Information Assurance This page intentionally left blank The Morgan Kaufmann Series in Networking Series Editor, David Clark, M.I.T Information Assurance: Dependability and Security in Networked Systems Yi Qian, James Joshi, David Tipper, and Prashant Krishnamurthy Network Analysis, Architecture, and Design, Third Edition Content Networking: Architecture, Protocols, and Practice Markus Hofmann and Leland R Beaumont Network Algorithmics: An Interdisciplinary Approach to Designing Fast Networked Devices George Varghese James D McCabe Wireless Communications & Networking: An Introduction Vijay K Garg Ethernet Networking for the Small Office and Professional Home Office Jan L Harrington IPv6 Advanced Protocols Implementation Qing Li, Tatuya Jinmei, and Keiichi Shima Computer Networks: A Systems Approach, Fourth Edition Larry L Peterson and Bruce S Davie Network Routing: Algorithms, Protocols, and Architectures Deepankar Medhi and Karthikeyan Ramaswami Deploying IP and MPLS QoS for Multiservice Networks: Theory and Practice John Evans and Clarence Filsfils Traffic Engineering and QoS Optimization of Integrated Voice & Data Networks Gerald R Ash IPv6 Core Protocols Implementation Qing Li, Tatuya Jinmei, and Keiichi Shima Smart Phone and Next-Generation Mobile Computing Pei Zheng and Lionel Ni GMPLS: Architecture and Applications Adrian Farrel and Igor Bryskin Network Security: A Practical Approach Jan L Harrington Network Recovery: Protection and Restoration of Optical, SONET-SDH, IP, and MPLS Jean Philippe Vasseur, Mario Pickavet, and Piet Demeester Routing, Flow, and Capacity Design in Communication and Computer Networks Michal Pióro and Deepankar Medhi Wireless Sensor Networks: An Information Processing Approach Feng Zhao and Leonidas Guibas Communication Networking: An Analytical Approach Anurag Kumar, D Manjunath, and Joy Kuri The Internet and Its Protocols: A Comparative Approach Adrian Farrel Modern Cable Television Technology: Video, Voice, and Data Communications, Second Edition Walter Ciciora, James Farmer, David Large, and Michael Adams Bluetooth Application Programming with the Java APIs C Bala Kumar, Paul J Kline, and Timothy J Thompson Policy-Based Network Management: Solutions for the Next Generation John Strassner MPLS Network Management: MIBs, Tools, and Techniques Thomas D Nadeau Developing IP-Based Services: Solutions for Service Providers and Vendors Internetworking Multimedia Jon Crowcroft, Mark Handley, and Ian Wakeman Monique Morrow and Kateel Vijayananda Telecommunications Law in the Internet Age Sharon K Black Optical Networks: A Practical Perspective, Second Edition Rajiv Ramaswami and Kumar N Sivarajan Internet QoS: Architectures and Mechanisms Zheng Wang TCP/IP Sockets in Java: Practical Guide for Programmers Michael J Donahoo and Kenneth L Calvert TCP/IP Sockets in C: Practical Guide for Programmers Kenneth L Calvert and Michael J Donahoo Multicast Communication: Protocols, Programming, and Applications Ralph Wittmann and Martina Zitterbart Understanding Networked Applications: A First Course David G Messerschmitt Integrated Management of Networked Systems: Concepts, Architectures, and their Operational Application Heinz-Gerd Hegering, Sebastian Abeck, and Bernhard Neumair Virtual Private Networks: Making the Right Connection Dennis Fowler Networked Applications: A Guide to the New Computing Infrastructure David G Messerschmitt Wide Area Network Design: Concepts and Tools for Optimization Robert S Cahn MPLS: Technology and Applications Bruce Davie and Yakov Rekhter High-Performance Communication Networks, Second Edition Jean Walrand and Pravin Varaiya For further information on these books and for a list of forthcoming titles, please visit our Web site at http://www.mkp.com The Morgan Kaufmann Series in Computer Security Information Assurance: Dependability and Security in Networked Systems Yi Qian, James Joshi, David Tipper, and Prashant Krishnamurthy Digital Watermarking and Steganography, Second Edition Ingemar Cox, Matthew Miller, Jeffrey Bloom, Jessica Fridrich, and Ton Kalker Network Recovery: Protection and Restoration of Optical, SONET-SDH, IP, and MPLS Jean-Philippe Vasseur, Mario Pickavet, and Piet Demeester For further information on these books and for a list of forthcoming titles, please visit our Web site at http://www.mkp.com This page intentionally left blank Information Assurance Dependability and Security in Networked Systems Yi Qian James Joshi David Tipper Prashant Krishnamurthy AMSTERDAM • BOSTON • HEIDELBERG • LONDON NEW YORK • OXFORD • PARIS • SAN DIEGO SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO Morgan Kaufmann is an imprint of Elsevier Acquisitions Editor Rick Adams Publishing Services Manager George Morrison Project Manager M´onica Gonz´alez de Mendoza Assistant Editor Gregory Chalson Production Assistant Lianne Hong Cover Design Eric Decicco Composition diacriTech Interior printer Sheridan Books, Inc Cover printer Phoenix Color Corporation Morgan Kaufmann Publishers is an imprint of Elsevier 30 Corporate Drive, Suite 400, Burlington, MA 01803, USA This book is printed on acid-free paper Copyright c 2008 by Elsevier, Inc All rights reserved Designations used by companies to distinguish their products are often claimed as trademarks