The Design and Implementation of a Secure Content Switch.ppt
《The Design and Implementation of a Secure Content Switch.ppt》由会员分享,可在线阅读,更多相关《The Design and Implementation of a Secure Content Switch.ppt(37页珍藏版)》请在麦多课文档分享上搜索。
1、10/4/2018,Secure Content Switch/godavari,1,The Design and Implementation of a Secure Content Switch,Master Thesis PresentationGanesh Kumar Godavari Department of Computer Science Univ. of Colorado at Colorado Springs,10/4/2018,Secure Content Switch/godavari,2,Outline of the Talk,Content Switch and O
2、verview of SSL Related Literature Design of Secure Content Switch (SCS) Performance of SCS implementation Lessons Learned and Future Directions Conclusion,10/4/2018,Secure Content Switch/godavari,3,Content Switch (CS),Route packets based on high layer (Layer 5/7)headers and content. Examples: Direct
3、 Web traffic based on pattern of URLs, host tags, cookies. Can Route incoming email based on email address; Connect POP/IMAP based on login Web switches and Intel XML Director/accelerator are special cases of content switch.,. .,.,client,uccs.jpg,rocky.mid,home.htm,Index.htm,Content Switch,server1,s
4、erver2,server9,10/4/2018,Secure Content Switch/godavari,4,What Services It Can Provide,Enabling premium services for e-commerce, ISP, and Web hosting providers Load Balancing and High Available Server Clusters: Web, E-commerce, Email, Computing, File, SAN Policy-based networking, differential/QoS se
5、rvices. Firewall, Strengthening DoS protection, cache/firewall load-balancing Flash-crowd management Email Spam Protection, Virus Detection/Removal,10/4/2018,Secure Content Switch/godavari,5,About SSL,Secure Sockets Layer (SSL) protocol developed by Netscape Communications to ensure private and auth
6、enticated communications put into the public domain for the Internet community,10/4/2018,Secure Content Switch/godavari,6,OpenSSL,OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. Open Source toolkit implementing the Secure Socket Layer (SSL v2/v3) and Tr
7、ansport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library Important Libraries SSL The OpenSSL ssl library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols Crypto The OpenSSL crypto library implements a wid
8、e range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards,10/4/2018,Secure Content Switch/godavari,7,Comm
9、and Interface,The Openssl program is a command line tool for using the various cryptography functions of OpenSSLs crypto library from the shell. It can be used for Creation of RSA, DH and DSA key parameters Creation of X.509 certificates, and Certificate Revocation List (CRL) Calculation of Message
10、Digests o Encryption and Decryption with Ciphers SSL/TLS Client and Server Tests Handling of S/MIME signed or encrypted mail,10/4/2018,Secure Content Switch/godavari,8,Secure Content Switch(SCS),Secure content switch is a transparent proxy that can translate between encrypted and unencrypted data tr
11、ansport on socket connections.Need for secure network access and high performance e-commerce transactions require security Need high performance for better Quality of ServiceSolution: just plug in SCS between client and the server and thereby add Secure Socket Layer (SSL) support.,10/4/2018,Secure C
12、ontent Switch/godavari,9,Goal & Design of Secure Content Switch,In addition to the above, we need to be able to route requests based on content to a set of backend real servers.Design Considerations Our real Servers can be located at different places Efficiency must not be ruined Easy to understand/
13、write content switching rules. Dynamic rule update Session Reusability,10/4/2018,Secure Content Switch/godavari,10,Related Literature,1George Apostolopoulos, David Aubespin, Vinod Peris, Prashant Pradhan, Debanjan Saha, “ Design, Implementation and Performance of a Content-Based Switch”, Proc. Infoc
14、om2000, Tel Aviv, March 26 - 30, 2000, http:/www.ieee-infocom.org/2000/papers/440.ps 2 Gregory Yerxa and James Hutchinson, “Web Content Switching” , http:/. 3 “Release Notes for Cisco Content Engine Software”. http:/”.4 “Foundry ServIron Installation and Configuration Guide,” May 2000.r http:/ “Inte
15、l IXA API SDK 4.0 for Intel PA 100,” http:/ and http:/ Content Switch/godavari,11,Design of Secure Content Switch,10/4/2018,Secure Content Switch/godavari,12,Advantages of Secure Content Switch,Preferential Treatment Secure Content Switch has been developed to handle secure Content based routing of
16、Requests. e.g. high purchase requests can be routed to the fast real server Security The Secure Content Switch establishes the secure connection if the Server doesnt support HTTPS,10/4/2018,Secure Content Switch/godavari,13,Architecture of Secure Content Switch,The web browser makes a request to the
17、 secure content switch. The dispatcher module in the secure content switch forwards the request to the secure content switch child module. In the dynamic forking version of SCS the dispatcher module forks a child process. In Preforking version of SCS the dispatcher module forwards request to a free
18、child.The secure content switch child module performs the handshake with the client and reads in the request. The secure content switch child module then sends the request to the Rule module, which performs rule matching and returns the name of the server by which the request can be served.The secur
19、e content switch child forwards the request to the real server based on the routing decision,10/4/2018,Secure Content Switch/godavari,14,Dispatchermodule,Secure Content Switch Child module,Existing SSL Session,SSL Request,Decrypt Object Using SSL Session Information,Negotiate SSL Session,Send Object
20、 Information To Rule Matching Module,Retrieve Object From the Server Using Standard HTTP,Encrypt the Object Per Session Information and Send it over HTTPS to the Web Browser,Yes,Yes,No,Retrieve Server Information Rule Matching Module,Request From Web Browser to the SCS,fork (),Dynamic Forking Secure
21、 Content Switch,10/4/2018,Secure Content Switch/godavari,15,Dispatcher module,Secure Content Switch Child Process 1,Existing SSL Session,SSL Request,Decrypt Object Using SSL Session Information,Negotiate SSL Session,Send Object Information To Rule Matching Module,Retrieve Object From the Server Usin
22、g Standard HTTP,Encrypt the Object Per Session Information and Send it over HTTPS to the Web Browser,Yes,Yes,No,Retrieve Server Information Rule Matching Module,Request From Web Browser to the SCS,Prefork Secure Content Switch,Secure Content Switch Child Process 2,Secure Content Switch Child Process
23、 n,assign,assign,assign,10/4/2018,Secure Content Switch/godavari,16,E-Commerce Example: 1. Client,Client submits via HTTP/Post (or SOAP) the following purchase in XML:CCL111222333309121544IBM Thinkpad T2150001050000309121538Intel wireless LAN PC Card20010200052000 ,10/4/2018,Secure Content Switch/go
24、davari,17,E-Commerce Example: 2. Content Switch,Content switch receives the packet. Recognize it is a http post request from http request line POST /purchase.cgi HTTP/1.1 Recognize it is an XML document from the meta header content-type: TEXT/XML Parsing XML content Extract values of tag sequences:
- 1.请仔细阅读文档,确保文档完整性,对于不预览、不比对内容而直接下载带来的问题本站不予受理。
- 2.下载的文档,不会出现我们的网址水印。
- 3、该文档所得收入(下载+内容+预览)归上传者、原创作者;如果您是本文档原作者,请点此认领!既往收益都归您。
下载文档到电脑,查找使用更方便
2000 积分 0人已下载
下载 | 加入VIP,交流精品资源 |
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- THEDESIGNANDIMPLEMENTATIONOFASECURECONTENTSWITCHPPT

链接地址:http://www.mydoc123.com/p-373047.html