9/26/2001Godavari Thesis Proposal SSL Proxy1 The Design and Implementation of a SSL Proxy for Content Switch Thesis Proposal by Ganesh Kumar Godavari Department.

Slides:

Advertisements

Similar presentations

Welcome to Middleware Joseph Amrithraj

Advertisements

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

Design of Web Interface for Advanced Content Switch Thesis proposal by Jayant Patil Department of Computer Science Univ. of Colorado at Colorado Springs.

The Application Layer Chapter 7. Electronic Mail Architecture and Services The User Agent Message Formats Message Transfer Final Delivery.

Cornell CS502 Web Basics and Protocols CS 502 – Carl Lagoze Acks to McCracken Syracuse Univ.

Computer Network Architecture and Programming

Network Analyzer Example

NPCSlli 1 DESIGN AND IMPLEMENTATION OF CONTENT SWITCH ON IXP1200EB Presenter: Longhua Li Committee Members: Dr. C. Edward Chow Dr. Jugal K. Kalita Dr.

The Design and Implementation of a SSL Proxy For Content Switch Thesis Proposal by Ganesh Kumar Godavari Department of Computer Science Univ. of Colorado.

Chapter 22 Web Hosting and Internet Servers Xuanxuan Su.

Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.

IT 210 The Internet & World Wide Web introduction.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .

Human-Computer Interface Course 5. ISPs and Internet connection.

1 HTML and CGI Scripting CSC8304 – Computing Environments for Bioinformatics - Lecture 10.

Internet-Based Client Access

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.

CP476 Internet Computing Lecture 5 : HTTP, WWW and URL 1 Lecture 5. WWW, HTTP and URL Objective: to review the concepts of WWW to understand how HTTP works.

1 Computer Communication & Networks Lecture 28 Application Layer: HTTP & WWW p Waleed Ejaz

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

Tools for Web Applications. Overview of TCP/IP Link Layer Network Layer Transport Layer Application Layer.

Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)

NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholder to insert your own image. WEB.

1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.

Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

1 Apache and Virtual Sites and SSL Dorcas Muthoni.

Firewalls Nathan Long Computer Science 481. What is a firewall? A firewall is a system or group of systems that enforces an access control policy between.

OWL Jan How Websites Work. “The Internet” vs. “The Web”?

Network Security Essentials Chapter 5

Network Security: Lab#3 Transport-Level Security Tools J. H. Wang May 12, 2011.

Remote Access Using Citrix Presentation Server December 6, 2006 Matthew Granger IT665.

1 Welcome to CSC 301 Web Programming Charles Frank.

Web Client-Server Server Client Hypertext link TCP port 80.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

1 OSI and TCP/IP Models. 2 TCP/IP Encapsulation (Packet) (Frame)

1 Chapters 2 & 3 Computer Networking Review – The TCP/IP Protocol Architecture.

Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Network and Internet Security Prepared by Dr. Lamiaa Elshenawy

COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.

JavaScript and Ajax (Internet Background) Week 1 Web site:

1 Review – The Internet’s Protocol Architecture. Protocols, Internetworking & the Internet 2 Introduction Internet standards Internet standards Layered.

Chapter 6.  Internet and characteristics of Internet.  Various Internet protocols  Static IP addressing and Dynamic IP addressing Prepared by Saher.

Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.

Cryptography CSS 329 Lecture 13:SSL.

1 © 1999, Cisco Systems, Inc. 1293_07F9_c1 LocalDirector Version3.1.

Advanced Network Labs & Remote Network Agent

WWW and HTTP King Fahd University of Petroleum & Minerals

Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.

JavaScript and Ajax (Internet Background)

Distributed Systems.

Network Architecture Layered system with alternative abstractions available at a given layer.

CNIT 131 Internet Basics & Beginning HTML

Server Concepts Dr. Charles W. Kann.

Using MIS 2e Chapter 6 Appendix

Cryptography and Network Security Chapter 16

Client-Server Interaction

The Design and Implementation of a Secure Content Switch

TASK 4 Guideline.

