A Self-shielding Dynamic Network Architecture

The current static nature of computer networks allows attackers to gather intelligence, perform planning, and then execute attacks at will. This situation creates a low barrier of entry and assures that any given computer network will eventually be successfully attacked. In particular, once an attac...

Full description

Saved in:
Bibliographic Details
Main Authors: Yackoski, J., Peng Xie, Bullen, H., Li, J., Kun Sun
Format: Conference Proceeding
Language:English
Subjects:
Authentication
Cryptography
Hardware
IP networks
Servers
Virtual machine monitors
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 1386
container_issue
container_start_page 1381
container_title
container_volume
creator Yackoski, J.
Peng Xie
Bullen, H.
Li, J.
Kun Sun
description The current static nature of computer networks allows attackers to gather intelligence, perform planning, and then execute attacks at will. This situation creates a low barrier of entry and assures that any given computer network will eventually be successfully attacked. In particular, once an attacker has gained access to a node within an enclave, there is little to stop a determined attacker from eventually accessing other hosts and services within the enclave. To reduce the impact of an attack in the time frame between when the attack begins and when the attacker is (eventually) detected and removed, we propose a fundamental change to the nature of the network by introducing cryptographically-strong dynamics. In this work, we describe a Self-shielding Dynamic Network Architecture (SDNA) which allows multiple types of dynamics to be constructively combined. We have implemented SDNA on real hardware in a testbed network and have designed SDNA to eliminate many of the technical challenges, user impacts, and compatibility issues faced by such an architecture. Through the use of a hypervisor, SDNA is transparent to the OS and is not noticeable to the average user. SDNA can also be added to an existing network with little to no infrastructure or configuration changes. At the same time, many classes of attacks can be either completely prevented or severely limited by SDNA.
doi_str_mv 10.1109/MILCOM.2011.6127498
format conference_proceeding
fullrecord <record><control><sourceid>ieee_6IE</sourceid><recordid>TN_cdi_ieee_primary_6127498</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>6127498</ieee_id><sourcerecordid>6127498</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-fffa566bb674fdcc340c681bed09966f3c1c2e1c0e8da10f85c07867bcac43203</originalsourceid><addsrcrecordid>eNo9j81Kw0AURsc_sNY8QTd5gYn3ZjJ_yxCtFlK7UNdlMrljR9MqSUT69goGz-ZbHPjgMLZAyBDB3qxXdbVZZzkgZgpzXVhzwhKrDRZKCwCDcMpmOUrJtTTqjF1NQlt7_i-0uWTJMLzBL0pZK-2M8TJ9oi7wYRepa-PhNb09Htw--vSRxu-P_j0te7-LI_nxq6drdhFcN1Ay7Zy9LO-eqwdeb-5XVVnziFqOPITgpFJNo3QRWu9FAV4ZbKgFa5UKwqPPCT2QaR1CMNKDNko33vlC5CDmbPH3G4lo-9nHveuP26lc_AA1hUgh</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>A Self-shielding Dynamic Network Architecture</title><source>IEEE Electronic Library (IEL) Conference Proceedings</source><creator>Yackoski, J. ; Peng Xie ; Bullen, H. ; Li, J. ; Kun Sun</creator><creatorcontrib>Yackoski, J. ; Peng Xie ; Bullen, H. ; Li, J. ; Kun Sun</creatorcontrib><description>The current static nature of computer networks allows attackers to gather intelligence, perform planning, and then execute attacks at will. This situation creates a low barrier of entry and assures that any given computer network will eventually be successfully attacked. In particular, once an attacker has gained access to a node within an enclave, there is little to stop a determined attacker from eventually accessing other hosts and services within the enclave. To reduce the impact of an attack in the time frame between when the attack begins and when the attacker is (eventually) detected and removed, we propose a fundamental change to the nature of the network by introducing cryptographically-strong dynamics. In this work, we describe a Self-shielding Dynamic Network Architecture (SDNA) which allows multiple types of dynamics to be constructively combined. We have implemented SDNA on real hardware in a testbed network and have designed SDNA to eliminate many of the technical challenges, user impacts, and compatibility issues faced by such an architecture. Through the use of a hypervisor, SDNA is transparent to the OS and is not noticeable to the average user. SDNA can also be added to an existing network with little to no infrastructure or configuration changes. At the same time, many classes of attacks can be either completely prevented or severely limited by SDNA.