1 / 9

Reflections on Active Network Trust: Insights from the OpenArch Panel

This document summarizes Jonathan Smith's presentation at the OpenArch Panel on March 26, 1999, where he explores the concept of trust within active networks. Inspired by Ken Thompson's Turing Award paper "Reflections on Trusting Trust," Smith discusses the implications of self-replicating code, emphasizing the importance of establishing trust in code and infrastructure. He addresses the challenges of operating in untrusted environments and proposes frameworks for secure communication and authentication. Finally, the necessity for automated trust management and new strategies for scalable solutions are highlighted.

armani
Télécharger la présentation

Reflections on Active Network Trust: Insights from the OpenArch Panel

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reflections on Active Network Trust OpenArch Panel, March 26th, 1999 Jonathan Smith University of Pennsylvania http://www.cis.upenn.edu/~jms

  2. Inspiration: Ken Thompson Turing Award Paper • “Reflections on Trusting Trust” • Example of self-replicating compiler virus • Lesson: You are trusting infrastructure! • A.N. concern so far: trust of code • Can the code trust the A.N.? • Goal in an A.N.: • Either operate in untrusted environments • Or establish web of trust

  3. A.N. Internode Interoperation Application 3 Application 4 Application 1 Application 2 Application 1 Application 3 Execution Environment (e.g., ALIEN) Execution Environment (e.g., ANTS) Execution Environment (e.g., ALIEN) Execution Environment (e.g., ANTS) Node Operating System #1 (e.g., Nemesis, Linux) Node Operating System #2 (e.g.,Scout, NT) Transmission Facilities

  4. Strategies for paranactive nets • Carry all code with you in a capsule • how do you load your code? • Telescope out trust relationships with cryptography and identities • need to think about ad-hoc relations • Pre-establish trust relationships and verify at node

  5. Example: SwitchWare Architecture PLAN Packet Caml Switchlet PLAN Packet Caml Switchlet PLAN ALIEN Library Dynamic Integrity Checks Node-Node Authentication ALIEN/Caml/OS AEGIS Static Integrity Checks Recovery

  6. Trusted Repository Active Network Env. Level 4 Boot Block Level 3 Expansion ROMs BIOS 2 Network BIOS 2 Level 2 BIOS 2 Level 1 Netcard BIOS 1 Level 0 Arbaugh’s AEGIS Architecture

  7. Result: E.E. in known state, but… • Still trust some hardware • Also trust repository for recovery • Need basis, like diplomatic pouch containing a one-time pad • Applications aware AEGIS executed? • Can applications know that system integrity has been preserved?

  8. Some (maybe crazy) ideas: • Allow paranactive applications to invoke AEGIS with themselves as target… • Awful performance, poor multiplexing :-) • Paranactive applications “disarm” gradually (gradually expose more code and credentials as environment is checked) • Automated Trust Management (need new acronym - “third rail” of nets!)

  9. Tools and Needs • AEGIS: http://www.cis.upenn.edu/~waa • Trust management infrastructure • Penn/AT&T work on Keynote • Scalability is a challenge • Need paranactive application examples • Intrusion detection and response? • Mapping and monitoring?

More Related