学位论文详细信息
Security Architecture and Protocols for Overlay Network Services
Performance and scalability;Applied cryptography;Systems security;Overlay networks
Srivatsa, Mudhakar ; Computing
University:Georgia Institute of Technology
Department:Computing
关键词: Performance and scalability;    Applied cryptography;    Systems security;    Overlay networks;   
Others  :  https://smartech.gatech.edu/bitstream/1853/16284/1/srivatsa_mudhakar_200708_phd.pdf
美国|英语
来源: SMARTech Repository
PDF
【 摘 要 】

Conventional wisdom suggests that in order to build a secure system, security must be an integral component in the system design. However, cost considerations drive most system designers to channel their efforts on the system's performance, scalability and usability. With little or no emphasis on security, such systems are vulnerable to a wide range of attacks that can potentially compromise confidentiality, integrity and availability of sensitive data. It is often cumbersome to redesign and implement massive systems with security as one of the primary design goals. This thesis advocates a proactive approach that cleanly retrofits security solutions into existing system architectures. The first step in this approach is to identify security threats, vulnerabilities and potential attacks on a system or an application. The second step is to develop security tools in the form of customizable and configurable plug-ins that address these security issues and minimally modify existing system code, while preserving its performance and scalability metrics. This thesis uses overlay network applications to shepherd through and address challenges involved in supporting security in large scale distributed systems. In particular, the focus is on two popular applications: publish/subscribe networks and VoIP networks. Our work on VoIP networks has for the first time identified and formalized caller identification attacks on VoIP networks. We have identified two attacks: a triangulation based timing attack on the VoIP network's route set up protocol and a flow analysis attack on the VoIP network's voice session protocol. These attacks allow an external observer (adversary) to uniquely (nearly) identify the true caller (and receiver) with high probability. Our work on the publish/subscribe networks has resulted in the development of an unified framework for handling event confidentiality, integrity, access control and DoS attacks, while incurring small overhead on the system. We have proposed a key isomorphism paradigm to preserve the confidentiality of events on publish/subscribe networks while permitting scalable content-based matching and routing. Our work on overlay network security has resulted in a novel information hiding technique on overlay networks. Our solution represents the first attempt to transparently hide the location of data items on an overlay network.

【 预 览 】
附件列表
Files Size Format View
Security Architecture and Protocols for Overlay Network Services 2678KB PDF download
  文献评价指标  
  下载次数:14次 浏览次数:13次