Content deleted Content added
Wutherings (talk | contribs) No edit summary |
Wutherings (talk | contribs) No edit summary |
||
Line 1:
Secure Network Programming (SNP) is a prototype of the first [[secure sockets layer]], designed and built by the Networking Research Laboratory at [[the University of Texas at Austin]], led by [[Simon S. Lam]]. This work was published in the 1994 USENIX Summer Technical conference <ref name="SNP-USENIX">{{cite journal |last1=Woo |first1=Thomas |last2=Bindignavle |first2=Raghuram |last3=Su |first3=Shaowen |last4=Lam |first4=Simon |title=SNP: An Interface for Secure Network Programming |journal=Proceedings USENIX Summer Technical Conference |date=June 1994 |url=http://www.cs.utexas.edu/users/lam/Vita/Cpapers/WBSL94.pdf |accessdate=21 July 2019}}</ref>. For this project, the authors won the 2004 [[ACM Software System Award]].
This work began in 1991 as a theoretical investigation by the Networking Research Laboratory on the formal meaning of a protocol layer satisfying an upper interface specification as a service provider and a lower interface specification as a service consumer <ref>{{cite journal |last1=Lam |first1=Simon |last2=Shankar |first2=Udaya |title=A Theory of Interfaces and Modules I — Composition Theorem |journal=IEEE Transactions on Software Engineering |date=January 1994 |volume=20 |url=https://dl.acm.org/citation.cfm?id=631099 |accessdate=21 July 2019}}</ref>. The Networking Research Laboratory received a grant from the National Security Agency in June 1991 to investigate how to apply our theory of modules and interfaces to security verification <ref>{{cite web | title=A brief history of the first secure sockets layer |url=http://www.cs.utexas.edu/users/lam/NRL/SSL.html |accessdate=21 July 2019}}</ref>. At that time, there were three well-known authentication systems built (MIT's [[Kerberos_(protocol)|Kerberos]]) or being developed (DEC's SPX and IBM's KryptoKnight). All of these systems suffered from a common drawback, namely, they did not export a clean and easy-to-use interface that could be readily used by Internet applications. For example, it would take a tremendous amount of effort to “kerberize” an existing distributed application.
Toward the goal of "secure network programming for the masses," the inventors of SNP conceived secure sockets as a high-level abstraction suitable for securing Internet applications. In 1993, they designed and built a prototype of SNP. Designed as an application sublayer on top of sockets, SNP provides a user interface closely resembling sockets. This resemblance was by design so that security could be retrofitted into existing socket programs with only minor modifications. Also, with such a sublayer carefully designed and its implementation thoroughly debugged, it can be easily used by any Internet application that uses sockets for end-to-end communications. This is a natural idea in hindsight but, in 1993, it was novel and a major departure from mainstream network security research at that time.
| |||