CODO:通过协作的按需打开来遍历防火墙

HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005. Pub Date : 2005-07-24 DOI:10.1109/HPDC.2005.1520965

Se-Chang Son, W. Allcock, M. Livny

{"title":"CODO:通过协作的按需打开来遍历防火墙","authors":"Se-Chang Son, W. Allcock, M. Livny","doi":"10.1109/HPDC.2005.1520965","DOIUrl":null,"url":null,"abstract":"Firewalls and network address translators (NATs) cause significant connectivity problems along with benefits such as network protection and easy address planning. Connectivity problems make nodes separated by a firewall/NAT unable to communicate with each other. Due to the bidirectional and multi-organizational nature of grids, they are particularly susceptible to connectivity problems. These problems make collaboration difficult or impossible and cause resources to be wasted. This paper presents a system, called CODO, which provides applications end-to-end connectivity over firewalls/NATs in a secure way. CODO allows applications authorized through strong security mechanisms to traverse firewalls/NATs, while blocking unauthorized applications. This paper also formalizes the firewall/NAT traversal problem and clarifies how a traversal system fits in the overall security policy enforcement by a firewall/NAT.","PeriodicalId":120564,"journal":{"name":"HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005.","volume":"161 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-07-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"29","resultStr":"{\"title\":\"CODO: firewall traversal by cooperative on-demand opening\",\"authors\":\"Se-Chang Son, W. Allcock, M. Livny\",\"doi\":\"10.1109/HPDC.2005.1520965\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Firewalls and network address translators (NATs) cause significant connectivity problems along with benefits such as network protection and easy address planning. Connectivity problems make nodes separated by a firewall/NAT unable to communicate with each other. Due to the bidirectional and multi-organizational nature of grids, they are particularly susceptible to connectivity problems. These problems make collaboration difficult or impossible and cause resources to be wasted. This paper presents a system, called CODO, which provides applications end-to-end connectivity over firewalls/NATs in a secure way. CODO allows applications authorized through strong security mechanisms to traverse firewalls/NATs, while blocking unauthorized applications. This paper also formalizes the firewall/NAT traversal problem and clarifies how a traversal system fits in the overall security policy enforcement by a firewall/NAT.\",\"PeriodicalId\":120564,\"journal\":{\"name\":\"HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005.\",\"volume\":\"161 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2005-07-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"29\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HPDC.2005.1520965\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HPDC.2005.1520965","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 29

摘要

防火墙和网络地址转换器(nat)会导致严重的连接问题，同时也会带来网络保护和简单的地址规划等好处。连通性问题使被防火墙/NAT分隔的节点无法相互通信。由于网格的双向和多组织特性，它们特别容易受到连接问题的影响。这些问题使协作变得困难或不可能，并导致资源浪费。本文提出了一个名为CODO的系统，它以一种安全的方式在防火墙/ nat上为应用程序提供端到端连接。CODO允许通过强大安全机制授权的应用程序穿越防火墙/ nat，同时阻止未经授权的应用程序。本文还形式化了防火墙/NAT穿越问题，并阐明了穿越系统如何适应防火墙/NAT实施的整体安全策略。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

CODO: firewall traversal by cooperative on-demand opening

Firewalls and network address translators (NATs) cause significant connectivity problems along with benefits such as network protection and easy address planning. Connectivity problems make nodes separated by a firewall/NAT unable to communicate with each other. Due to the bidirectional and multi-organizational nature of grids, they are particularly susceptible to connectivity problems. These problems make collaboration difficult or impossible and cause resources to be wasted. This paper presents a system, called CODO, which provides applications end-to-end connectivity over firewalls/NATs in a secure way. CODO allows applications authorized through strong security mechanisms to traverse firewalls/NATs, while blocking unauthorized applications. This paper also formalizes the firewall/NAT traversal problem and clarifies how a traversal system fits in the overall security policy enforcement by a firewall/NAT.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

HPDC-14. Proceedings. 14th IEEE International Symposium on High Performance Distributed Computing, 2005.

自引率

0.00%

发文量