Collaborative Research: NeTS-FIND: Privacy Preserving Attribution & Provenance
合作研究:NetS-FIND:隐私保护归因
基本信息
- 批准号:0722031
- 负责人:
- 金额:$ 40.2万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Continuing Grant
- 财政年份:2007
- 资助国家:美国
- 起止时间:2007-09-01 至 2011-08-31
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
Real-world security policies invariably involve questions of ``who'' and ``what''--who are the principals, what data are they seeking to access, and so forth. By contrast, the present-day Internet architecture concerns itself primarily with issues of ``how'' and ``where''-- what are the protocols by which a data item is delivered and to which topological endpoints. This inherent dissonance of purpose makes Internet security a bolt-on affair---with abstract access control policies pushed off to be implemented by particular applications or mapped onto the poor approximations provided by network-level abstractions (e.g., network firewalls). Moreover, these imperfect mechanisms are themselves attacked with impunity since today's Internet architecture provides a functional anonymity that insulates attackers from any meaningful liability.This project is developing two key architectural capabilities--host attribution (which physical machine sent a packet) and data provenance (what is the ``origin'' of the data contained within a packet)--to enable the direct expression of a wide-range of security policies. Moreover, these properties are being implemented in a fashion that mandates their use (in a strong sense) by the network, but manages to preserve end-user privacy. The PIs are focusing on two key applications in this work: forensic trace-back and attribution for the purpose of attack deterrence, and defensive data-exfiltration to place precise controls over what kinds of data may move across a network.Broader Impacts: This research is developing key architectural components to improve the level of security and assurance available to network services. In addition, the PIs are initiating a dialogue among both researchers and network operators about critical policy aspects of network security. In particular, information about the sources of both normal and attack traffic that must be safeguarded according to some policy.
现实世界的安全策略总是涉及“谁”和“什么”的问题——谁是主体,他们寻求访问什么数据,等等。相比之下,当今的互联网体系结构主要关注“如何”和“在哪里”的问题——数据项通过什么协议传递,以及传递到哪些拓扑端点。这种内在的目的不协调使得Internet安全成为一种临时事务——抽象的访问控制策略被推到特定的应用程序中去实现,或者映射到由网络级抽象(例如,网络防火墙)提供的糟糕的近似上。此外,由于今天的互联网架构提供了一种功能匿名性,使攻击者免于承担任何有意义的责任,因此这些不完善的机制本身就可以免受攻击。这个项目正在开发两个关键的体系结构功能——主机归属(哪台物理机器发送了数据包)和数据来源(数据包中包含的数据的“来源”是什么)——以支持广泛的安全策略的直接表达。此外,这些属性正在以一种方式实现,这种方式要求网络(在很大程度上)使用它们,但设法保护最终用户的隐私。在这项工作中,pi专注于两个关键应用:用于攻击威慑的取证溯源和归因,以及用于对可能在网络中移动的数据进行精确控制的防御性数据泄露。更广泛的影响:这项研究正在开发关键的体系结构组件,以提高网络服务可用的安全性和保证级别。此外,pi正在研究人员和网络运营商之间发起关于网络安全关键政策方面的对话。特别是关于正常流量和攻击流量的来源信息,这些信息必须根据某些策略进行保护。
项目成果
期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
数据更新时间:{{ journalArticles.updateTime }}
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Alex Snoeren其他文献
Alex Snoeren的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Alex Snoeren', 18)}}的其他基金
CNS Core: Small: Designing Efficient Cloud Datacenter Network Fabrics
CNS 核心:小型:设计高效的云数据中心网络结构
- 批准号:
1911104 - 财政年份:2019
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
II-New: A Dual-Purpose Data Analytics Laboratory
II-新:双用途数据分析实验室
- 批准号:
1629973 - 财政年份:2016
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
NeTS: Small: Collaborative Research: Studying and Improving the Performance of Access Networks
NeTS:小型:协作研究:研究和提高接入网络的性能
- 批准号:
1422240 - 财政年份:2014
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
EAGER: Personalization in the Information Age
EAGER:信息时代的个性化
- 批准号:
1255274 - 财政年份:2012
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
NeTS: Small: Understanding Network Failure
NetS:小型:了解网络故障
- 批准号:
1116904 - 财政年份:2011
