Secure quality of service handling: SQoSH

TitleSecure quality of service handling: SQoSH
Publication TypeJournal Articles
Year of Publication2000
AuthorsAlexander DS, Arbaugh WA, Keromytis AD, Muir S, Smith JM
JournalIEEE Communications Magazine
Pagination106 - 112
Date Published2000/04//
ISBN Number0163-6804
KeywordsAcceleration, Access control, active networks, ALIEN active loader, Clocks, Computer network management, cryptographic credentials, cryptography, customized networking services, Data security, Data structures, denial-of-service attacks, interfaces, Kernel, loaded modules, network resources, network traffic, open signaling, packet switching, Piglet lightweight device kernel, programmable network element, programmable network infrastructures, Programming profession, Proposals, quality of service, remote invocation, resource control, restricted control of quality of service, SANE, scheduling, scheduling discipline, secure active network environment architecture, secure quality of service handling, security infrastructure, security risks, SQoSH, SwitchWare architecture, telecommunication security, tuning knobs, virtual clock

Proposals for programmable network infrastructures, such as active networks and open signaling, provide programmers with access to network resources and data structures. The motivation for providing these interfaces is accelerated introduction of new services, but exposure of the interfaces introduces many new security risks. We describe some of the security issues raised by active networks. We then describe our secure active network environment (SANE) architecture. SANE was designed as a security infrastructure for active networks, and was implemented in the SwitchWare architecture. SANE restricts the actions that loaded modules can perform by restricting the resources that can be named; this is further extended to remote invocation by means of cryptographic credentials. SANE can be extended to support restricted control of quality of service in a programmable network element. The Piglet lightweight device kernel provides a “virtual clock” type of scheduling discipline for network traffic, and exports several tuning knobs with which the clock can be adjusted. The ALIEN active loader provides safe access to these knobs to modules that operate on the network element. Thus, the proposed SQoSH architecture is able to provide safe, secure access to network resources, while allowing these resources to be managed by end users needing customized networking services. A desirable consequence of SQoSH's integration of access control and resource control is that a large class of denial-of-service attacks, unaddressed solely with access control and cryptographic protocols, can now be prevented