Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2003 | Buch

Introduction Kapitel lesen Erstes Kapitel lesen

Disseminating Security Updates at Internet Scale

verfasst von: Jun Li, Peter Reiher, Gerald J. Popek

Verlag: Springer US

Buchreihe : Advances in Information Security

Enthalten in: Professional Book Archive

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

Disseminating Security Updates at Internet Scale describes a new system, "Revere", that addresses these problems. "Revere" builds large-scale, self-organizing and resilient overlay networks on top of the Internet to push security updates from dissemination centers to individual nodes. "Revere" also sets up repository servers for individual nodes to pull missed security updates. This book further discusses how to protect this push-and-pull dissemination procedure and how to secure "Revere" overlay networks, considering possible attacks and countermeasures. Disseminating Security Updates at Internet Scale presents experimental measurements of a prototype implementation of "Revere" gathered using a large-scale oriented approach. These measurements suggest that "Revere" can deliver security updates at the required scale, speed and resiliency for a reasonable cost.

Disseminating Security Updates at Internet Scale will be helpful to those trying to design peer systems at large scale when security is a concern, since many of the issues faced by these designs are also faced by "Revere". The "Revere" solutions may not always be appropriate for other peer systems with very different goals, but the analysis of the problems and possible solutions discussed here will be helpful in designing a customized approach for such systems.

Inhaltsverzeichnis

Frontmatter
Chapter 1. Introduction
Abstract
Over the years the Internet has been seriously challenged by various threats: break-ins, attacks, hoaxes, vulnerabilities, and other malicious subversion efforts. Writers of malicious code, such as viruses, worms, and Trojan horses have been creative in finding ways for their code to propagate rapidly from machine to machine, but defenders of the Internet have been much less aggressive in finding ways to disseminate the information necessary to counter these attacks. As a result, not only have the network infrastructure and individual machines been exposed to various forms of network-based attacks, but they have been slow in reacting to these attacks. This situation raises concerns that were not present when networking was less common and less relied upon.
Jun Li, Peter Reiher, Gerald J. Popek
Chapter 2. Assurance Via Redundancy
Abstract
One of the most critical challenges facing Revere is that of supporting the high availability of security update dissemination under various circumstances, including the case where an attacker is trying to corrupt information while in transit. In this chapter we justify the fundamental concept of information assurance via redundancy and discuss general considerations on using redundancy to secure transmissions; we will thus establish that a redundancy mechanism is critical to the success of Revere.
Jun Li, Peter Reiher, Gerald J. Popek
Chapter 3. RBone: A Self-Organized Resilient Overlay Network
Abstract
An RBone must be formed and maintained for each different type of security update notification to ensure delivery of the needed security updates. Composed of Revere nodes and the logical links between them, an RBone is the basis of security update dissemination. During security update dissemination, Revere forwards security updates from one node on the RBone to another along the virtual link between them.
Jun Li, Peter Reiher, Gerald J. Popek
Chapter 4. Dissemination Procedure
Abstract
Revere supports a dual mechanism for delivering security updates: pushing and pulling. Using pushing, a dissemination center can broadcast a security update via an RBone to all connected nodes. Using pulling, an individual Revere node can request security updates. Pushing is the main delivery method. Pulling, on the other hand, allows a node to catch up with any missed security updates.
Jun Li, Peter Reiher, Gerald J. Popek
Chapter 5. Security
Abstract
Revere assumes that a large percentage of Revere nodes are cooperative; however, with Revere running at Internet scale, it is unrealistic to assume that no Revere nodes have been subverted. Revere, as a service for delivering security information, can be a very tempting target for attackers. If attackers can misuse or abuse Revere, they can achieve various malicious goals; for example, a corrupted Revere system may become an ideal carrier to help propagate network worms or other threats. Therefore, Revere security must be carefully addressed, including both the security of the dissemination procedure and the security of RBone management.
Jun Li, Peter Reiher, Gerald J. Popek
Chapter 6. Real Measurement Under Virtual Topology
Abstract
Revere provides a service for disseminating security updates at Internet scale. To understand how effective Revere is in providing this service, the characteristics of the dissemination must be evaluated. This is a critical step before widely deploying Revere over the Internet.
Jun Li, Peter Reiher, Gerald J. Popek
Chapter 7. Related Work
Abstract
Viewed in the most general context, Revere fits within the broad scope of information distribution over the Internet. In this section we look into those general-purpose distribution services, including preliminary techniques (unicasting, broadcasting, flooding, etc.), IP multicasting, application-layer protocols, email, replicated data management, content-delivery networks, and some commercial products.
Jun Li, Peter Reiher, Gerald J. Popek
Chapter 8. Future Work
Abstract
This book has presented key techniques that enable the dissemination of security updates. It also provides a platform for further research on open issues. In the following two sections, we will first briefly revisit the open technical issues that have been discussed in previous chapters, and then ask questions from a broader view of the Revere system.
Jun Li, Peter Reiher, Gerald J. Popek
Chapter 9. Conclusions
Abstract
This work demonstrates that fast, secure and resilient delivery of a modest amount of information through a very large-scale network is feasible, without employing huge server farms. To summarize the work, in this chapter we will recapitulate the problem Revere tries to solve, summarize the solution Revere provides, and outline Revere’s contributions. Broad lessons learned from this work will also be presented.
Jun Li, Peter Reiher, Gerald J. Popek
Backmatter
Metadaten
Titel
Disseminating Security Updates at Internet Scale
verfasst von
Jun Li
Peter Reiher
Gerald J. Popek
Copyright-Jahr
2003
Verlag
Springer US
Electronic ISBN
978-1-4615-1021-5
Print ISBN
978-1-4613-5355-3
DOI
https://doi.org/10.1007/978-1-4615-1021-5