액티브네트워크보안및관리 채기준 이화여자대학교컴퓨터학과. KRnet

Size: px

Start display at page:

Download "액티브네트워크보안및관리 채기준 이화여자대학교컴퓨터학과. KRnet"

Damian Doyle
6 years ago
Views:

1 액티브네트워크보안및관리 채기준 이화여자대학교컴퓨터학과 1

2 Contents Network Management Technology Active Network Management Network Management using Active Network Technology Active Network Security Conclusions References 2

3 Network Management Technology 3

4 Network Management the process of controlling a complex data network to maximize its efficiency and productivity the ability to sustain a certain quality of service to end users under both normal and abnormal operating conditions the ability to improve network performance according to criteria of both robustness and efficient use of network resources 4

5 NM Functional Requirements Fault Management Detection, isolation and correction of abnormal operations Configuration Management Identify managed resources and their connectivity discovery Account Management Keep track of resource usage for charging Performance Management Monitor and evaluate the behavior of managed resources Security Management Allow only authorized access and control 5

6 Standard Management Frameworks Internet Network Management Framework (IETF) SNMPv1, SNMPv2, SNMPv3 OSI Network Management Framework(ISO/ITU-T) CMIP (X.700 Series) Object Oriented Approach Telecommunication Management Network (ITU-T) TMN (M.3000 Series) Use OSI CMIP for the management protocol B, S, N, NE, E : layered concept 6

7 Architectural Model of NMS NMS is a collection of tools for network monitoring and control based on the manager-agent paradigm. User Presentation Software Network Management Software Communication and Database Support Software 7

8 Current Network Management Current System and Network Management Mostly Manual Management Centralized Management Applications Management by remote access to instrumentation Stand-alone Management Static Persistent Management Reactive Management SNMP based 8

9 Active Network Management Router Sender Active Router Receiver 9

10 Issues & Requirements for ANM 10 Dynamically Composable Management Backward Compatibility With SNMP Applications-Controlled Management Automation of Configuration Management Automation of Problem Management Providing Semantically Richer Network Data Generation of Active Element Management Data & Instrumentation Secure Management Proactive Management

11 ANM Architecture Active Network Node Manager Consists of SW to monitor, configure, analyze and control a node Interacts with local node instrumentation via NodeOS API Interacts with EEs Interacts with the NMS 11

12 Node Manager Architecture (1/2) sync. access async. interaction network event 12

13 Node Manager Architecture (2/2) A Three-Layer Architecture Instrumentation Layer Access to event and management data provided by various node components Active MIB (AMIB) Data Modeling Layer Organize management data Local Manager Software Manage specific node functions and components Access mechanism and protocol to interact with the NMS 13

14 Automating Management of Active Components CMF(Common Management Framework) Management of EEs Discovery mechanism to probe newly deployed EEs INIT/EXPORT 14

15 Network Management using Active Network Technology SENCOMM ABLE/ABLE++ NESTOR AVNMP 15

16 SENCOMM Smart Environment for Network Control, Monitoring and Management BBN Technologies(funded by DARPA) Sep Feb

17 General Requirements (1/2) Packet delivery IP Heterogeneous network not all active nodes Packet handling SENCOMM probes must be able to request any incoming packet or a copy from any interface Probes must be able to re-insert a packet into forwarding path before initial demux before normal routing decision directly into an output interface queue 17

18 General Requirements (2/2) Message Size Control messages small enough to fit in a single datagram MIB Access on active node Persistent Storage Bootstrapping and long-term storage of loadable libraries Distributed Time Service Correlation of distributed data or synchronized action Secure Management Secure access to its management functions 18

SENCOMM Architecture Major Component SENCOMM Management SMEE ASP AA EEs ASP/ISI Execution Environment loadable libraries (SMEE) Smart Probes(SPs) Loadable Libraries(LLs) Management API Smart

19 SENCOMM Architecture Major Component SENCOMM Management SMEE ASP AA EEs ASP/ISI Execution Environment loadable libraries (SMEE) Smart Probes(SPs) Loadable Libraries(LLs) Management API Smart Packet : smart packet smart probes NodeOS fast forwarding Anetd/ABone smart packet Installing Loadable Libraries Transporting SENCOMM Smart Probes Exchanging Control and Security Messages 19

