Title :
CODO: firewall traversal by cooperative on-demand opening
Author :
Son, Sechang ; Allcock, Bill ; Livny, Miron
Author_Institution :
Comput. Sci. Dept., Wisconsin Univ., Madison, WI, USA
Abstract :
Firewalls and network address translators (NATs) cause significant connectivity problems along with benefits such as network protection and easy address planning. Connectivity problems make nodes separated by a firewall/NAT unable to communicate with each other. Due to the bidirectional and multi-organizational nature of grids, they are particularly susceptible to connectivity problems. These problems make collaboration difficult or impossible and cause resources to be wasted. This paper presents a system, called CODO, which provides applications end-to-end connectivity over firewalls/NATs in a secure way. CODO allows applications authorized through strong security mechanisms to traverse firewalls/NATs, while blocking unauthorized applications. This paper also formalizes the firewall/NAT traversal problem and clarifies how a traversal system fits in the overall security policy enforcement by a firewall/NAT.
Keywords :
authorisation; computer networks; grid computing; groupware; CODO; address planning; connectivity problem; cooperative on-demand opening; end-to-end connectivity; firewall traversal; grid computing; network address translators; network protection; security policy enforcement; unauthorized application blocking; Collaboration; Computer science; Contracts; Intrusion detection; Laboratories; Mathematics; Middleware; Network address translation; Protection; Scientific computing;
Conference_Titel :
High Performance Distributed Computing, 2005. HPDC-14. Proceedings. 14th IEEE International Symposium on
Print_ISBN :
0-7803-9037-7
DOI :
10.1109/HPDC.2005.1520965
