Content-Centric Networking: Security

•

5 j'aime•6,036 vues

Presented for TTI Vanguard "Shift Happens" conference (http://bit.ly/TTIVshifthappens) visit to PARC, this is a basic overview of just the security aspects of our content-centric networking program.

Technologie

Content-based Security
Van Jacobson
Research Fellow, PARC

TTI/Vanguard at PARC
February 25, 2010

parc ®

Palo Alto Research Center

Content-centric Networking (CCN)
is a communications architecture
based on dissemination
rather than conversation.

(at the lowest level, you talk about
named data, not to some server)

CCN offers ...
• (provably) optimal content distribution
• painless mobility, wireless, virtualization, ...
• same scalability & efficiency as TCP/IP
• simple, secure, robust configuration
• an easy, incremental, evolutionary path
• much better security

Internet security sucks

and not because we’re not trying hard enough

Files, hosts and
network connections are
containers for information

• A secured perimeter is the only way to
secure containers.

• For today’s business, any realistic perimeter
encloses the planet.

Forget containers –
secure the content
Do it as the final production step to minimize
attack surface.

Ron Rivest’s SDSI has shown this works if content
is augmented so any consumer can assess
from the data:

• Validity (is data intact and complete?)
• Relevance (what question does this answer?)
• Provenance (who asserts this is an answer?)

CCN data
/nytimes.com/web/frontPage.html/v3/s0/0x3fdc96a4...

signature
0x1b048347 key

nytimes.com/web/george/desktop public key

Signed by nytimes.com/web/george

Signed by nytimes.com/web

Signed by nytimes.com

Evidentiary Trust
• Rich web of arises from signed content:
information
trustable, interconnected

Content
Content Content
Content
Content
Content
Content Content
Content
! Content
!
Content
! Content
Content!!
!
Key!!
Key !
Key !!Key
Key
!Key
Key
Key !Key
Key
Key Key
Key

• Attacks haveand be consistent with
information
to
links – get exponentially
harder as information base grows.

! Strong security is emergent & effortless.

Information on CCN is available at
www.ccnx.org
including a GPL’d open-source release
of our current research prototype.

Contenu connexe

Similaire à Content-Centric Networking: Security

Signiant Overview Fall 2010

Signiant

TWCSIRT is a full member of FIRST and mainly focuses on the protection of NARLabs, TANet and TWAREN. We are defense cyber-attack from internet and according to government policy to handling incident every day. I am a research fellow with National Center for High-performance Computing and lead cyber security team to operation security operation center to handling incident in Taiwan Academic Network. In our research project from government, we are deployed the biggest honeynet in Taiwan and used over 6000 IP address to detection malicious network attack come from internet. We have published our malware knowledge base to sharing malware samples and reports for many researchers, students, research center and sharing our data set for deep tracking about cyber security. There are many new types of cyber-attack that’s is include ransomware, website mining, DDoS and hybrid malicious attack. Main Points: - What’s TWCSIRT Mission and Scope - How to coordinate in National level with ISAC, CERT and SOC - Cyber-attack and threat hunting in Taiwan Academic Network - How to develop cyber security platform for incident handling - How to do red team and blue team training by CDX

Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...

REVULN

Collecting user-data-socially-responsibly

Konark modi

As presented at Open Source Open Standards (GovNet) (http://opensourceconference.co.uk/), this deck covers some of the material which operators of open source data centers and users of container and cloud technologies should be aware of when seeking to be security conscious. Traditionally, when datacentre operators talk about application security, there has been a tendency to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: - How known vulnerabilities can make their way into production deployments - How vulnerability impact is maximized - A methodology for ensuring deployment of vulnerable code can be minimized - A methodology to minimize the potential for vulnerable code to be redistributed

Secure application deployment in the age of continuous delivery

Tim Mackey

As presented by Tim Mackey, Senior Technical Evangelist at Black Duck Software, at Open Source Open Standards (GovNet) (http://opensourceconference.co.uk/), this deck covers some of the material which operators of open source data centers and users of container and cloud technologies should be aware of when seeking to be security conscious. Traditionally, when datacentre operators talk about application security, there has been a tendency to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques. The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily. In this session we’ll present: - How known vulnerabilities can make their way into production deployments - How vulnerability impact is maximized - A methodology for ensuring deployment of vulnerable code can be minimized - A methodology to minimize the potential for vulnerable code to be redistributed

Secure application deployment in the age of continuous delivery

Black Duck by Synopsys

Dockercon USA 2016 - Immutable Awesomeness

John Willis

This presentation will show the combination of two ideas that can create 2 to 3 order of magnitude efficiencies in service delivery. We will discuss an example used in an insurance company that has experienced these efficiencies. Josh Corman will present the concept of using Open Source and Toyota Supply Chain principles as a weapon for eliminating operational costs of service delivery. By applying first order principles like fewer suppliers (e.g, less logging frameworks) and image manifests (i.e., bill of materials) he will show how an organization can cut down on bugs and issue resolution times. John Willis will then cover how these principles fit like peanut butter and chocolate when used in an immutable delivery model based on Docker. This presentation was the third highest rated session at the 2015 Devops Enterprise Summit.

Immutable Awesomeness by John Willis and Josh Corman

Docker, Inc.

