Secure Network Programming: Difference between revisions

Browse history interactively

Content deleted Content added

VisualWikitext

Revision as of 04:54, 21 July 2019 edit Wutherings (talk \| contribs) 28 edits ←Created page with 'Secure Network Programming (SNP) is a prototype of the first secure sockets layer, designed and built by the Networking Research Laboratory at the Universi...'		Latest revision as of 15:30, 3 August 2025 edit undo Widefox (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers, IP block exemptions, New page reviewers, Pending changes reviewers, Rollbackers 110,679 edits sep lede, layout fix
(30 intermediate revisions by 20 users not shown)
Line 1: {{Short description\|Prototype of Secure Sockets Layer}} Secure Network Programming (SNP) is a prototype of the first [[secure sockets layer]], designed and built by the Networking Research Laboratory at [[the University of Texas at Austin]], led by [[Simon S. Lam]]. This work was published in the 1994 USENIX Summer Technical conference <ref name="SNP-USENIX">{{cite journal \|last1=Woo \|first1=Thomas \|last2=Bindignavle \|first2=Raghuram \|last3=Su \|first3=Shaowen \|last4=Lam \|first4=Simon \|title=SNP: An Interface for Secure Network Programming \|journal=Proceedings USENIX Summer Technical Conference \|date=June 1994 \|url=http://www.cs.utexas.edu/users/lam/Vita/Cpapers/WBSL94.pdf \|accessdate=21 July 2019}}</ref>[0]. For this project, the authors won the 2004 [[ACM Software System Award]].▼ <!-- This page uses text copied from http://www.cs.utexas.edu/users/lam/NRL/SSL.html but that page now carries CC and GNU licences compatible with Wikipedia --> [[File:2004 ACM Software System Award Certificate.jpg\|thumb\|For inventing secure sockets in 1991 and implementing the first [[secure sockets layer]], named SNP, in 1993.]] '''Secure Network Programming''' ('''SNP''') is a prototype of the first [[Secure Sockets Layer]], designed and built in 1993 by the Networking Research Laboratory at [[the University of Texas at Austin]], led by [[Simon S. Lam]]. ==History== ▲Secure Network Programming (SNP) is a prototype of the first [[secure sockets layer]], designed and built by the Networking Research Laboratory at [[the University of Texas at Austin]], led by [[Simon S. Lam]]. This work was published in the 1994 USENIX Summer Technical ~~conference~~ Conference.<ref name="SNP-USENIX">{{cite journal \|last1=Woo \|first1=Thomas \|last2=Bindignavle \|first2=Raghuram \|last3=Su \|first3=Shaowen \|last4=Lam \|first4=Simon \|title=SNP: An Interface for Secure Network Programming \|journal=Proceedings USENIX Summer Technical Conference \|date=June 1994 \|url=http://www.cs.utexas.edu/users/lam/Vita/Cpapers/WBSL94.pdf \|accessdate=21 July 2019}}</ref>~~[0]~~<ref>{{cite web\|url=https://www.usenix.org/legacy/publications/library/proceedings/bos94/ \|title=1994 USENIX Summer Technical Conference Program, Boston, 6-10 June 1994}}</ref> For this project, the authors won the 2004 [[ACM Software System Award]]. Simon S. Lam was inducted into the Internet Hall of Fame (2023) for "inventing secure sockets in 1991 and implementing the first secure sockets layer, named SNP, in 1993."<ref>{{cite web \|url=https://cns.utexas.edu/news/accolades/computer-scientist-inducted-internet-hall-fame\|title=Simon S. Lam, Regents Chair Emeritus in Computer Science, inducted into the Internet Hall of Fame}}</ref><ref>{{cite web \| url=https://www.internethalloffame.org/inductee/simon-s-lam \|title=Simon S. Lam, 2023 Internet Hall of Fame inductee}}</ref> Our work began in 1991 as a theoretical investigation on the formal meaning of a protocol layer satisfying an upper interface specification as a service provider and a lower interface specification as a service consumer [1]. We received a grant from the National Security Agency in June 1991 to investigate how to apply our theory of modules and interfaces to security verification [2]. At that time, there were three well-known authentication systems built (MIT's Kerberos) or being developed (DEC's SPX and IBM's KryptoKnight). We recognized that all of these systems suffered from a common drawback, namely, they did not export a clean and easy-to-use interface that could be readily used by Internet applications. For example, it would take a tremendous amount of effort to “kerberize” an existing distributed application.▼ This work began in 1991 as a theoretical investigation by the Networking Research Laboratory on the formal meaning of a protocol layer satisfying an upper interface specification as a service provider and a lower interface specification as a service consumer.<ref>{{cite journal \|last1=Lam \|first1=Simon \|last2=Shankar \|first2=Udaya \|title=A Theory of Interfaces and Modules I — Composition Theorem \|journal=IEEE Transactions on Software Engineering \|date=January 1994 \|volume=20 \|pages=55–71 \|doi=10.1109/32.263755 \|url=https://dl.acm.org/citation.cfm?id=631099 \|accessdate=21 July 2019\|url-access=subscription }}</ref> A case study of adding a security layer between the application and [[network layer]]s was presented.<ref>{{cite book \|last1=Lam \|first1=Simon \|last2=Shankar \|first2=Udaya\|last3=Woo \|first3=Thomas \|title=Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy \|chapter=Applying a theory of modules and interfaces to security verification \|date=May 1991 \|chapter-url=https://www.cs.utexas.edu/users/lam/Vita/IEEE/LSW91.pdf \| pages=136–154\|doi=10.1109/RISP.1991.130782 \|isbn=0-8186-2168-0 \|s2cid=18581606 \| access-date=5 January 2021}}</ref> ▲~~Our~~The ~~work~~Networking ~~began~~Research inLaboratory ~~1991 as~~received a ~~theoretical~~grant ~~investigation on~~from the ~~formal~~National ~~meaning~~Security ofAgency ain ~~protocol~~June ~~layer~~1991 ~~satisfying~~to aninvestigate ~~upper~~how ~~interface~~to ~~specification~~apply astheir atheory ~~service~~of ~~provider~~modules and ainterfaces ~~lower~~to ~~interface~~security ~~specification~~verification.