Abstract
Due to the increasing security threats on the Internet, new overlay network architectures have been proposed to secure privileged services. In these architectures, the application servers are protected by a defense perimeter where only traffic from entities called servlets are allowed to pass. End users must be authorized and can only communicate with entities called access points (APs). APs relay authorized users’ requests to servlets, which in turn pass them to the servers. The identity of APs are publicly known while the servlets are typically secret. All communications are done through the public Internet. Thus all the entities involved form an overlay network. The main component of this distributed system consists of n APs and m servlets. A design for a network is a bipartite graph with APs on one side, and the servlets on the other side. If an AP is compromised by an attacker (or fails), all the servlets that are connected to it are subject to attack. An AP is blocked, if all servlets connected to it are subject to attack. We consider two models for the failures: In the stochastic model, we assume that each AP i fails with a given probability p i . In the adversarial model, we assume that there is an adversary that knows the topology of the network and chooses at most k APs to compromise. In both models, our objective is to design the connections between APs and servlets to minimize the (expected/worst-case) number of blocked APs. In this paper, we give a polynomial-time algorithm for this problem in the stochastic model when the number of servlets is a constant. We also show that if the probability of failure of each AP is at least 1/2, then in the optimal design each AP is connected to only one servlet (we call such designs star-shaped), and give a polynomial-time algorithm to find the best star-shaped design. We observe that this statement is not true if the failure probabilities are small. In the adversarial model, we show that the problem is related to a problem in combinatorial set theory, and use this connection to give bounds on the maximum number of APs that a perfectly failure-resistant design with a given number of servlets can support. Our results provide the first rigorous theoretical foundation for practical secure overlay network design.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
