On May 29th, Fabio Mano presented a session on Cisco's TrustSec at the Stanford Networking Seminar. He prefaced his talk by saying this was the first time Cisco has presented this topic without a nondisclosure.
TrustSec is a fundamental change in the way enterprise network security is implemented. architecture builds on top of a strong identity framework to provide authentication for each network device and a centralized Role Based Access Control. All network entities including switches and routers, in addition to users and hosts, are identified and strongly authenticated to build a trusted network infrastructure. Identities are then mapped onto topology-independent Security Groups by a centralized Attribute Based Access Control policy engine, and carried within each packet through the network. Access control policies are no longer expressed in term of IP addresses, but simply in term of Security Groups.
To protect the integrity of the Security Group Tag each frame is encrypted at the egress port of every network device and decrypted at the next ingress port using the IEEE 802.1AE standard frame format (draft standards 802.1af and 802.1AR will also be supported).
By encrypting packets at every hop of the network user-data are protected over the entire enterprise network, preserving the capability to provide added-value services in the network (such as netflow, quality of service, load balancing, application-level caching,intrusion prevention).
Essentially TrustSec adds a layer of indirection to accomplish its goals. When I get a moment I'll add a simple diagram that expresses the layer of indirection.
Saturday, May 31, 2008
Saturday, May 24, 2008
Microsoft Research Silicon Valley Roadshow
Every other year, Microsoft brings innovation roadshow to Silicon Valley and puts projects and their researchers on display at the Mountain View facility. This year's SV Roadshow was held on May 22. After some brief presentations from MSFT management, researchers demonstrated projects, fielded questions and exchanged thoughts during the remainder of the afternoon.
To start, Rick Rashid, the senior vice president of Microsoft Research, gave a short presentation about the company’s different areas of research. Rashid said “The reason you do basic research is for survival, it gives you the ability to change when change is critical... that is true for society and humanity more broadly, like if something really bad happens--war, famine, Google--you can respond.” He prefaced this by saying "...it's not because research can lead to profitable, innovative products although that’s a nice consequence."
Roy Levin who directs the research group in Mountain View indicated they focus on distributed computing and work on improving the delivery of Web search results and the sponsored links that are associated with the to search results.
Botnet Detection for Microsoft's Hotmail
This facility is a target for Botnet attacks. The researchers, Yinglian Xie and Fang Yu developed a technique for automatically detecting servers, or dynamic IP addresses, that send spam by focusing on addresses which change frequently (a traditional email server would have a more or less stable IP address). Their research suggests that 96% of mail servers on dynamic IP addresses actually send only spam.
InkSeine
Raman Sarin demonstrated the InkSeine (not the river, instead the fishing net) software that lets tablet computers be controlled pens instead of keyboards or a mouse and at the same time completely rethinks the user interface. The software and a tutorial can be downloaded from http://research.microsoft.com/inkseine/ .
LaserTouch
To start, Rick Rashid, the senior vice president of Microsoft Research, gave a short presentation about the company’s different areas of research. Rashid said “The reason you do basic research is for survival, it gives you the ability to change when change is critical... that is true for society and humanity more broadly, like if something really bad happens--war, famine, Google--you can respond.” He prefaced this by saying "...it's not because research can lead to profitable, innovative products although that’s a nice consequence."
Roy Levin who directs the research group in Mountain View indicated they focus on distributed computing and work on improving the delivery of Web search results and the sponsored links that are associated with the to search results.
Botnet Detection for Microsoft's Hotmail
This facility is a target for Botnet attacks. The researchers, Yinglian Xie and Fang Yu developed a technique for automatically detecting servers, or dynamic IP addresses, that send spam by focusing on addresses which change frequently (a traditional email server would have a more or less stable IP address). Their research suggests that 96% of mail servers on dynamic IP addresses actually send only spam.
