Title: Theory and implementation of a virtualisation level Future Internet defence in depth architecture

Authors: Jerzy Konorski; Piotr Pacyna; Grzegorz Kolaczek; Zbigniew Kotulski; Krzysztof Cabaj; Pawel Szalachowski

Addresses: Gdansk University of Technology, ul. Narutowicza 11/12, 80-233 Gdansk, Poland ' AGH University of Science and Technology, Al. Mickiewicza 30, 30-059 Krakow, Poland ' Wroclaw University of Technology, ul. Wybrzeze Wyspianskiego 27, 50-370 Wroclaw, Poland ' Warsaw University of Technology, ul. Nowowiejska 15/19, 00-665 Warsaw, Poland ' Warsaw University of Technology, ul. Nowowiejska 15/19, 00-665 Warsaw, Poland ' Warsaw University of Technology, ul. Nowowiejska 15/19, 00-665 Warsaw, Poland; Institute of Information Security, Universitätstrasse 6, 8092 Zurich, Switzerland

Abstract: An EU Future Internet Engineering project currently underway in Poland defines three parallel internets (PIs). The emerging IIP system (IIPS, abbreviating the project's Polish name), has a four-level architecture, with level 2 responsible for creation of virtual resources of the PIs. This paper proposes a three-tier security architecture to address level 2 threats of unauthorised traffic injection and IIPS traffic manipulation or forging. It is argued that the measures to be taken differ in nature from those ensuring classical security attributes. A combination of hard- and soft-security mechanisms produces node reputation and trust metrics, which permits to eliminate or ostracise misbehaving nodes. Experiments carried out in a small-scale IIPS testbed are briefly discussed.

Keywords: Future Internet project; virtualisation; security architecture; HMAC; hash-based message authentication code; anomaly detection; reputation systems; trust management; Poland; parallel internets; virtual resources; node reputation; misbehaving nodes; defence in depth; network security.

DOI: 10.1504/IJTMCC.2013.056431

International Journal of Trust Management in Computing and Communications, 2013 Vol.1 No.3/4, pp.274 - 299

Received: 01 Oct 2012
Accepted: 10 Mar 2013

Published online: 16 Sep 2013 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article