CODO: firewall traversal by cooperative on-demand opening

Authors:
Sechang Son;B. Allcock;M. Livny
Affiliations:
Comput. Sci. Dept., Wisconsin Univ., Madison, WI, USA;San Diego Supercomput. Center, CA, USA;San Diego Supercomput. Center, CA, USA
Venue:
HPDC '05 Proceedings of the High Performance Distributed Computing, 2005. HPDC-14. Proceedings. 14th IEEE International Symposium
Year:
2005

Citing 0
Cited 7

Transparent network services via a virtual traffic layer for virtual machines

Proceedings of the 16th international symposium on High performance distributed computing
A Reliable and Fast Data Transfer for Grid Systems Using a Dynamic Firewall Configuration

Euro-Par 2008 Workshops - Parallel Processing
Optimizing tunneled grid connectivity across firewalls

AusGrid '09 Proceedings of the Seventh Australasian Symposium on Grid Computing and e-Research - Volume 99
IP over P2P: enabling self-configuring virtual IP networks for grid computing

IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
A virtual network (ViNe) architecture for grid computing

IPDPS'06 Proceedings of the 20th international conference on Parallel and distributed processing
Private virtual cluster: infrastructure and protocol for instant grids

Euro-Par'06 Proceedings of the 12th international conference on Parallel Processing
Maintaining high performance communication under least privilege using dynamic perimeter control

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Firewalls and network address translators (NATs) cause significant connectivity problems along with benefits such as network protection and easy address planning. Connectivity problems make nodes separated by a firewall/NAT unable to communicate with each other. Due to the bidirectional and multi-organizational nature of grids, they are particularly susceptible to connectivity problems. These problems make collaboration difficult or impossible and cause resources to be wasted. This paper presents a system, called CODO, which provides applications end-to-end connectivity over firewalls/NATs in a secure way. CODO allows applications authorized through strong security mechanisms to traverse firewalls/NATs, while blocking unauthorized applications. This paper also formalizes the firewall/NAT traversal problem and clarifies how a traversal system fits in the overall security policy enforcement by a firewall/NAT.