SLIDE 1
The two-tier Architecture
Incident Tracer IRA IRA Intra-domain Tracer Intra-domain Tracer Intra-domain Tracer Query Response IRA Query Response IRA: Incident Record Agent
An Architecture for Tracing Incidents across the Internet Glenn - - PowerPoint PPT Presentation
An Architecture for Tracing Incidents across the Internet Glenn - - PowerPoint PPT Presentation
An Architecture for Tracing Incidents across the Internet Glenn Mansfield Keeni Cyber Solutions Inc. Inch-wg, IETF-61 November, 2004 The two-tier Architecture Query Intra-domain Incident Intra-domain Response Tracer Tracer Tracer Query
SLIDE 2
SLIDE 3
The Intra-domain Architecture
IRA IR IRB Intra-domain Tracer Incident Query/Response
Incident Record Base
SLIDE 4
Inter-Domain Incident Tracing Protocol
Authenticated Non Repudiation Specify the Incident Identifier (attributes) Privacy, Integrity
- Common format for incident description
- Unique Identification for incident
Return matches from local database
SLIDE 5
Incident Record Protocol
Mapping: IncidentRecord Incident Identifier
SLIDE 6
Requirements: Incident Record Protocol
Incident Report Transform
Incident Record Agent Incident Record Base
Incident Report Transform Tr (Incident Report) Recorder
Additional data
Incident Record Base
Additional Data
SLIDE 7
The Intra-domain packet tracing Process:
Incident Transform
(generate Key)
IRA Incident Record Base Incident Transform Tr (Incident Report) IR
Additional data
Incident Record Base
Additional Data
Incident Transform
(sanitize)
IT Yes/No
SLIDE 8