Name
Abstract | ||
|---|---|---|
On-path network elements, such as NATs and firewalls, are an accepted commonality in today's networks. They are essential when extending network functionality and providing additional security. However, these so called middle boxes are not explicitly considered in the original TCP/IP-based network architecture. As a result, the protocols of the TCP/IP suite provide middle boxes with the same information about data flows as packet-forwarding routers. Yet, middle boxes typically perform complex functions within the network that require additional knowledge. Inferring this knowledge from observing the sparse information available in network packets requires these devices to base their decisions on ambiguous or forgeable data. In this paper, we first discuss problems arising from insufficient information and identify the resulting informational requirements of middle boxes. We then propose SEAMS, a signaling layer that provides middle boxes with descriptive and verifiable data flow contexts in addition to the IP address and port information that many middle boxes use today. Specifically, SEAMS enables middle boxes to request and use detailed information about the host, application, and user that is accessible at the communicating end hosts. This information can then be used to provide more secure and richer middle box functions in home and enterprise network scenarios. Our evaluation shows that SEAMS is a feasible addition to TCP/IP-based networks and that it scales well in the presence of multiple on-path middle boxes. |
Year | DOI | Venue |
|---|---|---|
2012 | 10.1109/TrustCom.2012.250 | TrustCom |
Keywords | Field | DocType |
on-path network element,multiple on-path middle box,signaling layer,detailed information,ip-based network,enterprise network scenario,middle box,network functionality,insufficient information,ip-based network architecture,end-host-assisted middlebox services,richer middle box function,security,signaling,inspection,authentication,computer network security,transport protocols,protocols,operating systems | Middlebox,Computer security,Computer science,Network security,Network packet,Computer network,Network architecture,Internet protocol suite,Network element,Enterprise private network,Data flow diagram,Distributed computing | Conference |
Citations | PageRank | References |
0 | 0.34 | 9 |
Authors | ||
5 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Rene Hummen | 1 | 22 | 1.42 |
| Jan Henrik Ziegeldorf | 2 | 180 | 11.44 |
| Tobias Heer | 3 | 236 | 19.85 |
| Hanno Wirtz | 4 | 119 | 13.62 |
| Klaus Wehrle | 5 | 330 | 40.49 |