An integrated approach for security on demand in high-speed, shared-use networks.

摘要

This dissertation presents a user level security on demand system, resulting from an integration of a fundamental framework for network security with the fundamental and unique characteristics of Asynchronous Transfer Mode (ATM) networks. The framework offers a conceptual structure encapsulating the fundamental knowledge and set of relationships in network security, permitting systematic and scientific reasoning about network security. The changing nature of networks from a set of unconnected entities, controlled and used by a specific class of users, to an increasingly interconnected and integrated, “mixed use”, set of networks, simultaneously shared by different classes of users, requires a mechanism to enable these “mixed use” networks to meet the diverse security requirements of all users. The framework, developed as a part of this dissertation, provides the ability for all user groups, such as the military, government, industry and academia, to define their security requirements within its context and enable the framework, when integrated into an ATM network, to provide a template for matching network security resources to individual user requirements.; The user level aspect of the security system is unique and is enabled by the ATM network's call setup process. In this approach, during the call setup phase, the security posture of every node and link is computed, utilizing the security framework. When the system configures a virtual path from source to destination, every node and link is verified to meet the user specified security, in addition to bandwidth and other quality of service (QoS) requirements. Traffic is launched when the call setup succeeds, otherwise, the call fails. Thus, the approach is consistent with the basic characteristics of ATM networks, offering comprehensive security while viewing security as a distributed network resource, allocating it to each user efficiently, based on demand and dictated by the need. This approach was modeled for representative, 50, 40 and 32 node ATM networks and the model is successfully implemented through an asynchronous distributed simulation. Analysis of the behavior, obtained utilizing stochastic, representative input traffic, scientifically validates the security on demand system and reveals negligible performance impact on an ATM network's operation and advantages over the status quo.