90 likes | 222 Vues
Amdjed Mokhtari Leïla Kloul 22 November 2005. A Secure Code Deployment Scheme for Active Networks. Outline. Introduction & Motivation Code distribution mechanisms Security mechanisms Conclusions and future works. Code distribution. Code identification
E N D
Amdjed Mokhtari Leïla Kloul 22 November 2005 A Secure Code Deployment Scheme for Active Networks
Outline • Introduction & Motivation • Code distribution mechanisms • Security mechanisms • Conclusions and future works
Code distribution Code identification address Filter (@source, …) and type (TCP, …) limited to one user class Identifier : hash code (MD5, …) links an identifier to its developer Code deployment In band persistence and sharing of codes Out band pre-selection of nodes, multiple path
4 Publication Web Site User 5 3 6 1 Code developer 2 Active Node 7 CISS 1 – Active code sending 6- Request of referenced code 4-Consultation of the application service and recuperation of the identifier 2- identifier sending 3- Publication on the web site 5- Active data packets and reference sending 7– Active code sending Code distribution • CISS Approach (Code Identification and Storage Server) Deployment phase Referencing phase Publication phase
Code distribution Approach multi CISS Repartition of CISS Placed at the edge of the network Code base management Distributed code bases Replicated code bases Guarantee the uniqueness of the identifier Distributed code bases management
C Passive node User 3 4 A 3 B D 3 1 2 4 Active node CISS 1- Code request 3- Code request 2 – Active code sending 4 - Active code sending - Code distribution • MixedApproach : combines CISS approach and Hop by Hop approach (Node by Node defined in ANTS) Previous node A Packet header Injection phase Migration Phase
Security mechanisms Security in code distribution Authentication CAAN (Certificate Authority for Active Network) Key for each entity : CISS, nodes, developers, users and also the code Execution authorization Utilization of a temporary keys Adaptation of ROSA technique [BAGNULO et al 02]
CAAN User 4 Certificate authentication request Certificate authentication request 6 5 Code developer 1 7 2 Active node 3 CISS 8 4- Certificate sending with a temporary key request 1 – Certificate sending with code publication request 7- Request of code and its key 5- Temporary key sending after verification 2- Code reception acceptation 8– Active code and its key sending 3 – Active code sending 6- Active data packets with reference sending and temporary key Security mechanisms • Security in code distribution Deployment phase Referencing phase Publication phase
Conclusions & Future works • Conclusions • Global scheme for code distribution based on • A Code Identification and Storage Server (CISS) • A Publication Site Web of the CISS code base • Global scheme for the security based on • Utilization temporary keys for the code deployment • A certification authority (CAAN) • Future works • Performance analysis of the defined techniques in large scale network • Evaluate the cost of the developed security mechanisms in terms of execution times