ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Data path credentials for high-performance capabilities-based networks
Full text PdfPdf (82 KB)
Source Symposium On Architecture For Networking And Communications Systems archive
Proceedings of the 4th ACM/IEEE Symposium on Architectures for Networking and Communications Systems table of contents
San Jose, California
POSTER SESSION: Posters table of contents
Pages 129-130  
Year of Publication: 2008
ISBN:978-1-60558-346-4
Author
Tilman Wolf  University of Massachusetts, Amherst, MA
Sponsors
SIGARCH: ACM Special Interest Group on Computer Architecture
SIGCOMM: ACM Special Interest Group on Data Communication
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 56,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1477942.1477965
What is a DOI?

ABSTRACT

Capabilities-based networks present a fundamental shift in the security design of network architectures. Instead of permitting the transmission of packets from any source to any destination, routers deny forwarding by default. For a successful transmission, packets need to positively identify themselves and their permissions to the router. The analysis of the data path credentials data structure that we propose shows that as few as 128 bits are sufficient to reduce the probability of unauthorized traffic reaching its destination to a fraction of a percent.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Tom Anderson , Timothy Roscoe , David Wetherall, Preventing Internet denial-of-service with capabilities, ACM SIGCOMM Computer Communication Review, v.34 n.1, January 2004  [doi>10.1145/972374.972382]
 
2
Ballani, H., Chawathe, Y., Ratnasamy, S., Roscoe, T., and Shenker, S. Off by default! In Proc. of Fourth Workshop on Hot Topics in Networks (HotNets-IV) (College Park, MD, Nov. 2005).
 
3
Wolf, T. A credential-based data path architecture for assurable global networking. In Proc. of the 2007 IEEE Conference on Military Communications (MILCOM) (Orlando, FL, Oct. 2007).
4
Tilman Wolf, Design of a network architecture with inherent data path security, Proceedings of the 3rd ACM/IEEE Symposium on Architecture for networking and communications systems, December 03-04, 2007, Orlando, Florida, USA  [doi>10.1145/1323548.1323556]

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.0 General
          Subjects: Security and protection (e.g., firewalls)


General Terms:
Design, Security

Collaborative Colleagues:
Tilman Wolf: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player