DOC PREVIEW
SJSU CS 265 - Collaboration

This preview shows page 1 out of 4 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 4 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 4 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Secure Collaboration Architecture Microsoft Netmeeting and Solaris based Sunforum are among many programs that have been created for application sharing applications across Internet. While the use of these programs is very popular, they are lacking in important security aspects that are needed for a robust industrial usage. A typical industrial application need have the following design requirements- 1. Secure collaboration server outside the company firewall 2. Authentication mechanism tied to directory like LDAP 3. Encrypted data exchange tunnel 4. Backend services like FTP and application sharing 5. Predictable bandwidth for high volume data 6. Intrusion detection system NPTest has implemented the following architecture- Customer Site Customer Site Customer NPTest Site NPTest NxGenConneCollabSecure ExtendeSecure Connectivity Services Enclave NPTest, INTERNET or Dedicated NPTest Site SecureHowever, before we delve into the details of the system it is worthwhile to pause and look at the need for such collaboration software. NPTest Inc. is a semi-conductor equipment company. It makes testers to test the devices coming out of a semi -conductor fabrication factory. These equipments are used to do failure analysis for a device and to investigate process defects. The testers it makes typically sell for $1m - $4m with a total revenue of about $500m per annum. All the major semiconductor companies distributed all over the world- United States, Japan, Korea Singapore, China, Malaysia and a host of other places use the equipment. Many of the installations are in the production environments where downtime is extremely expensive. From a marketing perspective the important factors to sell the equipment are: -Mean Time Between Failure -Ability and to diagnose issues for the failure and be able to fix them -Ability to share the equipment between different facilities -Able to collaborate with the commercial test houses -Ability to demonstrate the image quality, user interface and other important aspects to the prospective customers -Cost of fixing the issues arising on the customer site The process of design-debug process for a device semi-conductor device often needs IP information to be shared between the collaborating laboratories. Confidentiality of the layout/netlist information is very important for companies like Intel and ST since it hol ds clues to the process innovation done on a particular generation of a technology. Typically NPTest tools are have an imaging mode used for navigation on the surface of the device. For most cases where a device packs millions of transistors it is necessary to align the live image acquisition with the “layout” done for the device. This involves going to three (or more) known locations on the device surface (akin to looking at it through an electron microscope) as well as the “ layout” and establish one-to-one relationship between them. This generates the transformation matrix between the twospaces. After that one can navigate on the surface of the device using the layout window if they are linked together. The layout information for a typical microprocessor is tens of gigabytes , which is difficult to share within the company. Also, because of the proprietary nature of the layout companies are unwilling to let this information go out of their firewall except in limited fashion. The debug houses and circuit edit houses, either inside the company or outside of it it need the layout information to be able to improve their suc cess rate for signal acquisition or device modification. The collaboration seeks to solve the following problems- -It allows remote debug of the system, especially at a beta software/hardware site -It allows some parts of the service to be done remotely -It allows quick response to any customer issues -It allows for remote demonstration of new products -It allows for sharing of equipment between dispersed laboratories justifying an expensive purchase -It allows for limited sharing of design data between the design house and a test house on as needed basis The important issues that had to be solved during the process of implementation were- -NPTest Server with tied LDAP based authentication: This assures that only the allowed users can get on to the server. This is different from public servers used by Netmeeting and Sunforum. -Assured Privacy to meetings: To create a secure space for each customer and be sure that no un-authorized person is accessing the space. This was solved using a combination of technology and policy implementation. A commercial third party tool was bought which divided the server into separate named spaces. Each user is provided access to some of these named spaces. Usually, these named spaces are on per customer basis. Only the customer for whom the named space is created could initiate meetings in that space. Thus, for a space created for ST Micro Inc. can have meetings initiated by peopleof that company. The server authenticates each user who signs on to the server and his user id is indicated in a separate window. This was needed since in applications like Netmeeting user can impersonate someone else’s identity easily. The person who initiates the meeting controls who can join the conference. All the participants in a meeting are displayed in real-time in a separate window and the initiator can kick out any participant. -Control Flow: The initiator of the meeting can declare a meeting in which he could allow passing of controls (view-execute) or does not allow that( view only). If a meeting is declared view-execute than any participant can request control, which the initiator can grant at will. After that anytime initiator does any mouse or keyboard activity the control is passed back to him automatically. -Security consideration on sharing a terminal window: On a Unix system it is possible to share a terminal window, which is potentially opening a big security hole in the firewall of the company. To obviate this two policies have been implemented- all the meetings are timed out and also the shared application should always have the current focus. The latter is to discount the possibility that a user inadvertently shares an application and forgets about that. -Encryption: Open SSH was used to created an encrypted tunnel. There is an option of using AES 128, 192,256, DES , blowfish or arkforce. This is helpful while talking to the IT security of the


View Full Document

SJSU CS 265 - Collaboration

Documents in this Course
Stem

Stem

9 pages

WinZip

WinZip

6 pages

Rsync

Rsync

7 pages

Hunter

Hunter

11 pages

SSH

SSH

16 pages

RSA

RSA

7 pages

Akenti

Akenti

17 pages

Blunders

Blunders

51 pages

Captcha

Captcha

6 pages

Radius

Radius

8 pages

Firewall

Firewall

10 pages

SAP

SAP

6 pages

SECURITY

SECURITY

19 pages

Rsync

Rsync

18 pages

MDSD

MDSD

9 pages

honeypots

honeypots

15 pages

VPN

VPN

6 pages

Wang

Wang

18 pages

TKIP

TKIP

6 pages

ESP

ESP

6 pages

Dai

Dai

5 pages

Load more
Download Collaboration
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Collaboration and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Collaboration 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?