Article

Free access

Associating network flows with user and application information

Authors:

Ralf SteinmetzAuthors Info & Claims

MULTIMEDIA '00: Proceedings of the 2000 ACM workshops on Multimedia

Pages 149 - 152

https://doi.org/10.1145/357744.357914

Published: 04 November 2000 Publication History

PDF eReader

Abstract

The concept of authenticating users e.g. by means of a login process is very well established and there is no doubt that it is absolutely necessary and helpful in a multiuser environment. Unfortunately specific information about a user originating a data stream or receiving it, is often no longer available at the traversed network nodes. This applies to the even more specific question of what application is used as well. Routers, gateways or firewalls usually have to base their classification of data on IP header inspection or have to try to extract information from the packets payload.

We present an approach that works transparently and allows to associate user and application specific information with IP data streams by only slightly modifying components of the operating system environment and infrastructure components. On top of this framework we show usage scenarios for dedicatedly placing copyright information in media content and for an enhancement of the interoperation with the security infrastructure.

References

[1]

D. Awduche, J. Malcolm, J. Agogbua, M. O'Dell, and J. McManus. Requirements for Traffic Engineering Over MPLS. lnternet Request for Comments Nr. 2702, September 1999.]]

Digital Library

Google Scholar

[2]

D. B. Chapman. Building Internet Fircwalls. O'Reilly, Cambridge, 1995.]]

Digital Library

Google Scholar

[3]

W. R. Cheswick and S. M. Bellovin. Firewalls and Internet Security. Addison Wesley, 1994.]]

Digital Library

Google Scholar

[4]

A. Chiu. Authentication Mechanisms for ONC RPC. Internet Engineering Task Force, May 1999.]]

Digital Library

Google Scholar

[5]

S. Deering and R. Hinden. Internet Protocol, Version 6 (IPv6) Specification. Internet Request for Comments Nr. 2460, December 1998.]]

Digital Library

Google Scholar

[6]

W. Hua, J. Ohlund, and B. Butterklee. Unraveling the Mysteries of Writing a Winsock 2 Layered Service Provider.]]

Google Scholar

[7]

S. Katzenbeisser and F. (Editors). Information hiding techniques for steganography and digital watermarking. Artech House Books, 1999.]]

Digital Library

Google Scholar

[8]

S. Kent and R. Atkinson. IP Authentication Header. Internet Request for Comments Nr. 2402, November 1998.]]

Digital Library

Google Scholar

[9]

W. Stallings. SNMP and SNMPv2 - The Infrastructure for Network Management. IEEE Communications Magazine, 36(3):37-43, March 1998.]]

Digital Library

Google Scholar

[10]

SunSoft. STREAMS Programmers Guide. SunSoft, November 1995.]]

Google Scholar

Cited By

View all

Rubino REkstrom JStockman M(2008)An open system for transparent firewall authentication and user traffic identification within corporate intranetsProceedings of the 9th ACM SIGITE conference on Information technology education10.1145/1414558.1414591(113-118)Online publication date: 16-Oct-2008
https://dl.acm.org/doi/10.1145/1414558.1414591

Index Terms

Associating network flows with user and application information

Recommendations

Policy Anomaly Detection for Distributed IPv6 Firewalls
ICETE 2015: Proceedings of the 12th International Joint Conference on e-Business and Telecommunications - Volume 4

Concerning the design of a security architecture, Firewalls play a central role to secure computer networks.

Facing the migration of IPv4 to IPv6, the setup of capable firewalls and network infrastructures will be necessary.

The semantic differences ...
Early Regulation of Unresponsive Flows
Implementation of an IPv6 multicast firewall testbed

Multicasting architecture is essential for the delivery of a variety of multimedia applications. IPv6 provides a very comprehensive range of protocols to deal with this delivery mechanism. However few, if any, implementations exist for this architecture ...

Comments

Information & Contributors

Information

Published In

MULTIMEDIA '00: Proceedings of the 2000 ACM workshops on Multimedia

November 2000

248 pages

ISBN:1581133111

DOI:10.1145/357744

Chairmen:
Shahram Ghandeharizadeh
Univ. of Southern California
,
Shih-Fu Chang
Columbia Univ., New York, NY
,
Stephen Fischer
GMD-IPSI, Germany
,
Joseph Konstan
Univ. of Minnesota
,
Klara Nahrstedt
Univ. of Illinois, Urbana-Champaign

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 November 2000

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

MM00

Sponsor:

MM00: ACM Multimedia 2000

October 30 - November 3, 2000

California, Los Angeles, USA

Acceptance Rates

Overall Acceptance Rate 2,145 of 8,556 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
442
Total Downloads

Downloads (Last 12 months)37
Downloads (Last 6 weeks)3

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Rubino REkstrom JStockman M(2008)An open system for transparent firewall authentication and user traffic identification within corporate intranetsProceedings of the 9th ACM SIGITE conference on Information technology education10.1145/1414558.1414591(113-118)Online publication date: 16-Oct-2008
https://dl.acm.org/doi/10.1145/1414558.1414591

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Policy Anomaly Detection for Distributed IPv6 Firewalls

Early Regulation of Unresponsive Flows

Implementation of an IPv6 multicast firewall testbed