SECURITY, QoS, and (File) Content Differentiation

1
SECURITY, QoS, and (File) Content Differentiation

• -Sujeeth Narayan
• -Ankur Patwa
• -Francisco Torres

2
Introduction

• A new policy based document sharing application
• Differentiation of document sections according to
  intended user roles.
• Secure transfer of information with QoS
• Alert on receiving information based on document
  priority labeling

3
What would be used?

• LDAP for authentication and credentials
• Bandwidth reservation GRE Tunnels for file
  transfer
• PasTMon tool Tunneling for inter-network
  exchange
• RSVP Tunneling for intra-network exchange
• XML Parser for parsing a document to be sent
• Different modes of sending a new message alert
• Voice message
• Email
• SMS

4
Overview
5
Components

• Cluster of Servers
• LDAP Authentication
• XML Parsing Service
• Notification Service
• File Transfer service
• Cluster of File Systems
• Document distribution
• Client side tool
• Proposed Tool

6
Proposed Tool

• Allow user to classify the information
• Insert xml tags differentiating between
  classified information
• Encrypt the document and send it to xml parser

7
Scenario 1

1. Login to LDAP
2. Download user Credentials
3. Sets the user priority value
4. Routing decision based on priority
5. Intranet Routing with RSVP/GRE Tunnel if needed
6. Internet Routing with decisions based on QoS
   measured.

3
2
1
3
3
1
2
8
Scenario 2
An User logs into the system, and then sends a
document
If Receiver is on-line, document is
delivered otherwise, a notice will be sent to
him IF document has been labeled as URGENT
Encrypted document
Based on list of receivers, XML sends their
copies to receiversX500
XML Parser decrypts document using Public Key and
makes copies of it
Choose best option between DMZ and Users X500
Encrypted document
Encrypted document
Users Private Key
9
Scenario 3
An User logs into the system, and a document is
waiting for him
X500 verifies the existence of the document, and
sends it back to DMZ

• User logs in
• Normal Session
• As result of a notice
• sent by the system

DMZ where user got authenticated, checks with
users X500 for a potential document for him
Document delivered to user
10
Conclusion

• Future work
• Research of QoS implementation in this project
• Bell-Lapadula Model (write-down/read-up)?
• Images, Sound, Videoconferences? How to
  differentiate these on such a scenario?

11
Conclusion

• References
• Protection http//www.research.microsoft.com/lam
  pson/09-protection/Acrobat.pdf
• Identity Systems http//books.nap.edu/html/id_qu
  estions/
• Trusted Computer System Evaluation Criteria
  http//www.boran.com/security/tcsec.html
• Security of the Internet http//www.cert.org/ency
  c_article/tocencyc.html
• Int. to Computer Security http//csrc.nist.gov/pu
  blications/nistpubs/800-12/handbook.pdf
• Designing an Authentication System
  http//web.mit.edu/kerberos/www/dialogue.html
• Home Network Security http//www.cert.org/tech_ti
  ps/home_networks.html
• Open Shortest Path First (OSPF)
  http//www.cisco.com/univercd/cc/td/doc/cisintwk/i
  to_doc/ospf.htm
• How routing algorithms work http//computer.howst
  uffworks.com/routing-algorithm3.htm
• Wired-Wireless Network Architectures
  http//www.symbol.com/category.php?fileNameWP-32_
  network_architectures.xml
• pasTmon Tool www.pastmon.sourceforge.net
• RSVP http//www.cisco.com/univercd/cc/td/doc/cisi
  ntwk/ito_doc/rsvp.htm
• GRE with RSVP http//www.cisco.com/en/US/tech/tk5
  83/tk372/technologies_configuration_example09186a0
  0801982ae.shtml
• Open LDAP http//www.openldap.org/
• X 500 http//www.terena.nl/library/gnrt/specialis
  t/x500.html

12
Questions??