Secure Deployment of Network Configuration
网络配置的安全部署
基本信息
- 批准号:RGPIN-2017-06659
- 负责人:
- 金额:$ 1.46万
- 依托单位:
- 依托单位国家:加拿大
- 项目类别:Discovery Grants Program - Individual
- 财政年份:2022
- 资助国家:加拿大
- 起止时间:2022-01-01 至 2023-12-31
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
Secure deployment of configuration information for network devices has been possible for a long time, but is relatively little used, because almost all of the management of Internet security has to be done manually. The security aspect is particularly difficult to retrofit to legacy equipment, especially in industries that use equipment with long expected lifetimes. Using a combination of novel intermediaries, careful assessment of management needs, and concepts from autonomic networks, we will investigate ways to reduce the initial and on-going costs of security enforcement, in ways that "play well" with existing operational practices.Our long-term objective is to formulate secure methods to manage the deployment of network configuration that are sufficiently automated that they will actually be deployed in operational networks, thus providing effective security for these networks.The research program will encompass four main areas of activity:1) Development and validation of methods for managing the security of routing protocols, without requiring manual intervention by networking staff;2) Exploration and validation of methods for managing mixed deployments of legacy devices and modern devices, while minimizing the disruption and maximizing the security during the transitioning of the control paradigm, thus encouraging the adoption of more up-to-date control and performance-assessment technologies, without requiring the de-commissioning of legacy equipment;3) Demonstration of the utility of our security-management approach in the area of Software-Defined Networking, specifically on the control path between the controller and the switches, which will make it easier to ensure the security of the managed objects;4) Assessment of selected application areas, such as power grids and industrial plants, as candidates for secure management of legacy devices, using our mixed-deployment solution.The lack of deployment for security solutions is based on an assessment (by network management executives) that the potential cost of security breaches is smaller than the cost of installing and maintaining the security solutions. The novelty of our work comes from the fact that we expect to be able to substantially lower the recurring costs of security management, to the point where the expected cost of maintaining (real) security is attractive (or at least acceptable). Governmental mandates will increase the desirability of these approaches, as they will increase the cost of not complying.The proposed areas of study will facilitate increased security in the Internet, which in turn responds to the statement by the Internet Engineering Task Force (the Standards Development Organization for the Internet) that "pervasive surveillance is an attack", which can only be mitigated by pervasive security.
为网络设备安全部署配置信息已经有很长一段时间了,但是使用的相对较少,因为几乎所有的Internet安全管理都必须手工完成。在安全方面,对传统设备进行改造尤其困难,特别是在使用预期寿命较长的设备的行业中。结合使用新颖的中介、对管理需求的仔细评估和自主网络的概念,我们将研究降低安全执行的初始和持续成本的方法,以与现有操作实践“良好配合”的方式。我们的长期目标是制定安全的方法来管理足够自动化的网络配置的部署,以便它们实际部署在运营网络中,从而为这些网络提供有效的安全性。该研究计划将包括四个主要活动领域:1)开发和验证管理路由协议安全性的方法,无需网络人员的人工干预;2)探索和验证管理传统设备和现代设备混合部署的方法,同时最大限度地减少控制范式过渡期间的中断和最大限度地提高安全性,从而鼓励采用更先进的控制和性能评估技术,而不需要取消传统设备的调试;3)演示我们的安全管理方法在软件定义网络领域的实用性,特别是在控制器和交换机之间的控制路径上,这将更容易确保被管理对象的安全性;4)评估选定的应用领域,如电网和工业工厂,作为传统设备安全管理的候选,使用我们的混合部署解决方案。缺乏安全解决方案的部署是基于一种评估(由网络管理主管),即安全漏洞的潜在成本小于安装和维护安全解决方案的成本。我们工作的新颖性来自于这样一个事实,即我们期望能够大幅降低安全性管理的重复成本,达到维护(实际)安全性的预期成本具有吸引力(或至少是可接受的)的程度。政府的命令将增加这些方法的可取性,因为它们将增加不遵守的成本。拟议的研究领域将有助于提高互联网的安全性,这反过来又回应了互联网工程任务组(互联网标准开发组织)的声明,即“无处不在的监视是一种攻击”,这种攻击只能通过无处不在的安全来缓解。
