Abstract
Due to end-to-end design principle in distributed applications, many emerging security problems could not be solved by conventional security technologies, such as firewalls and IDSs. To address these problems, we present a distributed dynamic μFirewall architecture based on mobile agents and KeyNote trust management system. In this architecture, KeyNote trust management system provides the scalable distributed control capability and supports a mechanism called “policy-updates on demand”. Mobile agents implement dynamic security policy reconfiguration and enhance the scalability. Each μFirewall is built with a packet filter and DTE-enhanced evaluator to enforce policy at the end points. A distributed intrusion detection and response (DIDR) system supports dynamic security capabilities and provides fast response to attacks from all possible sources. Our architecture is scalable, topology independent, and intrusion-tolerant.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Amoroso, E.: Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Traps, Trace Back, and Response, Intrusion.Net Books, 1999.
Badger, L., Sterne, D. F., Sherman, D. L., Walker, K. M.: A Domain and Type Enforcement UNIX Prototype, USENIX Computing Systems, Vol. 9, Cambridge, Massachusetts, 1996.
Bartal, Y., Mayer, A., Nissim, K., Wool, A.: Firmato: a novel firewall management toolkit, Proceedings of IEEE Symposium on Security and Privacy, pp. 17–31, 1999.
Bellovin, S. M.: Distributed Firewalls, login:, November 1999, pp. 37–39.
Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A. D.: The KeyNote trust management system, version 2•Internet RFC 2704•Sept. 1999.
Blaze, M., Ioannidis, J., Keromytis, A. D.: Trust management and network layer security protocols, Proceedings of Security Protocols International Wrokshop, Springer Verlag LNCS, 1999.
Chess, D.: Security Issues in Mobile Code Systems, Mobile Agent Security, Lecture Notes in Computer Science, Vol. 1419, 1998, Springer, pp. 1–14.
Clarke, D., Elien, J. E., Ellison, C., Fredette, M., Morcos, A., Rivest, R. L.: Certificate Chain Discovery in SPKI/SDSI, Technical Report, Computer Science Dept, MIT, November 1999.
Frincke, D., Tobin, D., McConnell, J., Marconi, J., Polla, D.: A Framework for Cooperative Intrusion Detection, Proceedings of the 21 st National Information Systems Security Conference, pp. 361–373, October 1998.
Hwang, K., Gangadhran, M.: Micro-Firewalls for Dynamic Network Security with Distributed Intrusion Detection, Proceedings of IEEE Int’l Symposium on Network Computing and Applications, June 20, 2001.
Ioannidis, S., Keromytis, A. D., Bellovin, S. M., Smith, J. M.: Implementing a Distributed Firewall, Proceedings of 7th ACM conference on Computer and Communication Security, Nov. 2000, Athens, Greece.
Keromytis, A. D.: STRONGMAN: A Scalable Solution to Trust Management in Networks, Ph.D. Thesis, University of Pennsylvania, November 2001.
Miller, M., Morris, J.: Centralized administration of distributed firewalls, Proceedings of Systems Administration Conference, pp. 19–23, USENIX, 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jin, H., Xian, F., Han, Z., Li, S. (2002). A Distributed Dynamic μFirewall Architecture with Mobile Agents and KeyNote Trust Management System. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds) Information and Communications Security. ICICS 2002. Lecture Notes in Computer Science, vol 2513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36159-6_2
Download citation
DOI: https://doi.org/10.1007/3-540-36159-6_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00164-5
Online ISBN: 978-3-540-36159-6
eBook Packages: Springer Book Archive