The Internet and HTTP and DNS Examples

Computer Communication & Networks

Multimedia and Networks

TCP/IP Protocol Suite: Review

2019/1/1 High Performance Intrusion Detection Using HTTP-Based Payload Aggregation 2017 IEEE 42nd Conference on Local Computer Networks (LCN) Author: Felix.

Lecture 3: Secure Network Architecture

Web Servers (IIS and Apache)

Network Basics and Architectures Neil Tang 09/05/2008

Presentation transcript:

9/26/2001Godavari Thesis Proposal SSL Proxy1 The Design and Implementation of a SSL Proxy for Content Switch Thesis Proposal by Ganesh Kumar Godavari Department of Computer Science Univ. of Colorado at Colorado Springs

9/26/2001Godavari Thesis Proposal SSL Proxy2 What is a SSL Proxy?

9/26/2001Godavari Thesis Proposal SSL Proxy3 Where is SSL in OSI Network Layer Model? TCP

9/26/2001Godavari Thesis Proposal SSL Proxy4 IXP12EB Setup in Lab The board includes Intel IXP1200 network processor With VxWork Realtime Embedded OS and WindRiver IDE SSL proxy will be developed on this network processor.

9/26/2001Godavari Thesis Proposal SSL Proxy5 Goal of my Thesis Goal: Design efficient SSL Proxy that can –Handle Multiple SSL Requests –Handle session reusability –Handle Keep-Alive sessions and understand the porting issues to VxWork on IXP12EB. HTTPS is very slow compared to HTTP, so designing and implementing an efficient proxy will be challenging. SSL proxy will be making routing decisions based on a set of user-defined rules, and the IP address, TCP port number, URL, HTTP headers, and the values of XML tags of the requests. Deliverables –Design documentation for the SSL Proxy. –Source code for implementing the SSL Proxy on Linux and IXP 12EB –Working prototypes and their performance analysis.

9/26/2001Godavari Thesis Proposal SSL Proxy6 Thesis Plan Work done Till-Date –Designed a concurrent SSL Proxy using OpenSSL and dynamic forking in Linux for handling multiple SSL requests –Studied and analyzed how session reusability can be achieved Next 2 week –Study and analyze how keep-alive sessions can be maintained –Study and analyze how to achieve preforking. –Compare the performance of preforking and dynamic forking versions Next 2 weeks –Port OpenSSL to VxWorks –Compare networking support between Linux and VxWorks Next 3 weeks –Port SSL Proxy to IXP network Processor –Compare performance of SSL Proxy on Linux and IXP-12EB

9/26/2001Godavari Thesis Proposal SSL Proxy7 Questions/Comments ??

9/26/2001Godavari Thesis Proposal SSL Proxy8 References [1] OpenSSL: The Open Source toolkit for SSL/TLS ( [2] SSL and TLS, by Eric Rescorla [3] SSL and TLS Essentials, by Stephen Thomas [4] mod_ssl: The Apache Interface to OpenSSL ( [5] HTTP Over TLS ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-https-02.txt The specification on how to run HTTP over SSL/TLS [6] Tunneling TCP based protocols through Web proxy servers The specification for the HTTP CONNECT method [7] Analysis of SSL 3.0 Protocol D. Wagner and B. Schneier's USENIX analysis of SSLv3 [8] HyperText Transfer Protocol (HTTP), Version 1.1 (Internet Draft) The application layer protocol Apache+mod_ssl uses over SSL/TLS [9] HyperText Transfer Protocol (HTTP), Version 1.0 (RFC 1945) The application layer protocol Apache + mod_ssl uses over SSL/TLS

9/26/2001Godavari Thesis Proposal SSL Proxy9 References [10] Intel® IXA (Internet Exchange Architecture), [11] WindRiver Tornado Development Tools, [12] Tornado User’s Guide (Windows Version) 2.0 [13] WindRiver VxWorks, Intel®, IXP-1200, IXP-12EB is the registered Trademarks of Intel Corporation Tornado, VxWorks is the registered Trademarks of Wind River Systems, Inc Linux, Apache, Openssl protected under the GNU General Public License