Upload

Loading...

Ana Kukec: Native SeND kernel API for *BSD

1,219

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Uploaded on Apr 29, 2010

AsiaBSDCon 2010 paper session.

Abstract: In the legacy world of Internet Protocol Version 4 (IPv4), the link layer protocol, the Address Resolution protocol (ARP) is known to be vulnerable to spoofing attacks, but has nevertheless been in use entirely unsecured. The Neighbor Discovery Protocol (NDP), which in the IPv6 world roughly corresponds to IPv4 ARP, is vulnerable to a similar set of threats if not secured. The Secure Neighbor Discovery (SeND) extensions counter security threats to NDP by offering proof of address ownership, message protection, and router authorization. The current lack of robust support for SeND within BSD operating system family and drawbacks in the existing reference SeND implementation limits its deployment. We illustrate the protocol enhancements and their implemenation by rehashing the known problem scenarios with unsecured NDP and providing the short information about SeND. We then describe the design and implementation of a new, BSD licensed, kernel-userspace API for SeND, which mitigates the overhead associated with the reference implementation in FreeBSD, and which aims to improve portability to other BSD-derived operating systems.

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up Next


Sign in to add this to Watch Later

Add to