Off-campus UMass Amherst users: To download campus access theses, please use the following link to log into our proxy server with your UMass Amherst user name and password.
Non-UMass Amherst users: Please talk to your librarian about requesting this thesis through interlibrary loan.
Theses that have an embargo placed on them will not be available to anyone until the embargo expires.
Access Type
Open Access
Document Type
thesis
Degree Program
Electrical & Computer Engineering
Degree Type
Master of Science in Electrical and Computer Engineering (M.S.E.C.E.)
Year Degree Awarded
2009
Month Degree Awarded
September
Keywords
Network Security, capability, deny-by-default, Data Path security
Abstract
Capabilities-based networks present a fundamental shift in the security design of network architectures. Instead of permitting the transmission of packets from any source to any destination, routers deny forwarding by default. For a successful transmission, packets need to positively identify themselves and their permissions to the router. A major challenge for a high performance implementation of such a network is an efficient design of the credentials that are carried in the packet and the verification procedure on the router. A network protocol that implements data path credentials based on Bloom filters is presented in this thesis. Our prototype implementation shows that there is some connection setup cost associated with this type of secure communication. However, once a connection is established, the throughput performance of a capabilities-based connection is similar to that of conventional TCP.
DOI
https://doi.org/10.7275/898738
First Advisor
Tilman Wolf
Included in
Computer and Systems Architecture Commons, Digital Communications and Networking Commons, Other Computer Engineering Commons