Theory and implementation of a virtualisation level Future Internet defence in depth architecture
Jerzy Konorski , Piotr Pacyna , Grzegorz Kołaczek , Zbigniew Kotulski , Krzysztof Cabaj , Paweł Szałachowski
AbstractAn EU Future Internet Engineering project currently underway in Poland defines three parallel internets (PIs). The emerging IIP system (IIPS, abbreviating the project's Polish name), has a four-level architecture, with level 2 responsible for creation of virtual resources of the PIs. This paper proposes a three-tier security architecture to address level 2 threats of unauthorised traffic injection and IIPS traffic manipulation or forging. It is argued that the measures to be taken differ in nature from those ensuring classical security attributes. A combination of hard- and soft-security mechanisms produces node reputation and trust metrics, which permits to eliminate or ostracise misbehaving nodes. Experiments carried out in a small-scale IIPS testbed are briefly discussed.
|Journal series||International Journal of Trust Management in Computing and Communications, ISSN 2048-8378, [2048-8386]|
|Publication size in sheets||1.25|
|Keywords in Polish||wykrywanie incydentów bezpieczeństwa, wykrywanie anomalii, architektura bezpieczeństwa|
|Keywords in English||Future Internet project; virtualisation; security architecture; HMAC; hash-based message authentication code; anomaly detection; reputation systems; trust management; Poland; parallel internets; virtual resources; node reputation; misbehaving nodes; defence in depth; network security.|
|Project||The Develpment of Digital Communicatios. Project leader: Lubacz Józef,
, Phone: 22 234 65 31, start date 04-05-2012, planned end date 31-03-2013, end date 31-12-2013, IT/2012/statut, Completed
|Score|| = 0.0, 01-03-2020, ArticleFromJournal|
= 5.0, 01-03-2020, ArticleFromJournal
|Publication indicators||= 2.0|
|Citation count*||2 (2020-09-05)|
* presented citation count is obtained through Internet information analysis and it is close to the number calculated by the Publish or Perish system.