Revision as of 07:53, 24 August 2018 edit Hayazin (talk \| contribs) 308 edits →Introduction ← Previous edit		Revision as of 16:46, 5 September 2018 edit undo 2001:4898:8010:0:2046:dc4:2470:56d3 (talk) →Security Next edit →
Line 105: [[File:RINA-sec.png\|thumb\|350px\|Figure 6. Placement of security functions in the RINA architecture.]] '''Resiliency to data transport attacks'''. IPCP (node) addresses are internal to a DIF and not exposed to applications, data connections are dynamically assigned connection-endpoint ids (CEP-ids) that are bound to dynamically assigned ports. ~~Bodappati~~Boddapati et al.<ref>G. Boddapati, J. Day, I. Matta, L. Chitkushev, "Assessing the security of a clean-slate Internet architecture," Network Protocols (ICNP), 2012 20th IEEE International Conference on , vol., no., pp.1,6, Oct. 30 2012-Nov. 2 2012</ref> showed that due to this decoupling of transport port allocation and access control from data synchronization and transfer RINA was much more resilient than TCP/IP to transport-level attacks such as port-scanning, connection opening or data-transfer. '''DIFs are securable containers, no firewalls are necessary'''. Small et al.<ref>J. Small, J. Day, L. Chitkushev, “Threat analysis of Recursive Inter-Network Architecture Distributed Inter-Process Communication Facilities”. Boston University Technical Note.</ref> performed a threat analysis at the RINA architecture level, concluding that DIFs are securable containers. That is, if proper authentication, authorization, confidentiality, integrity protection and auditing policies are put in place (as identified in section 2.1) a DIF is a structure used to transport data that can be made to be not subject to threat. No external tools such as firewalls are required.

Recursive Internetwork Architecture: Difference between revisions