<ref>Simon asS. aLam ~~service~~(PI/PD), ~~consumer~~"Applying ~~[1].~~a WeTheory ~~received~~of aModules ~~grant~~and ~~from~~Interfaces ~~the National~~to Security ~~Agency~~Verification", inNSA ~~June~~INFOSEC ~~1991~~University toResearch ~~investigate~~Program ~~how~~grant tono. ~~apply~~MDA ~~our~~904-91-C-7046, ~~theory of modules and interfaces~~6/28/91 to ~~security verification [2]~~6/27/93. </ref> At that time, there were three well-known authentication systems built (MIT's [[Kerberos (protocol)\|Kerberos]]) or being developed (DEC's SPX and IBM's KryptoKnight). ~~We recognized that all~~All of these systems suffered from a common drawback,; namely, they did not export a clean and easy-to-use interface that could be readily used by Internet applications. For example, it would take a tremendous amount of effort to ~~“kerberize”~~"kerberize" an existing distributed application. Toward the goal of "secure network programming for the masses," we conceived secure sockets as a high-level abstraction suitable for securing Internet applications. In 1993, we designed and built a prototype of SNP. Designed as an application sublayer on top of sockets, SNP provides a user interface closely resembling sockets. This resemblance was by design so that security could be retrofitted into existing socket programs with only minor modifications. Also, with such a sublayer carefully designed and its implementation thoroughly debugged, it can be easily used by any Internet application that uses sockets for end-to-end communications. This is a natural idea in hindsight but, in 1993, it was novel and a major departure from mainstream network security research at that time.▼ ▲Toward the goal of "secure network programming for the masses,", wethe inventors of SNP conceived secure sockets as a high-level abstraction suitable for securing Internet applications. In 1993, wethey designed and built a prototype of SNP. Designed as an application sublayer on top of sockets, SNP provides a user interface closely resembling sockets. This resemblance was by design so that security could be retrofitted into existing socket programs with only minor modifications. Also, with such a sublayer carefully designed and its implementation thoroughly debugged, it can be easily used by any Internet application that uses sockets for end-to-end communications. This is a natural idea in hindsight but, in 1993, it was novel and a major departure from mainstream network security research at that time. SNP's secure sockets support both stream and datagram semantics with security guarantees (i.e., [[data origin authenticity]], data destination authenticity, [[data integrity]], and data confidentiality).) Many of the ideas and design choices in SNP can be found in subsequent secure sockets layers, including: placing authenticated communication endpoints in the [[application layer]], use of [[public -key cryptography]] for authentication, a handshake protocol for establishing session state including a [[shared secret]], use of [[symmetric -key cryptography]] for data confidentiality, and managing contexts and credentials in the secure sockets layer. ~~We articulated the case for secure sockets in a~~The paper presented on June 8, 1994 at the USENIX Summer Technical Conference<ref ~~[0].~~name="SNP-USENIX" /> Weincludes ~~also presented our~~the system design together with performance measurement results from ~~our~~the prototype implementation to clearly demonstrate the practicality of a secure sockets layer.▼ WeSNP ~~invented~~pioneered secure sockets for Internet applications in general, independently and concurrently with the design and development of the [[HTTP]] protocol for the [[world-wide web]] which was still in its infancy in 1993. Subsequent secure ~~sockets~~socket layers (SSL by [[Netscape]] and [[Transport Layer Security\|TLS]] by [[IETF]]), ~~re-~~implemented several years later using the architecture and key ideas first presented in SNP, enabled secure e-commerce between browsers and servers. ~~(Netscape was founded as a company on April 4, 1994 to develop a browser.)~~ Today, many other Internet applications (including [[email]]) use [[HTTPS]], which consists of HTTP running over a secure sockets layer.▼ ▲We articulated the case for secure sockets in a paper presented on June 8, 1994 at the USENIX Summer Technical Conference [0]. We also presented our system design together with performance measurement results from our prototype implementation to clearly demonstrate the practicality of a secure sockets layer. == References == {{Dual \|source=Networking Research Laboratory \|sourcepath=https://www.cs.utexas.edu/users/lam/NRL/SSL.html \|sourcearticle=A brief history of the first secure sockets layer \|date=2023-05-10}} {{reflist}} [[Category:Transport Layer Security]] ▲We invented secure sockets for Internet applications in general, independently and concurrently with the design and development of the HTTP protocol for the world-wide web which was still in its infancy in 1993. Subsequent secure sockets layers (SSL by Netscape and TLS by IETF), re-implemented several years later using key ideas first presented in SNP, enabled secure e-commerce between browsers and servers. (Netscape was founded as a company on April 4, 1994 to develop a browser.) Today, many Internet applications (including email) use HTTPS which consists of HTTP running over a secure sockets layer. [[Category:Internet security]]