Many CIOs grapple with enabling workers with cloud content collaboration solutions that help them innovate and get their jobs done, while also making sure that these solutions are secure. Our objective is to help workers and corporations not only survive but thrive in this precarious landscape. Toward that goal we’ll discuss the current landscape, how we see the challenge and provide a framework that we hope will help you in your endeavors moving forward

Cloud content security vs innovation 2012_0821

Brian Gleeson

Information Development World 2015 - Exhibit Video Loop

WittyParrot

WP for IDW video loop

Paula Cassin

Web 2 0 Utilizing New Web Toolsv.508[1]

Michael D. Gilley

2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security

Ryan Elkins

AICPA Leadership Retreat - Technology

ASAE

Four Kitchens Presents: Future of the CMS

Four Kitchens

Re-Thinking BYOD Policy.pptx

tmbainjr131

ekey+ Presentation

Creus Moreira Carlos

MongoDB, ANTS, and the IC

MongoDB

Cks Brochure 10.31.11

BobChew

Hacking blockchain

Jose L. Quiñones-Borrero

Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...

Future Cities Project

Similaire à Content-Centric Networking: Security (20)

Signiant Overview Fall 2010

Yi-Lang Tsai - Cyber Security, Threat Hunting and Defence Challenge in Taiwan...

Collecting user-data-socially-responsibly

Secure application deployment in the age of continuous delivery

Dockercon USA 2016 - Immutable Awesomeness

Immutable Awesomeness by John Willis and Josh Corman

Cloud content security vs innovation 2012_0821

Information Development World 2015 - Exhibit Video Loop

WP for IDW video loop

Web 2 0 Utilizing New Web Toolsv.508[1]

2019 DerbyCon - Ryan Elkins - Scientific Computing for Information Security

AICPA Leadership Retreat - Technology

Four Kitchens Presents: Future of the CMS

Re-Thinking BYOD Policy.pptx

ekey+ Presentation

MongoDB, ANTS, and the IC

Cks Brochure 10.31.11

Hacking blockchain

Future Cities Conference´13 / Peter Steenkiste - "The eXpressive Internet Arc...

Plus de PARC, a Xerox company

PARC Forum Presents: Using game mechanics and game design techniques in non-game contexts like business applications have shown significant increases in user engagement, and increased the ROI and other metrics. In this talk we will learn what business can learn from Angry Birds. We will shatter stereotypes about games, show what gamified applications you already use, give you some facts and figures on the impact of gamification on results, and highlight examples in the corporate world. Mario Herger is a Senior Innovation Strategist at SAP Labs in Palo Alto, California and Global Head of the Gamification Initiative at SAP. He has worked in the past as developer, development manager, architect, product manager and other roles on a series of new SAP products. He has been driving communities for more than 15 years, including innovative topics at SAP, like Visual Composer, Business Process Experts, mobile and gamification. In his work as head of the Gamification Initiative at SAP he has encountered and supported gamification efforts in the enterprise from multiple levels and departments, like Sustainability, On Demand, Mobile, HR, Training & Education, Banking etc. He has driven the awareness around gamification inside and outside SAP by organizing and leading innovation events around this topic, holding full day gamification workshops, working with gamification platform- & service-providers and game studios, consulting and advising organizations, and by incorporating gamification into SAP's strategy. He has a Ph.D. in Chemical Engineering from the Vienna University of Technology and an undergraduate degree in International Business Management from the Vienna University of Economy. He recently played through all levels of the iPad game Air Attack and currently works with his five year old son on reaching the final level of Angry Birds in Space.

Enterprise Gamification – Exploiting People by Letting Them Have Fun [PARC Fo...

PARC, a Xerox company

CCNxCon2012: Welcome: Event Kickoff & Opening Remarks

PARC, a Xerox company

CCNxCon2012: Session 1: CCN Updates & Roadmap

PARC, a Xerox company

CCNxCon2012: Session 2: A Content-Centric Approach for Requesting and Dissemi...

PARC, a Xerox company

CCNxCon2012: Session 2: DASH over CCN: A CCN Use-Case for a SocialMedia Base...

PARC, a Xerox company

CCNxCon2012: Session 2: A Distributed Server-based Conference Control and Man...

PARC, a Xerox company

CCNxCon2012: Session 2: Embedding Cloud-Centric-Networking in CCN

PARC, a Xerox company

CCNxCon2012: Session 2: Network Management Framework for Future Internet Scen...

PARC, a Xerox company

CCNxCon2012: Poster Session: FIB Optimizations in CCN

PARC, a Xerox company

CCNxCon2012: Poster Session: Cache Coordination in a Hierarchical

PARC, a Xerox company

CCNxCon2012: Poster Session: Live Streaming with Content Centric Networking

PARC, a Xerox company

CCNxCon2012: Poster Session:On a Novel Joint Replicating and Caching Strategy...

PARC, a Xerox company

CCNxCon2012: Poster Session: Parallelizing FIB Lookup in Content-Centric Netw...

PARC, a Xerox company

CCNxCon2012: Poster Session: ICN Architecture Evaluation — A Discussion on CC...

PARC, a Xerox company

CCNxCon2012: Poster Session: A Backward-Compatible CCNx Extension for Improve...

PARC, a Xerox company

CCNxCon2012: Session 3: Content-centric VANETs: routing and transport issues

PARC, a Xerox company

CCNxCon2012: Session 3: NDN Applicability to V2V and V2R Networks

PARC, a Xerox company

CCNxCon2012: Session 3: Juxtaposition of CCN and Pepys

PARC, a Xerox company

CCNxCon2012: Session 4: Caesar: a Content Router for High Speed Forwarding

PARC, a Xerox company

CCNxCon2012: Session 4: OSPFN

PARC, a Xerox company

Plus de PARC, a Xerox company (20)