{"title":"保护宁录路由架构","authors":"Karen E. Sirois, S. Kent","doi":"10.1109/NDSS.1997.579223","DOIUrl":null,"url":null,"abstract":"This paper describes the work undertaken to secure Nimrod, a complex and sophisticated routing system that unifies interior and exterior routing functions. The focus of this work is countering attacks that would degrade or deny service to network subscribers. The work began with an analysis of security requirements for Nimrod, based on a hybrid approach that refines top-down requirements generation with an understanding of attack scenarios and the capabilities and limitations of countermeasures. The countermeasures selected for use here include several newly developed sequence integrity mechanisms, plus a protocol for shared secret establishment. A novel aspect of this work is the protection of subscriber traffic in support of the overall communication availability security goal.","PeriodicalId":224439,"journal":{"name":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","volume":"91 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1997-02-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"39","resultStr":"{\"title\":\"Securing the Nimrod routing architecture\",\"authors\":\"Karen E. Sirois, S. Kent\",\"doi\":\"10.1109/NDSS.1997.579223\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper describes the work undertaken to secure Nimrod, a complex and sophisticated routing system that unifies interior and exterior routing functions. The focus of this work is countering attacks that would degrade or deny service to network subscribers. The work began with an analysis of security requirements for Nimrod, based on a hybrid approach that refines top-down requirements generation with an understanding of attack scenarios and the capabilities and limitations of countermeasures. The countermeasures selected for use here include several newly developed sequence integrity mechanisms, plus a protocol for shared secret establishment. A novel aspect of this work is the protection of subscriber traffic in support of the overall communication availability security goal.\",\"PeriodicalId\":224439,\"journal\":{\"name\":\"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security\",\"volume\":\"91 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1997-02-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"39\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NDSS.1997.579223\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NDSS.1997.579223","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
This paper describes the work undertaken to secure Nimrod, a complex and sophisticated routing system that unifies interior and exterior routing functions. The focus of this work is countering attacks that would degrade or deny service to network subscribers. The work began with an analysis of security requirements for Nimrod, based on a hybrid approach that refines top-down requirements generation with an understanding of attack scenarios and the capabilities and limitations of countermeasures. The countermeasures selected for use here include several newly developed sequence integrity mechanisms, plus a protocol for shared secret establishment. A novel aspect of this work is the protection of subscriber traffic in support of the overall communication availability security goal.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