项目成果
期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
数据更新时间:{{ journalArticles.updateTime }}
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Atwood, John其他文献
RECURRENT EVOLUTION OF DIOECY IN BRYOPHYTES
- DOI:
10.1111/j.1558-5646.2012.01808.x - 发表时间:
2013-02-01 - 期刊:
- 影响因子:3.3
- 作者:
McDaniel, Stuart F.;Atwood, John;Burleigh, J. Gordon - 通讯作者:
Burleigh, J. Gordon
Atwood, John的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Atwood, John', 18)}}的其他基金
Secure Deployment of Network Configuration
网络配置的安全部署
- 批准号:
RGPIN-2017-06659 - 财政年份:2021
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Secure Deployment of Network Configuration
网络配置的安全部署
- 批准号:
RGPIN-2017-06659 - 财政年份:2020
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Secure Deployment of Network Configuration
网络配置的安全部署
- 批准号:
RGPIN-2017-06659 - 财政年份:2019
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Secure Deployment of Network Configuration
网络配置的安全部署
- 批准号:
RGPIN-2017-06659 - 财政年份:2018
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Secure Deployment of Network Configuration
网络配置的安全部署
- 批准号:
RGPIN-2017-06659 - 财政年份:2017
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Secure and accountable multicast data distribution
安全可靠的组播数据分发
- 批准号:
8634-2006 - 财政年份:2009
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Secure and accountable multicast data distribution
安全可靠的组播数据分发
- 批准号:
8634-2006 - 财政年份:2008
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Secure and accountable multicast data distribution
安全可靠的组播数据分发
- 批准号:
8634-2006 - 财政年份:2007
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Secure and accountable multicast data distribution
安全可靠的组播数据分发
- 批准号:
8634-2006 - 财政年份:2006
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
General software framework for deployment of constrained multicast protocols
用于部署受限组播协议的通用软件框架
- 批准号:
8634-2002 - 财政年份:2005
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
相似海外基金
Wireless virtualized network deployment strategies
无线虚拟化网络部署策略
- 批准号:
RGPIN-2018-04580 - 财政年份:2022
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Deployment of a sustainable digital water kiosk network
部署可持续的数字水亭网络
- 批准号:
10046300 - 财政年份:2022
- 资助金额:
$ 1.46万 - 项目类别:
Grant for R&D
RAPID: Critical Wildfire Monitoring Utilizing the National Ecological Observatory Network Mobile Deployment Platform with Edge-computing Cyberinfrastructure
RAPID:利用国家生态观测站网络移动部署平台和边缘计算网络基础设施进行关键野火监测
- 批准号:
2137769 - 财政年份:2021
- 资助金额:
$ 1.46万 - 项目类别:
Standard Grant
Wireless virtualized network deployment strategies
无线虚拟化网络部署策略
- 批准号:
RGPIN-2018-04580 - 财政年份:2021
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Secure Deployment of Network Configuration
网络配置的安全部署
- 批准号:
RGPIN-2017-06659 - 财政年份:2021
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Secure Deployment of Network Configuration
网络配置的安全部署
- 批准号:
RGPIN-2017-06659 - 财政年份:2020
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Wireless virtualized network deployment strategies
无线虚拟化网络部署策略
- 批准号:
RGPIN-2018-04580 - 财政年份:2020
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Enabling cloud deployment of a network data capture tool to improve Partner Services
支持网络数据捕获工具的云部署以改善合作伙伴服务
- 批准号:
10609285 - 财政年份:2020
- 资助金额:
$ 1.46万 - 项目类别:
Wireless virtualized network deployment strategies
无线虚拟化网络部署策略
- 批准号:
RGPIN-2018-04580 - 财政年份:2019
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual
Secure Deployment of Network Configuration
网络配置的安全部署
- 批准号:
RGPIN-2017-06659 - 财政年份:2019
- 资助金额:
$ 1.46万 - 项目类别:
Discovery Grants Program - Individual