DDOS attacks can flood an organization with quite a lot of packets. We
are
interested in exploring the alternative routes for normal/trusted users.
The
outgoing alternative routes can be easily established through those additional
gateways, but we need to find ways (new protocol, new architectures, or
new
techniques) to route the legitimate traffic through those additional
gateways. On such technique is the multiple path routing where traffic
between a client and a server is going through a set of connection relay
servers. It can be used to improve the performance (multiple route ->
higher
aggregated bandwidth), the reliability (duplicate packets over different
routes), and the security (the sender choose the routes that is less
congested.). Note that it is easy to reroute the outgoing traffic but it
is harder to redirect existing or even future incoming traffic.
Web service was original proposed platform/language independent
interface/system for integrating web services at different
organizations/servers through HTTP/SOAP/UDDI. Security is an after-thought.
There are standards/groups that work very actively to specify protocols/APIs
that will address the security issues. This project will focus on the security
risks and their solutions that cannot be addressed by just SSL. Related
article/discussion in http://zdnet.com.com/2100-1106-943051.html. IBM,
Microsoft, Verisign has WS-Secure effort. http://www-
106.ibm.com/developerworks/library/ws-secure/
Hybrid CNA-CND Evaluation System.
Simulator such as VNS proved to be an effective training tool for
beginning security lessons. An interface from VNS to a small network security
prototype such as A2D2 developed by Angela Cearns at UCCS will
provide a more realistic learning, feedback, and evaluation environment
for
computer network security. This project will explore the design and
development of such Hybrid system.