Advertisement

A Virtualization-Level Future Internet Defense-in-Depth Architecture

  • Jerzy Konorski
  • Piotr Pacyna
  • Grzegorz Kolaczek
  • Zbigniew Kotulski
  • Krzysztof Cabaj
  • Pawel Szalachowski
Part of the Communications in Computer and Information Science book series (CCIS, volume 335)

Abstract

An EU Future Internet Engineering project currently underway in Poland defines three Parallel Internets (PIs). The emerging IIP System (IIPS, abbreviating the project’s Polish name), has a four-level architecture, with Level 2 responsible for creation of virtual resources of the PIs. This paper proposes a three-tier security architecture to address Level 2 threats of alien traffic injection and IIPS traffic manipulation or forging. It is argued that the measures to be taken differ in nature from those ensuring classical security attributes. A combination of hard- and soft-security mechanisms produces node reputation and trust metrics, which permits to eliminate or ostracize misbehaving nodes. Experiments carried out in a small-scale IIPS testbed are briefly discussed.

Keywords

Future Internet virtualization security architecture HMAC anomaly detection reputation system 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Burakowski, W., Tarasiuk, H., Beben, A.: System IIP for supporting “Parallel Internets (Networks)”. FIA meeting, Ghent 2010, fi-ghent.fiweek.eu/files/2010/12/1535-4-System-IIP-FIA-Ghent-ver1.pdf
  2. 2.
    Anderson, T., Peterson, L., Shenker, S., Turner, J.: Overcoming the Internet impasse through virtualization. IEEE Computer 38(4), 34–41 (2005)CrossRefGoogle Scholar
  3. 3.
    Fernandes, N.C.: Virtual networks: isolation, performance, and trends. Annales des Telecomm. 66(5-6), 339–355 (2011)CrossRefGoogle Scholar
  4. 4.
    Campanella, M., Maglaris, V., Potts, M.: Virtual Infrastructures in Future Internet. In: Tselentis, G., et al. (eds.) Towards the Future Internet. IOS Press (2010)Google Scholar
  5. 5.
    Gavras, A., et al.: Future Internet Research and Experimentation: The FIRE Initiative. ACM SIGCOMM Computer Communication Review 37(3) (July 2007)Google Scholar
  6. 6.
    Future Internet-Strategic Research Agenda, ver. 1.1, Future Internet X-ETP Group (2010)Google Scholar
  7. 7.
  8. 8.
  9. 9.
  10. 10.
  11. 11.
  12. 12.
    European Future Internet Portal, http://www.future-internet.eu
  13. 13.
  14. 14.
    Flizikowski, A., Majewski, M., Hołubowicz, M., Kowalczyk, Z., Romano, S.P.: The INTERSECTION Framework: Applied Security for Heterogeneous Networks. J. of Telecomm. and Information Technology (January 2011)Google Scholar
  15. 15.
    New Generation Network Architecture: AKARI Conceptual Design, http://akari-project.nict.go.jp/eng/index2.html
  16. 16.
    Castrucci, M., Delli Priscoli, F., Pietrabissa, A., Suraci, V.: A Cognitive Future Internet Architecture. In: Domingue, J., Galis, A., Gavras, A., Zahariadis, T., Lambert, D., Cleary, F., Daras, P., Krco, S., Müller, H., Li, M.-S., Schaffers, H., Lotz, V., Alvarez, F., Stiller, B., Karnouskos, S., Avessta, S., Nilsson, M. (eds.) Future Internet Assembly. LNCS, vol. 6656, pp. 91–102. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  17. 17.
    Kelly, S., Frankel, S.: Using HMAC-SHA-256, HMAC-SHA-384, and HMAC-SHA-512 with IPsec. Proposed standard (with errata), Internet Engineering Task Force (May 2007)Google Scholar
  18. 18.
  19. 19.
    Burgess, M.: Two Dimensional Time-Series for Anomaly Detection and Regulation in Adaptive Systems. In: Feridun, M., Kropf, P.G., Babin, G. (eds.) DSOM 2002. LNCS, vol. 2506, pp. 169–180. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Agrawal, R., Srikant, R.: Fast algorithm for mining association rules. In: Bocca, J.B., Jarke, M., Zaniolo, C. (eds.) Proc. 20th Int. Conf. on Very Large Databases, pp. 487–499 (1994)Google Scholar
  21. 21.
    Egi, N., et al.: Evaluating Xen for router virtualization. In: Proc. Int. Conf. on Computer Communications and Networks, ICCCN 2007, pp. 1256–1261 (August 2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jerzy Konorski
    • 1
  • Piotr Pacyna
    • 2
  • Grzegorz Kolaczek
    • 3
  • Zbigniew Kotulski
    • 4
  • Krzysztof Cabaj
    • 4
  • Pawel Szalachowski
    • 4
  1. 1.Gdansk University of TechnologyPoland
  2. 2.AGH University of TechnologyPoland
  3. 3.Wroclaw University of TechnologyPoland
  4. 4.Warsaw University of TechnologyPoland

Personalised recommendations