On Building Inexpensive Network Capabilities
- ORNL
- Grand Valley State University (GVSU), Michigan
- International Computer Science Institute (ICSI)
There are many deployed approaches for blocking unwanted traffic, either once it reaches the recipient's network, or closer to its point of origin. One of these schemes is based on the notion of traffic carrying capabilities that grant access to a network and/or end host. However, leveraging capabilities results in added complexity and additional steps in the communication process: Before communication starts a remote host must be vetted and given a capability to use in the subsequent communication. In this paper, we propose a lightweight mechanism that turns the answers provided by DNS name resolution---which Internet communication broadly depends on anyway---into capabilities. While not achieving an ideal capability system, we show the mechanism can be built from commodity technology and is therefore a pragmatic way to gain some of the key benefits of capabilities without requiring new infrastructure.
- Research Organization:
- Oak Ridge National Lab. (ORNL), Oak Ridge, TN (United States). National Center for Computational Sciences (NCCS)
- Sponsoring Organization:
- USDOE Laboratory Directed Research and Development (LDRD) Program
- DOE Contract Number:
- DE-AC05-00OR22725
- OSTI ID:
- 1035533
- Journal Information:
- Computer Communication Review, Journal Name: Computer Communication Review
- Country of Publication:
- United States
- Language:
- English
Similar Records
Approaches for scalable modeling and emulation of cyber systems : LDRD final report.
P2P-based botnets: structural analysis, monitoring, and mitigation