Logotipo CRC2010
Cidade de Braga

10ª Conferência sobre Redes de Computadores

11 e 12 de Novembro de 2010, Universidade do Minho, Braga

CRC2010 Programa 4ª Sessão - Aplicações e Serviços II

Sexta-feira, 12.Novembro.2010


8h45-10h45 4ª Sessão - Aplicações e Serviços II

Moderador: Joel Rodrigues, UBI


Gestão de Redes Domésticas com Agentes CWMP Extensíveis
Tiago Cruz, Paulo Simões, Patrício Batista, João Almeida, Edmundo Monteiro, UC; Fernando Bastos, Alexandre Laranjeira, PTIn

Abstract:

O protocolo CWMP/TR-069 (CPE Wan Management Protocol / Technical Report 069), desenvolvido pelo Broadband Forum, tem vindo a assumir-se como uma norma de referência para gestão de equipamentos que, não obstante estarem localizados em redes domésticas servidas por acessos de banda larga, necessitam de ser geridos directamente pelos operadores e/ou fornecedores de serviço devido à sua relevância para uma variedade de serviços, sejam eles de valor acrescentado (VoIP, IPTV, VoD) ou de outro tipo, como as femtocells.

Contudo, o ritmo de adopção do CWMP tem sido algo lento devido ao facto de alguns cenários de aplicação previstos pelo protocolo não se adequarem à natureza dinâmica das redes domésticas dos clientes de banda larga, caracterizadas por frequentes mudanças em termos de topologias e serviços.

Neste artigo apresenta-se a arquitectura de uma pilha CWMP extensível que, apesar de totalmente compativel com a especificação do protocolo, procura responder às necessidades dos ambientes de rede doméstica dos utilizadores de serviços de banda larga, através da incorporação de agentes CWMP extensíveis (para integração de novos serviços e dispositivos), mecanismos de proxying e integração com outras tecnologias de gestão como a WMI (Windows Management Instrumentation).

Index Terms: Redes de acesso de banda larga, CWMP, Redes domésticas


A Unifying Role and Organization Based Access Control
José Pedro Novais, Pedro Sousa, UM; Nuno Ribeiro, Ubiwhere

Abstract:

Nowadays, with the exception of very small companies, almost all companies and institutions are hierarchically structured in several sub-organizations (e.g. Governments, Universities, Companies Departments, etc). In this way, despite sharing a common organization, there are advantages that roles privileges can be distinguished according each sub-organization purpose and internal structure. In this context, this paper proposes an enhanced and more versatile access control model, based on the pair of entities role and organization, adding more flexibility to previous existent models (e.g. RBAC and ROBAC). As an illustrative application scenario, it was developed an application that uses the proposed access control model, providing a means of creating a unifying physical and logical access policy. This application is used to reconfigure some open-source applications and services regardless their own implemented access control models, thus maintaining a unique access control policy.

Index Terms: access control


Network Intrusion Detection with Constraints
Pedro Salgueiro, Salvador Abreu, UÉvora

Abstract:

In this work we present NeMODe a declarative system for ComputerNetwork Intrusion detection providing a declarative Domain Specific Language for describing computer network intrusion signatures that can spread across several network packets, which allows to state constraints over network packets, describing relations between several packets. NeMODe provides several back-end detection mechanisms relying on Constraint Programming (CP) methodologies to find those intrusions.

Index Terms: Constraint Programming, Intrusion Detection Systems, Domain Specific Languages


ScalSec: a fully authoritative identity PKI for the future Internet
Jaime Dias, Manuel Ricardo, UP

Abstract:

The "Internet of things" and the emerging wireless networks, such as vehicular and personal networks, are some of the keywords expected to characterize the future Internet. A main challenge is the security: guarantee the authentication, confidentiality, integrity, non-repudiation and privacy of communications, while taking into account the disruption-tolerant nature and the power consumption restrictions of wireless communications.

Certificates, due to its capability to enable offline operations, are good candidates. One main disadvantage of the public key infrastructures (PKI) has been the low transparency to users, which are required to know and understand certificates and public key cryptography (PKC).

In this paper we propose ScalSec, a global PKI for the future Internet that aims at certifying any Internet entity, be it a person, node, application, or service, that is identified by a URI or is accessible through communication protocols, without requiring users to deal or even to know about certificates or PKC. Any entity can be certified, even those that rely on short-term identifiers, or those that do not provide any trust assurance.

The four main novel components of ScalSec are (1) the fully authoritative identity certification model, (2) the certification architecture, (3) the identification approach, and (4) the responsibility-centric trust model.

Index Terms: PKI, PKC, Internet of Things, security


Securing Webmail using S/MIME and Cryptographic Timestamps
Pedro Silva, Jaime Dias, Manuel Ricardo, UP

Abstract:

Electronic mail is replacing post mail for sending contents that have a digital form but it lacks the security, privacy and legal value of post mail.

S/MIME and cryptographic timestamps, using X.509 digital certificates, provide the ground base for constructing an email system that is usable and has legal value equivalent to registered mail and registered mail with acknowledgement of receipt. The only known solution, MDDE, provides the legal value but it is not user-friendly and, so far, has only been made available to lawyers.

This paper proposes a solution that integrates S/MIME and cryptographic timestamps into existing webmail solutions without compromising its usability and user mobility, while providing legal value equivalent to post mail. We also car ry out a legal evaluation of the cur rent state of the law, and highlight the main requirements that need to be fulfilled by an email system to be legally equivalent to the post mail.

Index Terms: E-Mail, S/MIME, X.509 digital certificates


Simple and Stable Dynamic Traffic Engineering for Provider Scale Ethernet
António Teixeira, José Legatheaux Martins, UNL

Abstract:

Traffic engineering defines the set of engineering methods and techniques used to optimize the flow of network traffic. Static approaches enjoy widespread use in provider networks, but their performance is greatly penalized by sudden load variations. On the other hand, dynamic traffic engineering is tailored to adapt to load changes. However, providers are skeptical to adopt dynamic approaches as these induce problems such as routing instability, and as a result, network performance decreases.

This paper presents a Simple and Stable Dynamic Traffic Engineering framework (SSD-TE), which addresses these concerns in a provider scale Ethernet scenario. In addition, the validation results show that SSD-TE achieves better or equal performance to static traffic engineering approaches, whilst remaining both stable and responsive to load variations.

Index Terms: Provider Scale Ethernet, Traffic Engineering, Routing Algorithms

© 2010 CRC 2010 | Last modified Sun Oct 31, 2010 | Valid XHTML 1.0 Strict Valid CSS!