 06-10-ieee-sdn (1)
 
Pristine rina-tnc-2016
Pristine rina-tnc-2016Pristine rina-tnc-2016
Pristine rina-tnc-2016
 
Pristine rina-security-icc-2016
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016
 
Pristine rina-sdk-icc-2016
Pristine rina-sdk-icc-2016Pristine rina-sdk-icc-2016
Pristine rina-sdk-icc-2016
 
Rina acc-icc16-stein
Rina acc-icc16-steinRina acc-icc16-stein
Rina acc-icc16-stein
 
Congestion Control in Recursive Network Architectures
Congestion Control in Recursive Network ArchitecturesCongestion Control in Recursive Network Architectures
Congestion Control in Recursive Network Architectures
 
Rina sim workshop
Rina sim workshopRina sim workshop
Rina sim workshop
 
Dublin addressingtheproblem131224
Dublin addressingtheproblem131224Dublin addressingtheproblem131224
Dublin addressingtheproblem131224
 
Dublin mngmt140120
Dublin mngmt140120Dublin mngmt140120
Dublin mngmt140120
 

Dernier

VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
SUHANI PANDEY
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Delhi Call girls
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
soniya singh
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
SUHANI PANDEY
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
kojalkojal131
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
gwenoracqe6
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
SUHANI PANDEY
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
SUHANI PANDEY
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
SUHANI PANDEY
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Dernier (20)

VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
Yerawada ] Independent Escorts in Pune - Book 8005736733 Call Girls Available...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft DatingDubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
Dubai Call Girls Milky O525547819 Call Girls Dubai Soft Dating
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Prashant Vihar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 

