Panel: Dynamic Security in Active NetworksArchitecture: Dynamic Security PoliciesSecure Active Node ArchitectureReference MonitorActive CapabilitiesNetwork AdministrationPanel: Dynamic Security in Active NetworksRoy CampbellUniversity of Illinois at Urbana-ChampaignArchitecture: Dynamic Security Policies•Security is a Foundation!!! No afterthought.•Node security/integrity guarantees•A universal policy is inadequate for Active Networks•Allow varied security schemes for unknown applicationsNode OSSecure Active Node ArchitectureNode Resources Reference MonitorCoreAdmin. EEEEEEFlowFlowFlowFlowFlowFlowResource Reference & Local CapabilityPolicy ChangeLocal Capability RevocationReference Monitor•All accesses to node resources go through reference monitor•Core security services verify the signature on the capability•Reference monitor evaluates the active capability to check accessActive Capabilities•Global capabilities–Specify access user has to node resources, irrespective of execution environment–Issued by the administrator•Local capabilities–Specific capabilities issued by the Administrative E.E. in response to global onesNetwork Administration•Administrative Execution Environment capsules have highest priority–Preempt all other capsules–Policy change–Capability revocations–Certificate revocations•Universal naming of node
or
We will never post anything without your permission.
Don't have an account? Sign up