Guest Editorial

摘要

Network security is a continuing endeavor as exhibited by this special issue on the subject. Although the problem of securing networks emerged almost simultaneously with their development, attaining a fixed set of complete solutions remains evasive. In the history of the development of computers and networking, solutions to challenging problems have become touchstones, and from among them we can draw a parallel to the current state of network development. The book1 Journey to the Moon: the History of the Apollo Guidance Computer by Eldon C. Hall, offers one such touchstone. The unprecedented requirements for a manned lunar landing compelled the computer designers to adopt, at that time, new yet unproven technology - the integrated circuit (IC). To mitigate risk, they standardized the design of the computer on a single circuit type - the NOR gate in Resistor-Transistor-Logic (RTL). In the book, one of the computer designers, Jayne Partridge Hanley, poetically captured the benefits from a singularity of IC-type when she wrote these verses for "IC the Moon": It also had to be reliable And large quantity buyable As the parts failed The causes we nailed Making the process viable. Today, we are witnessing a parallel in the adoption of the Internet Protocol (IP). IP convergence is the trend where the IP is becoming the standard transport for transmitting all information (voice, data, music, video, TV, teleconferencing, etc.). Although the motivation for this convergence is not necessarily for mitigating failures, one of the derived benefits it offers is that network security can focus on the IP instead of a plethora of transport protocols. This singularity can yield a network that is more robust to attack. However, the transport layer is but one of several layers in the network protocol stack, and this distinction indicates the primary difference between computer security and network security: the former is concerned with securing a single machine whereas the latter must be concerned with securing many machines connected together. Networks, therefore, admit scale and decentralization. These properties, coupled with the richness of the protocol stack, mean that networks have the capability to incorporate vastly different - and changing - technologies and implementations. Network security is thus prohibited from becoming a single act; instead, network security is a process. Therefore, our aim, in this special issue, is toward "making the process viable".