Keromytis et al., 2003 - Google Patents
The STRONGMAN architectureKeromytis et al., 2003
View PDF- Document ID
- 678267727968638221
- Author
- Keromytis A
- Ioannidis S
- Greenwald M
- Smith J
- Publication year
- Publication venue
- Proceedings DARPA Information Survivability Conference and Exposition
External Links
Snippet
The design principle of restricting local autonomy only where necessary for global robustness has led to a scalable Internet. Unfortunately, this scalability and capacity for distributed control has not been achieved in the mechanisms for specifying and enforcing …
- 238000002474 experimental method 0 abstract description 6
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
- H04L63/104—Grouping of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0464—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Keromytis et al. | The STRONGMAN architecture | |
| Ioannidis et al. | Implementing a distributed firewall | |
| US10706427B2 (en) | Authenticating and enforcing compliance of devices using external services | |
| Blaze et al. | Trust management for IPsec | |
| US12101416B2 (en) | Accessing hosts in a computer network | |
| US8490153B2 (en) | Automatically generating rules for connection security | |
| EP1457018B1 (en) | Access control management | |
| US7760729B2 (en) | Policy based network address translation | |
| EP1942629B1 (en) | Method and system for object-based multi-level security in a service oriented architecture | |
| US20020162026A1 (en) | Apparatus and method for providing secure network communication | |
| EP4323898B1 (en) | Computer-implemented methods and systems for establishing and/or controlling network connectivity | |
| Naous et al. | Delegating network security with more information | |
| Keromytis | Strongman: A scalable solution to trust management in networks | |
| Teymoori et al. | Enhancing Iot Security and Efficiency Through Rina: A Comprehensive Qualitative Analysis and Use Case Study | |
| Khandkar et al. | Masking host identity on internet: Encrypted TLS/SSL handshake | |
| Keromytis et al. | Scalable Security Policy Mechanisms | |
| Keromytis et al. | Managing access control in large scale heterogeneous networks | |
| Keromytis et al. | Scalable Security Mechanisms for the Internet | |
| US20250097198A1 (en) | Zero-trust packet routing | |
| US20250240175A1 (en) | Methods and systems for implementing secure communication channels between systems over a network | |
| Ioannidis et al. | Virtual private services: Coordinated policy enforcement for distributed applications | |
| Kumar | DATA SECURITY IN LOCAL NETWORK USING DISTRIBUTED FIREWALL | |
| Brockners et al. | Diameter network address and port translation control application | |
| Barka et al. | Managing access and usage controls in SNMP | |
| Huawei Technologies Co., Ltd. | ACL and AAA |