or registered trademarks In all instances in which Morgan Kaufmann Publishers is aware of a claim, the product names appear in initial capital or all capital letters Readers, however, should contact the appropriate companies for more complete information regarding trademarks and registration No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means—electronic, mechanical, photocopying, scanning, or otherwise—without prior written permission of the publisher Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in Oxford, UK: phone: (+44) 1865 843830, fax: (+44) 1865 853333, E-mail: permissions@elsevier.com You may also complete your request online via the Elsevier homepage (http://elsevier.com), by selecting “Support & Contact” then “Copyright and Permission” and then “Obtaining Permissions.” Library of Congress Cataloging-in-Publication Data Information assurance : dependability and security in networked systems / Yi Qian [et al.] p cm – (The Morgan Kaufmann series in networking) Includes bibliographical references and index ISBN 978-0-12-373566-9 (pbk : alk paper) Computer networks–Security measures Computer networks–Reliability Computer security I Qian, Yi, 1962– TK5105.59.I5247 2007 005.8–dc22 2007033726 ISBN: 978-0-12-373566-9 For information on all Morgan Kaufmann publications, visit our Web site at www.mkp.com or www.books.elsevier.com Printed in the United States of America 07 08 09 10 11 12 13 10 To my wife Melodee, son Joshua and daughter Michelle —Yi Qian To my wife Tripti, daughter Jaimee, and parents Hem and Prava —James Joshi In memory of my father, C.E Tipper who encouraged and enabled my education —David Tipper To my parents, Krishnamurthy and Shantha whose blessings I count as my fortune every day —Prashant Krishnamurthy Index 536 trunk reservation (TR), 421 trust, 255 notion, 65–6, 156 trusted path functionality, 42 trust negotiation, 65–6 trust tickets, 68 trustworthiness domain name service, 236–40, 241 evaluation, 10, 209, 210–11 Trust-X, 67, 68 negotiation modes, 69 TRW see threshold random walk two-original attack flow diagnosable networks sparse monitoring and routing, 342–5 U UDI see unconstrained data items UDP see user datagram protocols unconstrained data items (UDI), 57 unidirectional path-switched rings (UPSR), 94 UNN see upstream neighbor nodes UPSR see unidirectional path-switched rings upstream neighbor nodes (UNN), 315 user(s), 72 user-centric identity management frameworks, 73–4 user datagram protocols (UDP), 20 user identification, 40–1 V verifiers, 131 vertical scans (Vscan), 513 detection, 513–16 detection validation, 518 VeryIDX project, 76 virtual cards, 74 virtualized networking enabling framework, 435–45 virtual network analysis simulators (VNAS), 444–5 virtual private networks (VPN), 85 virtual trust routing and provisioning domains (VTRouP), 438–9 VNA see virtual network analysis simulators voting approaches, 128–9 VPN see virtual private networks Vscan see vertical scans VTRouP see virtual trust routing and provisioning domains vulnerability assessment, 36 intrusion response systems, 410 model checking, 273 network-centric computing, 149–50 vulnerability-centric alert correlation, 11, 280–2, 289–92 empirical results, 298–300 vulnerability scanners, 36 limitations, 279–80 W WAN see wide area networks wavelength division multiplexed (WDM) modes, 307 wavelength selective switches (WSS), 309 WDM modes see wavelength division multiplexed modes WEP protocols see wired equivalent privacy protocols wide area networks (WAN), 84, 85 Windows CE Net error model, 359–61 robustness evaluation, 351–2, 366–9 robustness evaluation goals, 354 workload, 361 wired equivalent privacy (WEP) protocols, 32 wireless access networks (WAN) survivability, 190–1 wireless local area networks (WLAN), 459, 461–2 seamless operation between GPRS, 462–3 wireless network(s), 459, 461 framework for comprehensive treatment of IA problems, 467–70, 471–2, 485 hybrid architectures, 461–2 IA, 459–60, 484–5 interactions between IA components, 460, 470, 472–5 Index 537 security, 13, 460 security, current approaches, 463–5 survivability, 13, 460 survivability, current approaches, 465–6 wireless sensor networks (WSN), 459, 463 current security approaches, 464–5 current survivability approaches, 466 information assurance, 460 key management in heterogeneous networks, 476–84 WLAN see wireless local area networks workers, 131 worm attacks, 24–5 WSN see wireless sensor networks WSS see wavelength selective switches X XACML see extensible access control markup language X-GTRBAC, 69–70 X-TNL, 68 Z zero-day exploits, 25 zero-knowledge proof protocols, 76 Zotob virus, 161 This page intentionally left blank ... Data Information assurance : dependability and security in networked systems / Yi Qian [et al.] p cm – (The Morgan Kaufmann series in networking) Includes bibliographical references and index... received Ph.D in mathematics from Indian Institute of Technology Madras, India, in 1999 and is currently working at the Indian Institute of Technology Delhi, India Before joining this institute,... University P.R China; Ph.D degree in engineering in 1993 from the Harbin Institute of Technology, P.R China; and a master’s degree of research in computer science and software engineering from Monash