View
220
Download
0
Embed Size (px)
Citation preview
SECURITY, QoS, and (File) Content Differentiation
-Sujeeth Narayan
-Ankur Patwa
-Francisco Torres
Introduction
A new policy based document sharing application Differentiation of document sections according to
intended user roles. Secure transfer of information with QoS Alert on receiving information based on document
priority labeling
What would be used?
LDAP – for authentication and credentials Bandwidth reservation + GRE Tunnels – for file
transfer PasTMon tool + Tunneling for inter-network exchange RSVP + Tunneling for intra-network exchange
XML Parser – for parsing a document to be sent Different modes of sending a new message alert
Voice message Email SMS
Overview
General
Major
Soldier
XML App Server LDAP Server
Internal Firewall
External Firewall
Switch
Location A
Major
Soldier
App Server LDAP
Server
Internal Firewall
External Firewall
Switch
Location B
Internet
Location C
Internet
Internet
President
PC with LiteWeight
Firewall
Cluster of X500
Components
Cluster of Servers LDAP Authentication XML Parsing Service Notification Service File Transfer service
Cluster of File Systems Document distribution
Client side tool Proposed Tool
Proposed Tool
Allow user to classify the information Insert xml tags differentiating between
classified information Encrypt the document and send it to xml
parser
1. Login to LDAP
2. Download user Credentials
3. Sets the user priority value
4. Routing decision based on priority
5. Intranet Routing with RSVP/GRE Tunnel if needed
6. Internet Routing with decisions based on QoS measured.
1 2 3
3
123
Scenario 1
Scenario 2
Encrypted document
Choose best optionbetween DMZ and
User’s X500
Encrypted document
Encrypted document
User’s Private Key
XML Parser decryptsdocument using
Public Key and makescopies of it
Based on list ofreceivers, XML sends
their copies toreceivers’X500
If Receiver is on-line,document is delivered;
otherwise, a notice willbe sent to him IF documenthas been labeled as URGENT
An User logs into the system,and then sends a document
Scenario 3An User logs into the system,
and a document is waiting for him
User logs in:a) Normal Sessionb) As result of a notice sent by the system
DMZ where user gotauthenticated, checkswith user’s X500 fora potential document
for him
X500 verifies the existenceof the document, and sends
it back to DMZ
Document delivered touser
Conclusion
Future work
Research of QoS implementation in this project Bell-Lapadula Model (write-down/read-up)? Images, Sound, Videoconferences? How to
differentiate these on such a scenario?
Conclusion References
Protection: http://www.research.microsoft.com/~lampson/09-protection/Acrobat.pdf Identity Systems: http://books.nap.edu/html/id_questions/ Trusted Computer System Evaluation Criteria: http://www.boran.com/security/tcsec.html Security of the Internet: http://www.cert.org/encyc_article/tocencyc.html Int. to Computer Security: http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf Designing an Authentication System: http://web.mit.edu/kerberos/www/dialogue.html Home Network Security: http://www.cert.org/tech_tips/home_networks.html Open Shortest Path First (OSPF):
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ospf.htm How routing algorithms work: http://computer.howstuffworks.com/routing-algorithm3.htm Wired-Wireless Network Architectures: http://www.symbol.com/category.php?fileName=WP-
32_network_architectures.xml pasTmon Tool : www.pastmon.sourceforge.net RSVP: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rsvp.htm GRE with RSVP:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801982ae.shtml
Open LDAP: http://www.openldap.org/ X 500: http://www.terena.nl/library/gnrt/specialist/x500.html
Questions??