References of "Yu, Jiangshan 50025837"
     in
Bookmark and Share    
Full Text
See detailANCHOR: logically-centralized security for Software-Defined Networks
Kreutz, Diego UL; Yu, Jiangshan UL; Ramos, Fernando M. V. et al

E-print/Working paper (2019)

Software-de ned networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this ... [more ▼]

Software-de ned networking (SDN) decouples the control and data planes of traditional networks, logically centralizing the functional properties of the network in the SDN controller. While this centralization brought advantages such as a faster pace of innovation, it also disrupted some of the natural defenses of traditional architectures against di erent threats. The literature on SDN has mostly been concerned with the functional side, despite some speci c works concerning non-functional properties like ‘security’ or ‘dependability’. Though addressing the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to e ciency and e ectiveness problems. We claim that the enforcement of non-functional properties as a pillar of SDN robustness calls for a systemic approach. We further advocate, for its materialization, the re-iteration of the successful formula behind SDN – ‘logical centralization’. As a general concept, we propose anchor, a subsystem architecture that promotes the logical centralization of non-functional properties. To show the e ectiveness of the concept, we focus on ‘security’ in this paper: we identify the current security gaps in SDNs and we populate the architecture middleware with the appropriate security mechanisms, in a global and consistent manner. anchor sets to provide essential security mechanisms such as strong entropy, resilient pseudo-random generators, secure device registration and association, among other crucial services. We claim and justify in the paper that centralizing such mechanisms is key for their e ectiveness, by allowing us to: de ne and enforce global policies for those properties; reduce the complexity of controllers and forwarding devices; ensure higher levels of robustness for critical services; foster interoperability of the non-functional property enforcement mechanisms; and nally, better foster the resilience of the architecture itself. We discuss design and implementation aspects, and we prove and evaluate our algorithms and mechanisms. [less ▲]

Detailed reference viewed: 174 (40 UL)
Full Text
Peer Reviewed
See detailThe KISS principle in Software-Defined Networking: a framework for secure communications
Kreutz, Diego UL; Yu, Jiangshan UL; Verissimo, Paulo UL et al

in IEEE Security & Privacy Magazine (2018), 16(05), 60-70

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the ... [more ▼]

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of their support infrastructure. To address these challenges we propose KISS, a secure SDN control plane communications architecture that includes innovative solutions in the context of key distribution and secure channel support. Core to our contribution is the integrated device verification value (iDVV), a deterministic but indistinguishable-from-random secret code generation protocol that allows local but synchronized generation/verification of keys at both ends of the control channel, even on a per-message basis. We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. [less ▲]

Detailed reference viewed: 193 (25 UL)
Full Text
Peer Reviewed
See detailRevisiting Network-Level Attacks on Blockchain Network
Cao, Tong UL; Yu, Jiangshan UL; Decouchant, Jérémie UL et al

Scientific Conference (2018, June 25)

Many attacks presented on Bitcoin are facilitated by its real world implementation, which is rather centralized. In addition, communications between Bitcoin nodes are not encrypted, which can be explored ... [more ▼]

Many attacks presented on Bitcoin are facilitated by its real world implementation, which is rather centralized. In addition, communications between Bitcoin nodes are not encrypted, which can be explored by an attacker to launch attacks. In this paper, we give a brief overview of possible routing attacks on Bitcoin. As future work, we will identify possible central points in the Bitcoin network, evaluate potential attacks on it, and propose solutions to mitigate the identified issues. [less ▲]

Detailed reference viewed: 218 (16 UL)
Full Text
Peer Reviewed
See detailDECIM: Detecting Endpoint Compromise In Messaging
Yu, Jiangshan UL; Ryan, Mark; Cremers, Cas

in IEEE Transactions on Information Forensics & Security (2018)

Detailed reference viewed: 361 (62 UL)
Full Text
Peer Reviewed
See detailPermanent Reencryption: How to Survive Generations of Cryptanalysts to Come
Volp, Marcus UL; Rocha, Francisco; Decouchant, Jérémie UL et al

in Twenty-fifth International Workshop on Security Protocols (2017)

Detailed reference viewed: 276 (25 UL)
Full Text
Peer Reviewed
See detailAutomatically Detecting the Misuse of Secrets: Foundations, Design Principles, and Applications
Milner, Kevin; Cremers, Cas; Yu, Jiangshan UL et al

in 30th IEEE Computer Security Foundations Symposium (2017)

Detailed reference viewed: 136 (14 UL)
Full Text
Peer Reviewed
See detailAuthenticating compromisable storage systems
Yu, Jiangshan UL; Ryan, Mark; Chen, Liqun

in The 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (2017)

Detailed reference viewed: 106 (8 UL)
Full Text
Peer Reviewed
See detailChapter 7: Evaluating web PKIs
Yu, Jiangshan UL; Ryan, Mark

in Software Architecture for Big Data and the Cloud, 1st Edition, Chapter 7, June 2017. (2017)

Detailed reference viewed: 59 (8 UL)
Full Text
Peer Reviewed
See detailDTKI: A New Formalized PKI with Verifiable Trusted Parties
Yu, Jiangshan UL; Cheval, Vincent; Ryan, Mark

in Computer Journal (2016), 59(11), 1695--1713

Detailed reference viewed: 122 (14 UL)
Full Text
Peer Reviewed
See detailDevice Attacker Models: Fact and Fiction
Yu, Jiangshan UL; Ryan, Mark Dermot

in Security Protocols XXIII - 23rd International Workshop, Cambridge UK, March 31 - April 2, 2015, Revised Selected Papers (2015)

Detailed reference viewed: 159 (13 UL)
Full Text
Peer Reviewed
See detailAn Efficient Generic Framework for Three-Factor Authentication With Provably Secure Instantiation
Yu, Jiangshan UL; Wang, Guilin; Mu, Yi et al

in IEEE Transactions on Information Forensics and Security (2014), 9(12), 2302--2313

Detailed reference viewed: 120 (0 UL)
Full Text
Peer Reviewed
See detailSecurity Analysis of a Single Sign-On Mechanism for Distributed Computer Networks
Wang, Guilin; Yu, Jiangshan UL; Xie, Qi

in IEEE Transactions on Industrial Informatics (2013), 9(1), 294--302

Detailed reference viewed: 134 (0 UL)
Full Text
Peer Reviewed
See detailProvably Secure Single Sign-on Scheme in Distributed Systems and Networks
Yu, Jiangshan UL; Wang, Guilin; Mu, Yi

in 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2012, Liverpool, United Kingdom, June 25-27, 2012 (2012)

Detailed reference viewed: 144 (0 UL)