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
CSR---PDOS: Harnessing Virtualized Cluster Resources
CSR---PDOS:利用虚拟化集群资源
- 批准号:
0615392 - 财政年份:2006
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
NeTS-FIND: Enabling Defense and Deterrence through Private Attribution
NetS-FIND:通过私人归属实现防御和威慑
- 批准号:
0627157 - 财政年份:2006
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
NeTS-NBD: Distributed Rate Limiting
NeTS-NBD:分布式速率限制
- 批准号:
0627167 - 财政年份:2006
- 资助金额:
$ 40.2万 - 项目类别:
Continuing Grant
Student Travel Support for ACM HotNets-III Workshop; October 15-16, 2004; San Diego, CA
ACM HotNets-III 研讨会的学生旅行支持;
- 批准号:
0436331 - 财政年份:2004
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
CAREER: Decoupling Policy from Mechanism in Internet Routing
职业:将策略与互联网路由机制解耦
- 批准号:
0347949 - 财政年份:2004
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
相似国自然基金
Research on Quantum Field Theory without a Lagrangian Description
- 批准号:24ZR1403900
- 批准年份:2024
- 资助金额:0.0 万元
- 项目类别:省市级项目
Cell Research
- 批准号:31224802
- 批准年份:2012
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Cell Research
- 批准号:31024804
- 批准年份:2010
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Cell Research (细胞研究)
- 批准号:30824808
- 批准年份:2008
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Research on the Rapid Growth Mechanism of KDP Crystal
- 批准号:10774081
- 批准年份:2007
- 资助金额:45.0 万元
- 项目类别:面上项目
相似海外基金
Collaborative Research: NeTS: Small: A Privacy-Aware Human-Centered QoE Assessment Framework for Immersive Videos
协作研究:NetS:小型:一种具有隐私意识、以人为本的沉浸式视频 QoE 评估框架
- 批准号:
2343619 - 财政年份:2024
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
Collaborative Research: NeTS: Small: A Privacy-Aware Human-Centered QoE Assessment Framework for Immersive Videos
协作研究:NetS:小型:一种具有隐私意识、以人为本的沉浸式视频 QoE 评估框架
- 批准号:
2343618 - 财政年份:2024
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
Collaborative Research: NeTS: Medium: EdgeRIC: Empowering Real-time Intelligent Control and Optimization for NextG Cellular Radio Access Networks
合作研究:NeTS:媒介:EdgeRIC:为下一代蜂窝无线接入网络提供实时智能控制和优化
- 批准号:
2312978 - 财政年份:2023
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
Collaborative Research: NeTS: Small: Digital Network Twins: Mapping Next Generation Wireless into Digital Reality
合作研究:NeTS:小型:数字网络双胞胎:将下一代无线映射到数字现实
- 批准号:
2312138 - 财政年份:2023
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
Collaborative Research: NeTS: Small: Digital Network Twins: Mapping Next Generation Wireless into Digital Reality
合作研究:NeTS:小型:数字网络双胞胎:将下一代无线映射到数字现实
- 批准号:
2312139 - 财政年份:2023
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
Collaborative Research: NeTS: Medium: Towards High-Performing LoRa with Embedded Intelligence on the Edge
协作研究:NeTS:中:利用边缘嵌入式智能实现高性能 LoRa
- 批准号:
2312676 - 财政年份:2023
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
Collaborative Research: NeTS: Medium: Black-box Optimization of White-box Networks: Online Learning for Autonomous Resource Management in NextG Wireless Networks
合作研究:NeTS:中:白盒网络的黑盒优化:下一代无线网络中自主资源管理的在线学习
- 批准号:
2312835 - 财政年份:2023
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
Collaborative Research: NeTS: Medium: An Integrated Multi-Time Scale Approach to High-Performance, Intelligent, and Secure O-RAN based NextG
合作研究:NeTS:Medium:基于 NextG 的高性能、智能和安全 O-RAN 的集成多时间尺度方法
- 批准号:
2312447 - 财政年份:2023
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
Collaborative Research: NeTS: Medium: Large Scale Analysis of Configurations and Management Practices in the Domain Name System
合作研究:NetS:中型:域名系统配置和管理实践的大规模分析
- 批准号:
2312711 - 财政年份:2023
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant
Collaborative Research: NeTS: Medium: Black-box Optimization of White-box Networks: Online Learning for Autonomous Resource Management in NextG Wireless Networks
合作研究:NeTS:中:白盒网络的黑盒优化:下一代无线网络中自主资源管理的在线学习
- 批准号:
2312836 - 财政年份:2023
- 资助金额:
$ 40.2万 - 项目类别:
Standard Grant