Port-knocking is the concept of hiding remote services behind a firewall which allows access to the services'listening ports only after the client has successfully authenticatedto the firewall. This helps in preventing scanners from learningwhat services are currently available on a host and also servesas a defense against zero-day attacks. Existing port-knockingimplementations are not scalable in service provider deploymentsdue to their usage of shared secrets. In this paper we introducean implementation of port-knocking based on x509 certificatesaimed towards being highly scalable.
{"title":"sKnock: Port-Knocking for Masses","authors":"Daniel Sel, Sree Harsha Totakura, G. Carle","doi":"10.1109/SRDSW.2016.11","DOIUrl":"https://doi.org/10.1109/SRDSW.2016.11","url":null,"abstract":"Port-knocking is the concept of hiding remote services behind a firewall which allows access to the services'listening ports only after the client has successfully authenticatedto the firewall. This helps in preventing scanners from learningwhat services are currently available on a host and also servesas a defense against zero-day attacks. Existing port-knockingimplementations are not scalable in service provider deploymentsdue to their usage of shared secrets. In this paper we introducean implementation of port-knocking based on x509 certificatesaimed towards being highly scalable.","PeriodicalId":401182,"journal":{"name":"2016 IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121594877","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Off loading context-aware services with intensive tasks to cloud computing infrastructures is useful. However, we have a problem resulting from differences between context-centric access control models for pervasive computing and subject-based access control models for cloud computing. To solve this problem, this paper proposes a location model for spatially specifying containment relationships of persons, physical entities, spaces, and computers. The model also manages context-centric access control models, and introduces an interface between pervasive computing and cloud computing programs. The interfaces enable context-aware services executed forthe latter to access computational resources and information under an access control model for the former. This paper presents the basic notion of the model and its prototype implementation.
{"title":"Toward Access Control Model for Context-Aware Services Offloaded to Cloud Computing","authors":"I. Satoh","doi":"10.1109/SRDSW.2016.12","DOIUrl":"https://doi.org/10.1109/SRDSW.2016.12","url":null,"abstract":"Off loading context-aware services with intensive tasks to cloud computing infrastructures is useful. However, we have a problem resulting from differences between context-centric access control models for pervasive computing and subject-based access control models for cloud computing. To solve this problem, this paper proposes a location model for spatially specifying containment relationships of persons, physical entities, spaces, and computers. The model also manages context-centric access control models, and introduces an interface between pervasive computing and cloud computing programs. The interfaces enable context-aware services executed forthe latter to access computational resources and information under an access control model for the former. This paper presents the basic notion of the model and its prototype implementation.","PeriodicalId":401182,"journal":{"name":"2016 IEEE 35th Symposium on Reliable Distributed Systems Workshops (SRDSW)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121525573","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: