A Distributed Dynamic μFirewall Architecture with Mobile Agents and KeyNote Trust Management System | SpringerLink
Skip to main content
Springer Nature Link
Log in

A Distributed Dynamic μFirewall Architecture with Mobile Agents and KeyNote Trust Management System

  • Conference paper
  • First Online:
Information and Communications Security (ICICS 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2513))

Included in the following conference series:

Abstract

Due to end-to-end design principle in distributed applications, many emerging security problems could not be solved by conventional security technologies, such as firewalls and IDSs. To address these problems, we present a distributed dynamic μFirewall architecture based on mobile agents and KeyNote trust management system. In this architecture, KeyNote trust management system provides the scalable distributed control capability and supports a mechanism called “policy-updates on demand”. Mobile agents implement dynamic security policy reconfiguration and enhance the scalability. Each μFirewall is built with a packet filter and DTE-enhanced evaluator to enforce policy at the end points. A distributed intrusion detection and response (DIDR) system supports dynamic security capabilities and provides fast response to attacks from all possible sources. Our architecture is scalable, topology independent, and intrusion-tolerant.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 5719
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 7149
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Amoroso, E.: Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Traps, Trace Back, and Response, Intrusion.Net Books, 1999.

    Google Scholar 

  2. Badger, L., Sterne, D. F., Sherman, D. L., Walker, K. M.: A Domain and Type Enforcement UNIX Prototype, USENIX Computing Systems, Vol. 9, Cambridge, Massachusetts, 1996.

    Google Scholar 

  3. Bartal, Y., Mayer, A., Nissim, K., Wool, A.: Firmato: a novel firewall management toolkit, Proceedings of IEEE Symposium on Security and Privacy, pp. 17–31, 1999.

    Google Scholar 

  4. Bellovin, S. M.: Distributed Firewalls, login:, November 1999, pp. 37–39.

    Google Scholar 

  5. Blaze, M., Feigenbaum, J., Ioannidis, J., Keromytis, A. D.: The KeyNote trust management system, version 2•Internet RFC 2704•Sept. 1999.

    Google Scholar 

  6. Blaze, M., Ioannidis, J., Keromytis, A. D.: Trust management and network layer security protocols, Proceedings of Security Protocols International Wrokshop, Springer Verlag LNCS, 1999.

    Google Scholar 

  7. Chess, D.: Security Issues in Mobile Code Systems, Mobile Agent Security, Lecture Notes in Computer Science, Vol. 1419, 1998, Springer, pp. 1–14.

    Google Scholar 

  8. Clarke, D., Elien, J. E., Ellison, C., Fredette, M., Morcos, A., Rivest, R. L.: Certificate Chain Discovery in SPKI/SDSI, Technical Report, Computer Science Dept, MIT, November 1999.

    Google Scholar 

  9. Frincke, D., Tobin, D., McConnell, J., Marconi, J., Polla, D.: A Framework for Cooperative Intrusion Detection, Proceedings of the 21 st National Information Systems Security Conference, pp. 361–373, October 1998.

    Google Scholar 

  10. Hwang, K., Gangadhran, M.: Micro-Firewalls for Dynamic Network Security with Distributed Intrusion Detection, Proceedings of IEEE Int’l Symposium on Network Computing and Applications, June 20, 2001.

    Google Scholar 

  11. Ioannidis, S., Keromytis, A. D., Bellovin, S. M., Smith, J. M.: Implementing a Distributed Firewall, Proceedings of 7th ACM conference on Computer and Communication Security, Nov. 2000, Athens, Greece.

    Google Scholar 

  12. Keromytis, A. D.: STRONGMAN: A Scalable Solution to Trust Management in Networks, Ph.D. Thesis, University of Pennsylvania, November 2001.

    Google Scholar 

  13. Miller, M., Morris, J.: Centralized administration of distributed firewalls, Proceedings of Systems Administration Conference, pp. 19–23, USENIX, 1996.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Internet and Cluster Computing Center, Huazhong University of Science and Technology, Wuhan, 430074, China

    Hai Jin, Feng Xian, Zongfen Han & Shengli Li

Authors
  1. Hai Jin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Feng Xian
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zongfen Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shengli Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Labs for Information Technology, 21 Heng Mui Keng Terrace, Singapore, 119613

    Robert Deng , Feng Bao  & Jianying Zhou ,  & 

  2. Engineering Research Center for Information Security Technology, Chinese Academy of Sciences, P.O. Box 8718, Beijing, 100080, China

    Sihan Qing

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jin, H., Xian, F., Han, Z., Li, S. (2002). A Distributed Dynamic μFirewall Architecture with Mobile Agents and KeyNote Trust Management System. In: Deng, R., Bao, F., Zhou, J., Qing, S. (eds) Information and Communications Security. ICICS 2002. Lecture Notes in Computer Science, vol 2513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36159-6_2

Download citation

  • DOI: https://doi.org/10.1007/3-540-36159-6_2

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00164-5

  • Online ISBN: 978-3-540-36159-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation