Collaborative Research NeTS-FIND: Privacy Preserving Attribution and Provenance

协作研究 NetS-FIND：隐私保护归属和出处

• 批准号: 0722000
• 负责人: Tadayoshi Kohno
• 金额: $ 23.4万
• 依托单位: University of Washington
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2007
• 资助国家: 美国
• 起止时间: 2007-09-01 至 2011-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0722000&HistoricalAwards=false
• 关键词: Collaborative; Research; NeTS; FIND; Privacy

Real-world security policies invariably involve questions of ``who'' and ``what''--who are the principals, what data are they seeking to access, and so forth. By contrast, the present-day Internet architecture concerns itself primarily with issues of ``how'' and ``where''-- what are the protocols by which a data item is delivered and to which topological endpoints. This inherent dissonance of purpose makes Internet security a bolt-on affair---with abstract access control policies pushed off to be implemented by particular applications or mapped onto the poor approximations provided by network-level abstractions (e.g., network firewalls). Moreover, these imperfect mechanisms are themselves attacked with impunity since today's Internet architecture provides a functional anonymity that insulates attackers from any meaningful liability.This project is developing two key architectural capabilities--host attribution (which physical machine sent a packet) and data provenance (what is the ``origin'' of the data contained within a packet)--to enable the direct expression of a wide-range of security policies. Moreover, these properties are being implemented in a fashion that mandates their use (in a strong sense) by the network, but manages to preserve end-user privacy. The PIs are focusing on two key applications in this work: forensic trace-back and attribution for the purpose of attack deterrence, and defensive data-exfiltration to place precise controls over what kinds of data may move across a network.Broader Impacts: This research is developing key architectural components to improve the level of security and assurance available to network services. In addition, the PIs are initiating a dialogue among both researchers and network operators about critical policy aspects of network security. In particular, information about the sources of both normal and attack traffic that must be safeguarded according to some policy.

现实世界的安全策略总是涉及“谁”和“什么”的问题--谁是主体，他们试图访问什么数据，等等。 相比之下，当今的互联网体系结构主要关注“如何”和"在哪里“的问题--数据项通过什么协议传递以及传递到哪些拓扑端点。 这种内在的目的不协调使得互联网安全成为一种螺栓式的事情--抽象的访问控制策略被推到由特定应用程序实现或映射到由网络级抽象提供的差的近似值上（例如，网络防火墙）。 此外，委员会认为，这些不完善的机制本身受到攻击而不受惩罚，因为今天的互联网体系结构提供了一种功能匿名性，使攻击者免受任何有意义的责任。（哪个物理机器发送了数据包）和数据来源（数据包中所含数据的“来源”是什么）--以便能够直接表达广泛的安全策略。此外，这些属性的实现方式要求网络（在很强的意义上）使用它们，但设法保护最终用户的隐私。 PI在这项工作中专注于两个关键应用：用于攻击威慑的取证追溯和归因，以及用于精确控制哪些类型的数据可能在网络中移动的防御性数据泄露。更广泛的影响：这项研究正在开发关键的架构组件，以提高网络服务的安全性和保证水平。 此外，PI正在发起研究人员和网络运营商之间关于网络安全关键政策方面的对话。 特别是关于正常流量和攻击流量来源的信息，这些信息必须根据某种策略加以保护。