The Shrink-Wrapped VPN Node

The wide availability of public domain IPsec implementations allows the creation of VPNs based on low-cost platforms. However, setting up a VPN node involves a lot of work such as the creation of IPsec Security Associations and associated tunnels, including the necessary management of keys. Moreover, routing and firewall facilities must be provided to ensure the isolation of the members of the VPN from the public Internet. In this paper we present a drop-in VPN node that is compact, low-cost and requires little administration or maintenance. We discuss the features and advantages of our system. Next, we demonstrate how this system was used for the creation of a VPN linking networks within the University campus with others located in outside locations (e.g. other companies, home networks etc.) Finally, we present our evaluation of the work performed and describe our future plans

Drop-in Security for Distributed and Portable Computing Elements

The widespread use of mobile computing and telecommuting has increased the need for effective protection of computing platforms. Traditional schemes that involve strengthening the security of individual systems, or the use of firewalls at network entry points have difficulty accommodating the special requirements of remote and mobile users. We propose the use of a special purpose drop-in firewall/VPN gateway called Sieve, that can be inserted between the mobile workstation and the network to provide individualized security services for that particular station. Sieve is meant to be used like an external modem: the user only needs to plug it in. Its existence is transparent to the user, requiring no modification to the workstation configuration. To function in this role, Sieve has been designed to be compact, low-cost, requiring little administration or maintenance. In this paper, we discuss the features and advantages of our system. We demonstrate how Sieve was used in various application areas (home, university environment, etc.) and describe our future plans

How to buy a network: Trading of resources in the physical layer

IEEE Communications Magazine, 44(12): pp. 94-102.Recently, a number of new research initiatives, most notably UCLPv2 and GENI, have promoted the dynamic partition of physical network resources (infrastructure) as the means to operate the network, and to implement new protocols and services. This has led to a number of open issues such as resource discovery, implementation of resource partitioning, and the aggregation of resources to create arbitrary network topologies. To us, the key issue is the design of a mechanism to trade, acquire, and control network resources, given a choice of providers of physical resources (infrastructure providers). In this article we present an architecture that allows physical resources to be traded, while granting users controlled access to the acquired resources via a policy enforcement mechanism. In addition, it allows resource provider domains to be linked via configurable, provider-neutral resource exchange points that are the physical resource equivalents of the pooling point, or Internet Exchange Point (IXP). We demonstrate how our trading system will operate by presenting a use case in which a network topology is constructed using resources from multiple providers, be it Internet Service Providers (ISPs), or National Research Experimental Network (NREN) providers. The use case also shows how a dynamic reconfiguration can be effected by the customer though the use of simple access control policies, without involving the provider

Implementation and Performance Evaluation of Embedded IPsec in Microkernel OS

The rapid development of the embedded systems and the wide use of them in many sensitive fields require safeguarding their communications. Internet Protocol Security (IPsec) is widely used to solve network security problems by providing confidentiality and integrity for the communications in the network, but it introduces communication overhead. This overhead becomes a critical factor with embedded systems because of their low computing power and limited resources. In this research, we studied the overhead of using embedded IPsec in constrained resource systems, which run microkernel operating system (OS), in terms of the network latency and throughput. To conduct our experiment first, we ran the test with an unmodified network stack, and then we ran the same test with the modified network stack which contains the IPsec implementation. Later, we compared the results obtained from these two sets of experiments to examine the overhead. Our research demonstrated that the overhead imposed by IPsec protocols is small and well within the capabilities of even low cost microcontrollers such as the one used in the Raspberry Pi computer

The Athens affair

IEEE Spectrum, 44(7): pp. 26-33

Countering Code Injection Attacks With Instruction Set Randomization

We describe a new, general approach for safeguarding systems against any type of code-injection attack. We apply Kerckhoff's principle, by creating process-specific randomized instruction sets (e.g., machine instructions) of the system executing potentially vulnerable software. An attacker who does not know the key to the randomization algorithm will inject code that is invalid for that randomized processor, causing a runtime exception. To determine the difficulty of integrating support for the proposed mechanism in the operating system, we modified the Linux kernel, the GNU binutils tools, and the bochs-x86 emulator. Although the performance penalty is significant, our prototype demonstrates the feasibility of the approach, and should be directly usable on a suitable-modified processor (e.g., the Transmeta Crusoe).Our approach is equally applicable against code-injecting attacks in scripting and interpreted languages, e.g., web-based SQL injection. We demonstrate this by modifying the Perl interpreter to permit randomized script execution. The performance penalty in this case is minimal. Where our proposed approach is feasible (i.e., in an emulated environment, in the presence of programmable or specialized hardware, or in interpreted languages), it can serve as a low-overhead protection mechanism, and can easily complement other mechanisms

A Market-based Bandwidth Charging Framework

The increasing demand for high-bandwidth applications such as video-on-demand and grid computing is reviving interest in bandwidth reservation schemes. Earlier attempts did not catch on for a number of reasons, notably lack of interest on the part of the bandwidth providers. This, in turn, was partially caused by the lack of an efficient way of charging for bandwidth. Thus, the viability of bandwidth reservation depends on the existence of an efficient market where bandwidth-related transactions can take place. For this market to be effective, it must be efficient for both the provider (seller) and the user (buyer) of the bandwidth. This implies that: (a) the buyer must have a wide choice of providers that operate in a competitive environment, (b) the seller must be assured that a QoS transaction will be paid by the customer, and (c) the QoS transaction establishment must have low overheads so that it may be used by individual customers without a significant burden to the provider. In order to satisfy these requirements, we propose a framework that allows customers to purchase bandwidth using an open market where providers advertise links and capacities and customers bid for these services. The model is close to that of a commodities market that offers both advance bookings (futures) and a spot market. We explore the mechanisms that can support such a model

Secure APIs For Applications In Microkernel-Based Systems

The Internet evolved from a collection of computers to today’s agglomeration of all sort of devices (e.g. printers, phones, coffee makers, cameras and so on) a large part of which contain security vulnerabilities. The current wide scale attacks are, in most cases, simple replays of the original Morris Worm of the mid-80s. The effects of these attacks are equally devastating because they affect huge numbers of connected devices. The reason for this lack of progress is that software developers will keep writing vulnerable software due to problems associated with the way software is designed and implemented and market realities. So in order to contain the problem we need effective control of network communications and more specifically, we need to vet all network connections made by an application on the premise that if we can prevent an attacker from reaching his victim, the attack cannot take place. This paper presents a comprehensive network security framework, including a well-defined applications programming interface (API) that allows fine-grained and flexible control of network connections. In this way, we can finally instantiate the principles of dynamic network control and protect vulnerable applications from network attacks

Dealing with System Monocultures

Software systems often share common vulnerabilities that allow a single attack to compromise large numbers of machines (write once, exploit everywhere). Borrowing from biology, several researchers have proposed the introduction of artificial diversity in systems as a means for countering this phenomenon. The introduced differences affect the way code is constructed or executed, but retain the functionality of the original system. In this way, systems that exhibit the same functionality have unique characteristics that protect them from common mode attacks. Over the years, several such have been proposed. We examine some of the most significant techniques and draw conclusions on how they can be used to harden systems against attacks