This project aims to develop a clean-slate Internet architecture where protection from malicious network-based attacks is a fundamental design goal. This goal is to be achieved by requiring all traffic to explicitly signal its origin as well as intent to the network at the very outset.
Using this as a guiding principle, the principal investigators plan to develop tailor-made security architectures for private networks (e.g., enterprises) which often enforce tight controls on who can communicate with whom, as well as for public servers (e.g., e-commerce sites) which are more "open" and desire to be globally visible. The proposed solution for private networks requires all network-wide policies to be specified at a single location called the domain controller. If the policy allows it, the domain controller grants explicit permission for users to communicate. In contrast, this solution for the public setting argues for modifications to end-host APIs to allow end-hosts to signal their intent to the wide-area Internet and to other public servers.
Broader Impact: The research will culminate in a prototype security architecture for private networks and a comprehensive blue-print of security mechanisms for public services. This approach in either case is radical, and represents a substantial intellectual departure from existing thinking.