20 SMEE SENCOMM Management Execution Environment Two Primary Functions Provide the EE for smart probes Active node management, including other EE s and the NodeOS (responsibility may lie or share with NodeOS) Active Network Management IP Router Notification of status changes in network interfaces and kernel routing table Access to router configuration Active Node Smart probes collect and process active networking info. SMEE requires enhanced packet copying and handling from active node 20

21 Smart Probes(SPs) Executable Programs that perform management functions Requirements Residence : Operation after Packet forwarded Globally Unique Name Single datagram Access to Loadable Libraries Hibernate until occurrence of registered event Soft-state can determine life of probe Encapsulated in ANEP datagram Transported using UDP/IP or TCP/IP 21 SMEE loadable libraries smart probes NodeOS

22 Loadable Libraries(LLs) Invoked by a smart probe to be executed Provide classes, methods and data structures used by one or more smart probes Shared among multiple probes Requirements Sharable Dynamically Loadable Globally Unique Name Version Number Separation of State Sharable State 22 SMEE loadable libraries smart probes

23 Management API for EEs and AAs SMEE access to EEs Mechanism EEs provide LL of function wrappers to internal management functions Wrappers provide interface for smart probes Probe calls function in the EE SMEE loadable library smart probes NodeOS EEs AA 23

24 ABLE Active Bell Lab Engine Bell Labs, Lucent Technologies Primary Component: Active Engine AE : Written in C, Execute Programs : Java code Isolation of the active mechanism Easily deployed in current IP networks ABLE Design Principles Generality and Simplicity Modularity Inter-operability and heterogeneity Long Lasting Sessions Cost Visibility Safety and Security 24

25 ABLE Architecture (1/2) 25

26 ABLE Architecture (2/2) Diverter Part of Router Active packet -> Active Engine Active manager The Core of AE Session generation, management, termination Session resource usage management(cpu, Bandwidth, ) Security stream module Monitoring of Network Usage by Session Router Interface Session router MIB Using SNMP Java object 26

27 ABLE++ Architecture (1/3) 27 Extension to the ABLE architecture Active Engine for ABLE++ Session Broker Creates, manages, and cleans up Active Sessions Controls communication and mobility Info Broker Export local device information to Active Session Provides efficient monitoring channel Engine, Cache, Interface Control Broker Active Session controls router Provides secure channel for control operation Engine, Security module, Interface

28 ABLE++ Architecture (2/3) AS1 AS2 AS3 ASn Active Sessions Active Engine Session Info Control Brokers Security Module Filter SNMP CLI OS API Managed Device 28

29 ABLE++ Architecture (3/3) Local Cache Data classification by volatility Volatile Quasi-volatile Static Quasi-volatile, Static -> Cache Reduce the load from the router Shortens the retrieval time Info Broker Session Interface Engine Cache Router SNMP, DeviceOS, etc 29

30 Active Network Security SANE(Secure AN Environment) Seraphim Safetynet PLAN(A Packet Language for AN) 30

31 Why is Security necessary in AN? To maintain the availability of the shared network infrastructure To grant correctness of the service To detect possible modification and to prevent malicious sniffing To avoid the possibility of combined attacks performed by colluding active packets 31

32 Security in Active network 4 types of exposure Corruption of information Disclosure of information Theft of service Denial of service Security Services Authentication Authorization Secrecy Integrity 32

33 Active Network Security Method Active Packet approach Performance problem Smart Packets, Active IP Option Active Node approach Good performance but poor security Limited flexibility ANTS, DAN. Appropriate balance is required. Two Approaches for AN Security System point of view : SANE, Seraphim, Smart Packets Programming point of view : Safetynet, PLAN 33

34 Active Packet Approach Early active network architecture. Code is carried by the packets. Active packet may misuse active packets. Proposed Techniques Fault tolerance Replication : packets replicate at each node Redirection : packets may seek alternative routes Persistence : packets are temporarily stored against node failure Encryption 34

35 Active Node Approach 35 Packets do not carry the actual code, but instead carry some identifiers or references. Actual code resides in active node. Motivation Performance problem Capability problem Active packets may misuse network resources and other active packets. Proposed Techniques Authentication of Active packets Monitoring and Control on resource usage Proof Carrying Code(PCC)