</description><identifier>ISSN: 2155-7578</identifier><identifier>ISBN: 1467300799</identifier><identifier>ISBN: 9781467300797</identifier><identifier>EISSN: 2155-7586</identifier><identifier>EISBN: 9781467300810</identifier><identifier>EISBN: 1467300810</identifier><identifier>EISBN: 9781467300803</identifier><identifier>EISBN: 1467300802</identifier><identifier>DOI: 10.1109/MILCOM.2011.6127498</identifier><language>eng</language><publisher>IEEE</publisher><subject>Authentication ; Cryptography ; Hardware ; IP networks ; Servers ; Virtual machine monitors</subject><ispartof>2011 - MILCOM 2011 Military Communications Conference, 2011, p.1381-1386</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/6127498$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,780,784,789,790,2056,27924,54554,54919,54931</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/6127498$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Yackoski, J.</creatorcontrib><creatorcontrib>Peng Xie</creatorcontrib><creatorcontrib>Bullen, H.</creatorcontrib><creatorcontrib>Li, J.</creatorcontrib><creatorcontrib>Kun Sun</creatorcontrib><title>A Self-shielding Dynamic Network Architecture</title><title>2011 - MILCOM 2011 Military Communications Conference</title><addtitle>MILCOM</addtitle><description>The current static nature of computer networks allows attackers to gather intelligence, perform planning, and then execute attacks at will. This situation creates a low barrier of entry and assures that any given computer network will eventually be successfully attacked. In particular, once an attacker has gained access to a node within an enclave, there is little to stop a determined attacker from eventually accessing other hosts and services within the enclave. To reduce the impact of an attack in the time frame between when the attack begins and when the attacker is (eventually) detected and removed, we propose a fundamental change to the nature of the network by introducing cryptographically-strong dynamics. In this work, we describe a Self-shielding Dynamic Network Architecture (SDNA) which allows multiple types of dynamics to be constructively combined. We have implemented SDNA on real hardware in a testbed network and have designed SDNA to eliminate many of the technical challenges, user impacts, and compatibility issues faced by such an architecture. Through the use of a hypervisor, SDNA is transparent to the OS and is not noticeable to the average user. SDNA can also be added to an existing network with little to no infrastructure or configuration changes. At the same time, many classes of attacks can be either completely prevented or severely limited by SDNA.</description><subject>Authentication</subject><subject>Cryptography</subject><subject>Hardware</subject><subject>IP networks</subject><subject>Servers</subject><subject>Virtual machine monitors</subject><issn>2155-7578</issn><issn>2155-7586</issn><isbn>1467300799</isbn><isbn>9781467300797</isbn><isbn>9781467300810</isbn><isbn>1467300810</isbn><isbn>9781467300803</isbn><isbn>1467300802</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2011</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNo9j81Kw0AURsc_sNY8QTd5gYn3ZjJ_yxCtFlK7UNdlMrljR9MqSUT69goGz-ZbHPjgMLZAyBDB3qxXdbVZZzkgZgpzXVhzwhKrDRZKCwCDcMpmOUrJtTTqjF1NQlt7_i-0uWTJMLzBL0pZK-2M8TJ9oi7wYRepa-PhNb09Htw--vSRxu-P_j0te7-LI_nxq6drdhFcN1Ay7Zy9LO-eqwdeb-5XVVnziFqOPITgpFJNo3QRWu9FAV4ZbKgFa5UKwqPPCT2QaR1CMNKDNko33vlC5CDmbPH3G4lo-9nHveuP26lc_AA1hUgh</recordid><startdate>201111</startdate><enddate>201111</enddate><creator>Yackoski, J.</creator><creator>Peng Xie</creator><creator>Bullen, H.</creator><creator>Li, J.