6 security130123

  • 1. © John Day, 2013 1 Rights Reserved The Pouzin Society Security in RINA IRATI Workshop Barcelona, Spain John Day Lou Chitkushev
  • 2. © John Day, 2013 2 Rights Reserved The Pouzin Society First a Word on Method •  When trying to work out the IPC Model absolutely no thought was given to security. All of the focus was just understanding the structure. •  People kept asking, What about Security? Is there a security layer? •  Didn’t Know. Hadn’t thought about it. •  There was the obvious: –  The recursion of the layer provided Isolation. –  That only the Application Name and local port-id were exposed to the correspondents. •  Interesting, but hardly an answer •  But it wasn’t the time for those questions . . . •  At least not yet . . .
  • 3. © John Day, 2013 3 Rights Reserved The Pouzin Society The Recursion Provided Isolation •  Security by isolation, (not obscurity) •  Hosts can not address any element of the ISP. •  No user hacker can compromise ISP assets. •  Unless ISP is physically compromised. ISP Hosts and ISPs do not share DIFS. (ISP may have more layers
  • 4. © John Day, 2013 4 Rights Reserved The Pouzin Society How Does It Work? Security •  A Hacker in the Public Internet cannot connect to an Application in another DIF without either joining the DIF, or creating a new DIF spanning both. Either requires authentication and access control. –  Non-IPC applications that can access two DIFs are a potential security problem. •  Certainly promising Public Internet ISP 1 ISP 2 ISP 3 Internet Rodeo Drive Utility SCADA My Net Facebook Boutique Internet Mall of America
  • 5. © John Day, 2013 5 Rights Reserved The Pouzin Society But When It Was Time •  The question was not, how to put in security? •  The question was, •  What does the IPC Model tell us about security? –  Remember, our first task is always understanding. •  Let the Problem Answer the Question! –  Let the Problem Tell Us What to Do.
  • 6. © John Day, 2013 6 Rights Reserved The Pouzin Society The Problem Had a Lot to Say •  We Already Mentioned How Little is Exposed the Layer Above. •  The Original OS Model indicated where Access Control went. •  Creating the Application Connection for Enrollment indicated where Authentication belonged, and that –  Authentication of Applications must be done by the Applications themselves. –  All members of the layer are authenticated within policy. •  SDU Protection clearly provided Confidentiality and Integrity. •  That implied that only Minimal trust was necessary: –  Only that the lower layer will deliver something to someone. Port:=Allocate(Dest-Appl, params) Access Control Exercised
  • 7. © John Day, 2013 7 Rights Reserved The Pouzin Society A Very Unexpected Result •  A DIF with no explicit security mechanisms is inherently more secure than the current Internet under the same conditions! •  It would appear that –  A DIF is a Securable Container.
  • 8. © John Day, 2013 8 Rights Reserved The Pouzin Society Other Things Fall Into Place •  Data Transfer in RINA is based on Delta-t (Watson, 1980) •  Lot has happened in 30 years, many attacks on TCP have been found: –  Port scanning – Reset Attacks –  SYN attacks – Reassembly Attacks •  Long after delta-t was designed, what about delta-t? •  Short answer: –  None of them work (Boddapati, et al., 2012) •  Amazing, totally unexpected –  Why not? •  Multiple fundamental reasons, but all inherent in the structure: –  First, have to join the DIF (all members are authenticated) –  Second, No Well-Known Ports •  Would have to scan all possible application names! –  Third and more importantly, . . .
  • 9. © John Day, 2013 9 Rights Reserved The Pouzin Society Decoupling Port Allocation and Synchronization •  No Way to Know What CEP-ids are Being Used, Since There is No Relation Between Port-id and CEP-id. –  Syn Attack: must guess which of 2^16 CEP-id. –  Data Transfer: must guess CEP-id and seq num within window! –  Reassembly attack: Reassembly only done once. Synchronization Connection Endpoint Port Allocation Port-id Connection
  • 10. © John Day, 2013 10 Rights Reserved The Pouzin Society Decoupling Port Allocation and Synchronization: No IPSec •  IPsec is necessary with TCP/IP because no authentication and Sequence numbers turn over too quickly: don’t repeat sequence number with same CEP-id. •  With RINA and delta-t, IPC Processes all authenticated, SDU Protection does the encryption, and packet sequence numbers slows rollover, but if it does, then simply allocate a new connection •  And bind it to the same port-ids, old one disappears after 2MPL. Connection Endpoint Port Allocation Port-id Connection SDU Protection SDU Protection
  • 11. © John Day, 2013 11 Rights Reserved The Pouzin Society RINA is Inherently More Secure and Less Work •  A DIF is a Securable Container. (Small, 2011) –  What info required to mount an attack, How to get the info –  Small does a threat analysis at the architecture level •  Implies that Firewalls are Unnecessary, –  The DIF is the Firewall! •  RINA Security is considerably Less Complex than the Current Internet Security (Small, 2012) –  Only do a rough estimate counting protocols and mechanisms. •  See paper for details.
  • 12. © John Day, 2013 12 Rights Reserved The Pouzin Society 802.3 802.3 802.3 802.3 IP IP IP IP TCP TCP Browser Server MACsec MACsec MACsec MACsec EAPOL EAPOL EAPOL EAPOL IPsec IPsec IKE IKE UDP UDP TLS TLS Protocols: 15 Non-Security: 89 Security: 28 Copyright © 2012, Jeremiah Small. All Rights Reserved.
  • 13. © John Day, 2013 13 Rights Reserved The Pouzin Society What Does This Mean? •  Protocols – We Know What That Refers To •  Security Mechanisms – Authentication, Access Control, Integrity, Confidentiality, Non-Repudiation. •  Non-Security Mechanisms – All the others listed in the book: delimiting, relaying, ordering, multiplexing, fragmentation/reassembly, Lost and Duplicate Detection, Flow Control, Retransmission Control, Compession, Addressing, Initial State Synchronization.
  • 14. © John Day, 2013 14 Rights Reserved The Pouzin Society 1-DIF 1-DIF 1-DIF 1-DIF 2-DIF 2-DIF 2-DIF 2-DIF Browser Server Backbone-DIF Backbone-DIF AppSec-DIF AppSec-DIF Protocols: 3 Non-Security: 15 Security: 5 Copyright © 2012, Jeremiah Small. All Rights Reserved.
  • 15. © John Day, 2013 15 Rights Reserved The Pouzin Society Internet RINA Protocols 15 3 Non-Security Mechanisms 89 15 Security Mechanisms 28 7 Totals Copyright © 2012, Jeremiah Small. All Rights Reserved.
  • 16. © John Day, 2013 16 Rights Reserved The Pouzin Society Internet RINA Protocols 8 0 Non-Security Mechanisms 59 0 Security Mechanisms 28 7 To Add Security Copyright © 2012, Jeremiah Small. All Rights Reserved.
  • 17. © John Day, 2013 17 Rights Reserved The Pouzin Society Why Is Internet Security So Bad? •  The Standard Rationale One Sees is that They Didn’t Think About It at the Beginning. –  Neither did We. –  Nor did Watson. –  But RINA and delta-t are more secure. •  That Seems to Imply that –  Good Design May be More Important to Security than Security Is.
  • 18. © John Day, 2013 18 Rights Reserved The Pouzin Society Conclusion •  This is a MAJOR Improvement in Internet Security. –  Not only more secure, but for less cost, with less overhead. •  So is Internet Security solved? –  Hardly. –  Still need: to develop the plug-in policy modules –  to consider DDoS (we have some ideas) –  As well as protecting against Rogue IPC Processes –  and much more to explore. •  Most attacks are in the Applications, this does nothing about that. –  But Much of this applies equally well to DAFs •  Model implies that OS security reduces to Bounds Checking on Memory and IPC Security. –  May also make it harder, might be able to deflect more DDoS attacks
  • 19. © John Day, 2013 19 Rights Reserved The Pouzin Society Questions?