36 SANE Secure Active Network Environment University of Pennsylvania SwitchWare(1996 ) environment Component : Active Packet, Switchlet, SANE SwitchWare Layers Active Network Active Extension Packets Active Router Infrastructure Packet Language and Services 36

37 SANE Architecture (1/3) 2 concepts of Security Integrity Trust Security Services Cryptographic Primitives Public Key Infrastructure Key Establishment Protocol Packet Authentication Packet Encryption Naming 37

38 SANE Architecture (2/3) Layered architecture Lower layer (Static check) Higher layer (Dynamic check) Security Maintenance Ways Perform remote authentication for node-to-node authentication Provide restricted execution environment Use novel naming scheme to partition the node s service name space between users 38

39 SANE Architecture (3/3) PLAN Packet PLAN Packet Caml Switchlet Caml Switchlet Node-Node Authentication PLAN ALIEN Library ALIEN/Caml/OS Dynamic Integrity Checks Recovery AEGIS Static Integrity Checks 39

Seraphim University of Illinois Cherubim project based (mobile agent) http://devius.cs.uiuc.

40 Seraphim University of Illinois Cherubim project based (mobile agent) A universal policy is inadequate for active networks Allow varied security schemes for anticipated unknown applications -> Dynamic security policies 40

41 Seraphim Architecture (1/4) 41

42 Seraphim Architecture (2/4) 42 Reference Monitor(RM) The RM is implemented as a co-located extension to the NodeOS. Every node has a RM, through which all access to the node resource occur. Core security services verify the signature on the active capability RM evaluates the active capability to check access. The policy framework is a component of RM. Four different types of access control policy. Mandatory access control(mac) Discretionary access control(dac) Double discretionary access control(ddac) Role-based access control(rbac)

43 Seraphim Architecture (3/4) Active Capability(AC) Mobile Agent carrying security policies used in the access control decision making process Executable Java bytecode Protected by digital signature Active Capsule Certificate Active Code Active Capability Signature Certificate Active Code Signature 43

44 Seraphim Architecture (4/4) RM & Policy Administrator Application Obtain AC Request AC AC Evaluation AC Cache Policy Framework Component Reference Monitor Request AC Obtain AC Policy Administrator AC Repository Policy Server Componentized Policy Framework Policy Administrator 44

45 Seraphim : Performance Ping App Active Node A Active Node B Active Node C RM RM RM 5 4 Policy Server 45 System Configuration Avg. RTT (ms) No RM 10 RM without Cache 1494 RM with Cache 21 RM with Decisions in Cache 10

46 Conclusions Active Network Management 위한아키텍처제시필요 기존 IP 망에 ANM Technology 적용 기존라우터에장착 / 연결하여기능수행 새로운 ANM 프레임워크제시 Policy based Management New Security Services can be deployed. Tradeoffs Security-performance tradeoff Usability/flexibility-complexity tradeoff AN Management와 Security에필요한새로운이슈들과기술도출 AN Service 구현을위한테스트베드기반필요 46

47 References D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, J. M. Smith, "Security in Active Networks ", D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, J. M. Smith, "A Secure Active Network Environment Architecture: Realization in SwitchWare," IEEE Network Magazine, special issue on Active and Programmable Networks, 12(3), R. H. Campbell, et al., "Seraphim: Dynamic Interoperable Security Architecture for Active Networks", IEEE OPENARCH 2000, Tel- Aviv, Israel, Mar Alden W. Jackson, James P.G. Sterbenz, Matthew N. Condell, David J. Waitzman, "SENCOMM Architecture", Technology Document of BBN Tech., April Danny Raz and Yuval Shavitt., An Active Network Approach to Efficient Network Management.,IWAN'99, July 1999, Berlin, Germany. 47

KRnet Active Network 관리기술

KRnet Active Network 관리기술 KRnet 2001 Active Network 관리기술 전남대학교 최덕재 Contents Overview of Network Management Toward Active Network Network Management Using Active Network Technology BBN 의 SmartPacket 및 SENCoMM(Smart Environ- ment