Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Secure communication channel mechanisms for isolated networks
Download
index.pdf
Date
2009
Author
Karadağ, Gökdeniz
Metadata
Show full item record
Item Usage Stats
246
views
93
downloads
Cite This
Current network security solutions are consisted of a single host, with network interfaces of the host connected to protected and external networks at the same time. This design ensures security by restricting traffic flow to a single point, where it can be examined and acted on by a set of rules. However, this design also has a flaw and a single point of failure, that being the vulnerabilities in the security device itself. An adversary would have unhindered access to protected networks if a vulnerability in the security device itself leads to its compromise. To prevent this possibility, high-security networks are completely isolated from external networks, by prohibiting any network connection and constituting a so-called air gap in between. But, data transfer needs do arise between external networks and high-security networks, and in current technology this problem does not have a solution without human intervention. In this theses, we propose a set of mechanisms that allows near-realtime data transfers between high-security network and external networks, without requiring any human intervention. The design consists of two hosts connected via a shared storage, transferring only application layer data between networks. This prevents attacks targeting network stacks of the security device's OS, and confines a compromised security device to the network that it is already connected to. In case of a compromise the amount of possible unwanted traffic to and from the high-security network is vastly reduced.
Subject Keywords
Computer enginnering.
,
Secure Communication.
URI
http://etd.lib.metu.edu.tr/upload/12611436/index.pdf
https://hdl.handle.net/11511/19144
Collections
Graduate School of Natural and Applied Sciences, Thesis
Suggestions
OpenMETU
Core
Performance evaluation of routing protocols in wireless ad hoc networks with service differentiation
Yılmaz, Semra; Koçyiğit, Altan; Erten, Murat; Department of Information Systems (2003)
An ad hoc network is a collection of wireless mobile nodes dynamically forming a temporary network without the use of any fixed network infrastructure or centralized administration. Due to the limitations in the wireless environment, it may be necessary for one mobile host to enlist the aid of other hosts in forwarding a packet to its destination. In order to enable communication within the network, a routing protocol is needed to discover routes between nodes. The primary goal of ad hoc network routing pro...
Machine learning algorithms for accurate flow-based network traffic classification: Evaluation and comparison
Soysal, Murat; Schmidt, Şenan Ece (Elsevier BV, 2010-06-01)
The task of network management and monitoring relies on an accurate characterization of network traffic generated by different applications and network protocols. We employ three supervised machine learning (ML) algorithms, Bayesian Networks, Decision Trees and Multilayer Perceptrons for the flow-based classification of six different types of Internet traffic including peer-to-peer (P2P) and content delivery (Akamai) traffic. The dependency of the traffic classification performance on the amount and composi...
Optimal resource allocation algorithms for efficient operation of wireless networks
Özel, Ömür; Uysal Bıyıkoğlu, Elif; Department of Electrical and Electronics Engineering (2009)
In this thesis, we analyze allocation of two separate resources in wireless networks: transmit power and buffer space. Controlled allocation of power can provide good performance for both users and the network. Although centralized mechanisms are possible, distributed power control algorithms are preferable for efficient operation of the network. Viewing distributed power allocation as the collection of rational decisions of each user, we make game theoretic problem formulations, devise distributed algorith...
Software implementations of QoS scheduling algorithms for high speed networks /
Pehlivanlı, Aydın; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2015)
The end to end Quality of Service (QoS) support for the dominating multimedia traffic in the contemporary computer networks is achieved by implementing schedulers in the routers and deploying traffic shapers. To this end, realistic modeling and simulation of these components is essential for network performance evaluation. The first contribution of this thesis is the design and implementation of a C++ simulator QueST (Quality of Service simulaTor) for this task. QueST is a modular cycle accurate simulator w...
Placement of 5G RAN Slices in Multi-tier O-RAN 5G Networks with Flexible Functional Splits
Sarikaya, Egemen; Onur, Ertan (2021-01-01)
The network slicing concept has gained much attention with the development of software-defined network and network function virtualization technologies, enabling logically isolated networks for different purposes in the same network infrastructure. The virtualization of network functions enables the functional split of radio access network functions to fulfill different 5G radio access network requirements. Functional split can be expressed as deciding the distribution of radio access network functionalitie...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
G. Karadağ, “Secure communication channel mechanisms for isolated networks,” M.S. - Master of Science, Middle East Technical University, 2009.