Security issues for multi - domain resource reservation

TitleSecurity issues for multi - domain resource reservation
Publication TypeBook Chapter
Year of Publication2011
AuthorsBouras, C, Stamos, K
Book TitleNetwork Security, Administration, and Management: Advancing Technologies and Practises
Pagination 38 - 50
PublisherIGI Global

In this chapter, we deal with the issue of security regarding components that are responsible for provisioning multi-domain network services, either automatically or through some form of administrator interaction. It is evident that a malicious compromise of such a component would have far-reaching implications for the stability of the network. Furthermore, trust between cooperating domains is a delicate issue and each partner in the multi-domain federation has to have some guarantees that peers in the service are not going to be security compromised. We enumerate some of the related dangers and propose ways to limit the attack surface, reduce the intrusion possibilities, and guarantee the quick resolution of any successful violations. The issue of security is studied in two main parts: Inter-domain security, for the communication between domains and the successful negotiation of resource reservations and intra-domain security, for the internal communications within a domain for the initiation of a resource reservation and its actual realization in the network devices. Resource reservation is studied both on the level of IP services based on Differentiated Services architectures, and on the level of dynamic circuit reservation based on Layer 2 technologies. The chapter is completed with a case study on the authentication and authorization framework designed in the context of a pan-european network resource reservation service, in the Geant academic and research network.