</creator><creator>Kun Sun</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>201111</creationdate><title>A Self-shielding Dynamic Network Architecture</title><author>Yackoski, J. ; Peng Xie ; Bullen, H. ; Li, J. ; Kun Sun</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-fffa566bb674fdcc340c681bed09966f3c1c2e1c0e8da10f85c07867bcac43203</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2011</creationdate><topic>Authentication</topic><topic>Cryptography</topic><topic>Hardware</topic><topic>IP networks</topic><topic>Servers</topic><topic>Virtual machine monitors</topic><toplevel>online_resources</toplevel><creatorcontrib>Yackoski, J.</creatorcontrib><creatorcontrib>Peng Xie</creatorcontrib><creatorcontrib>Bullen, H.</creatorcontrib><creatorcontrib>Li, J.</creatorcontrib><creatorcontrib>Kun Sun</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE Electronic Library (IEL)</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Yackoski, J.</au><au>Peng Xie</au><au>Bullen, H.</au><au>Li, J.</au><au>Kun Sun</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>A Self-shielding Dynamic Network Architecture</atitle><btitle>2011 - MILCOM 2011 Military Communications Conference</btitle><stitle>MILCOM</stitle><date>2011-11</date><risdate>2011</risdate><spage>1381</spage><epage>1386</epage><pages>1381-1386</pages><issn>2155-7578</issn><eissn>2155-7586</eissn><isbn>1467300799</isbn><isbn>9781467300797</isbn><eisbn>9781467300810</eisbn><eisbn>1467300810</eisbn><eisbn>9781467300803</eisbn><eisbn>1467300802</eisbn><abstract>The current static nature of computer networks allows attackers to gather intelligence, perform planning, and then execute attacks at will. This situation creates a low barrier of entry and assures that any given computer network will eventually be successfully attacked. In particular, once an attacker has gained access to a node within an enclave, there is little to stop a determined attacker from eventually accessing other hosts and services within the enclave. To reduce the impact of an attack in the time frame between when the attack begins and when the attacker is (eventually) detected and removed, we propose a fundamental change to the nature of the network by introducing cryptographically-strong dynamics. In this work, we describe a Self-shielding Dynamic Network Architecture (SDNA) which allows multiple types of dynamics to be constructively combined. We have implemented SDNA on real hardware in a testbed network and have designed SDNA to eliminate many of the technical challenges, user impacts, and compatibility issues faced by such an architecture. Through the use of a hypervisor, SDNA is transparent to the OS and is not noticeable to the average user. SDNA can also be added to an existing network with little to no infrastructure or configuration changes. At the same time, many classes of attacks can be either completely prevented or severely limited by SDNA.</abstract><pub>IEEE</pub><doi>10.1109/MILCOM.2011.6127498</doi><tpages>6</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 2155-7578
ispartof 2011 - MILCOM 2011 Military Communications Conference, 2011, p.1381-1386
issn 2155-7578
2155-7586
language eng
recordid cdi_ieee_primary_6127498
source IEEE Electronic Library (IEL) Conference Proceedings
subjects Authentication
Cryptography
Hardware
IP networks
Servers
Virtual machine monitors
title A Self-shielding Dynamic Network Architecture
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-13T07%3A33%3A38IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_6IE&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=A%20Self-shielding%20Dynamic%20Network%20Architecture&rft.btitle=2011%20-%20MILCOM%202011%20Military%20Communications%20Conference&rft.au=Yackoski,%20J.&rft.date=2011-11&rft.spage=1381&rft.epage=1386&rft.pages=1381-1386&rft.issn=2155-7578&rft.eissn=2155-7586&rft.isbn=1467300799&rft.isbn_list=9781467300797&rft_id=info:doi/10.1109/MILCOM.2011.6127498&rft.eisbn=9781467300810&rft.eisbn_list=1467300810&rft.eisbn_list=9781467300803&rft.eisbn_list=1467300802&rft_dat=%3Cieee_6IE%3E6127498%3C/ieee_6IE%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i175t-fffa566bb674fdcc340c681bed09966f3c1c2e1c0e8da10f85c07867bcac43203%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=6127498&rfr_iscdi=true