BibTeX
@MISC{_,
author = {},
title = {},
year = {}
}
Share
 |
 |
 |
 |
||
OpenURL
Abstract
Routing mechanisms for inter-autonomous region conununicati.n require distribution of policy-sensitive information as well as zlgoritlnns that oper-ate on such information. Without such Policg Routing mechanisms, it is not possible for interconnected regions to retzin thek autonomy in setting znd enforcing policy whfle still achieving desired counectivit y. This problem of interconnecting and navigating across autonomous regions is of inherent int crest to the security conmnmit y because the policies in question concern control of resource access znd usage. Moreover, the security of the Policy Routing protocols themselves must be considered if they are to be appli-cable in sensitive environments. On the other hand, as usual, the security mechanism take a toll iu overrdl system complexity and performance. Most routing protocols, iacluding proposed Policy ftoating protocols [I], focus on environments where detection of ‘an attack after it has taken place is sufficient. The purpose of th ~ paper is to explore the design of Policy Routing mechanisms for sensitive environments where more aggressive jwe-ventative measures are mandated. In particular, we detzil the design of four secure protocol versions that prevent abuse through crypt ographic checks of data integrity. We analyze znd compare these schemes in terms of their per-packet processing overhead. We conclude that preventative security is feasible, although the overhead cost is quite high. Consequently, it is criticzl that prevention-based schemes coexist with detection-based schemes. 1
Keyphrases
sensitive environment data integrity prevention-based scheme security conmnmit thek autonomy interconnected region overhead cost aggressive jwe-ventative measure detection-based scheme policy routing mechanism znd compare crypt ographic check question concern control inherent int crest per-packet processing overhead policy routing resource access znd usage policy-sensitive information routing protocol security mechanism preventative security policg routing mechanism secure protocol version inter-autonomous region conununicati znd enforcing policy whfle autonomous region toll iu overrdl system complexity th paper require distribution
