The official PGP user's guide
IPNL: A NAT-extended internet architecture
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Controlling high bandwidth aggregates in the network
ACM SIGCOMM Computer Communication Review
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Internet indirection infrastructure
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
A Waypoint Service Approach to Connect Heterogeneous Internet Address Spaces
Proceedings of the General Track: 2002 USENIX Annual Technical Conference
Defending Against Denial-of-Service Attacks with Puzzle Auctions
SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
A delay-tolerant network architecture for challenged internets
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Plutarch: an argument for network pluralism
FDNA '03 Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
The design and implementation of a next generation name service for the internet
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
A DoS-limiting network architecture
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
Universal IP multicast delivery
Computer Networks: The International Journal of Computer and Telecommunications Networking - Overlay distribution structures and their applications
An edge-to-edge filtering architecture against DoS
ACM SIGCOMM Computer Communication Review
Active internet traffic filtering: real-time response to denial-of-service attacks
ATEC '05 Proceedings of the annual conference on USENIX Annual Technical Conference
Characterization and measurement of TCP traversal through NATs and firewalls
IMC '05 Proceedings of the 5th ACM SIGCOMM conference on Internet Measurement
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
Middleboxes no longer considered harmful
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
An architecture for content routing support in the internet
USITS'01 Proceedings of the 3rd conference on USENIX Symposium on Internet Technologies and Systems - Volume 3
Mayday: distributed filtering for internet services
USITS'03 Proceedings of the 4th conference on USENIX Symposium on Internet Technologies and Systems - Volume 4
OASIS: anycast for any service
NSDI'06 Proceedings of the 3rd conference on Networked Systems Design & Implementation - Volume 3
A data-oriented (and beyond) network architecture
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
Persistent personal names for globally connected mobile devices
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
CAPTCHA: using hard AI problems for security
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Identity trail: covert surveillance using DNS
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
A case for end system multicast
IEEE Journal on Selected Areas in Communications
A data-oriented (and beyond) network architecture
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
M2: using visible middleboxes to serve pro-active mobile-hosts
Proceedings of the 3rd international workshop on Mobility in the evolving internet architecture
Implementation of end-to-end abstractions in a network service architecture
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Identity trail: covert surveillance using DNS
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
HotOS'09 Proceedings of the 12th conference on Hot topics in operating systems
HTTP as the narrow waist of the future internet
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
Building extensible networks with rule-based forwarding
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
ETTM: a scalable fault tolerant network manager
Proceedings of the 8th USENIX conference on Networked systems design and implementation
Verifying and enforcing network paths with icing
Proceedings of the Seventh COnference on emerging Networking EXperiments and Technologies
Architecting for edge diversity: supporting rich services over an unbundled transport
Proceedings of the 8th international conference on Emerging networking experiments and technologies
Evolving the internet with connection acrobatics
Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization
Hi-index | 0.00 |
The current model for flow establishment in the Internet: DNS Names, IP addresses, and transport ports, is inadequate. Not all of the problem is due to the small IPv4 address space and resulting NAT boxes. Even where global addresses exist, firewalls cannot glean enough information about a flow from packet headers, and so often err, typically by being over-conservative: disallowing flows that might otherwise be allowed. This paper presents a novel architecture, protocol design, and implementation, for flow establishment in the Internet. The architecture, called NUTSS, takes into account the combined policies of endpoints and network providers. While NUTSS borrows liberally from other proposals (URI-like naming, signaling to manage ephemeral IPv4 or IPv6 data flows), NUTSS is unique in that it couples overlay signaling with data-path signaling. NUTSS requires no changes to existing protocol stacks, and combined with recent NAT traversal techniques, works with IPv4 and existing NAT/firewalls. This paper describes NUTSS and shows how it satisfies a wide range of "end-middle-end"network requirements, including access control, middlebox steering, multi-homing, mobility, and protocol negotiation.