InkSeine
Raman Sarin demonstrated the InkSeine (not the river, instead the fishing net) software that lets tablet computers be controlled pens instead of keyboards or a mouse and at the same time completely rethinks the user interface. The software and a tutorial can be downloaded from http://research.microsoft.com/inkseine/ . LaserTouch
LaserTouch
uses an overhead infrared camera and two laser to enable surface computing on any flat screen which could potentially make it more affordable than other solutions in this realm. Andy Wilson developed the sensing software than enables the interface; it is the same technology as the TouchWall, a surface computing whiteboard that MSFT introduced to the market earlier this month. There are no plans as of this time to commercialize the prototype seen here.
Translation Technology
Andrea Jessee demonstrated a Windows Live application of their language translation technology. I've used it several times, from Japanese to English or from German to English and it works better than others that I have tried. Also the user interface is quite good. It works very well for reading news stories and has a feature where you can tell it that you are translating something "technical". You can try it at translator.live.com . Remember that text embedded in a graphic does not translate!
Boku is a lightweight programming language for children (it's being tested by 9-12 year age group). It is carried out on the Xbox 360 3D gaming environment and controlled by the Xbox game controller and should be available sometime in 2009.
Several projects addressed parallel programming and multicore computing challenges including DryadLINQ - a programming environment for large scale data parallel computing. It combines .NET Language Integration Query (LINQ) and the Dryad distribution engine engine and Automatic Mutual Exclusion employing a new technique, "transactional memory" to help manage execution threads and simplify the process of writing synchronized concurrent programs.
The goal of Keyword Generation and Query Classification is to produce a list of keywords associated with specific topics. Applications include improving ranking and relevance for search and presenting more relevant online advertising associated with a query.
The WOW project is the WorldWide Telescope, a rich visualization environment that functions as a virtual telescope and integrates imagery collected from the best ground- and space-based telescopes in order to create guided explorations of the universe, The Visual Experience Engine which enables seamless panning and zooming allows anyone to create and present media-rich immersive experiences to share with others.
Other projects of a more academic nature include Chuck Thacker's BEE3 to revitalize architecture research in chip design at the university level and Catherine van Ingen's E-Science in the Cloud to help eco-science researchers deal with the massive amounts of data that is and will be generated by ubiquitous sensors.
Friday, May 16, 2008
10 Top Trends from the VC Community Perspective
Some things to ponder from the Churchill Club Meeting, May 14, 2008.
Data stored by different service providers will be combined to create more intelligent services.
Oil will have increasing difficulty competing with biofuels made from cheap nonfood crops for transportation.
Water technology will replace abating global warming as a global priority.
The mobile device industry's migration to smart phones will produce great disruption for big industry players.
Booming market for healthy aging technologies.
Four-fifths of the world population will carry mobile Internet devices within five to 10 years.
Algorithms will be constructed to develop new industrial chemicals, new biofuels and eventually artificial intelligence.
The mobile phone is your most important device.
There is going to be a venture capital shakeout.
Within five years everything that matters to you will be available on a device that fits on your belt or in your purse.
Thursday, May 8, 2008
Juniper Networks Network Endpoint Assessment @ Stanford Networking Seminar
Network Endpoint Assessment: Stephen Hanna from Juniper Networks (he's on the IETF WG for Network Endpoint Assessment) spoke today at the Stanford Networking Seminar about an integrated approach to network security. He's on the IETF WG for Network Endpoint Assessment. His points are well-taken -- network security components exist in silos and the components don't communicate with each other. Integration could serve network security but requires a well-managed, highly-structured environment, the kind one would find in an organization or enterprise.
What would happen when some or many integrated components applied to the public internet? For example, if one were to assess endpoints (think about who would be responsible for the assessment function) -and disallow vulnerable end-user devices, how many disenfranchised netizens would there be world-wide. A secure (and botnet-free) internet is desireable from many perspectives, but how is it to be accomplished short of "clean slate" initiatives?
PDF of Presentation Slides can be found at http://netseminar.stanford.edu/seminars/05_08_08.pdf (right click then save...).
What would happen when some or many integrated components applied to the public internet? For example, if one were to assess endpoints (think about who would be responsible for the assessment function) -and disallow vulnerable end-user devices, how many disenfranchised netizens would there be world-wide. A secure (and botnet-free) internet is desireable from many perspectives, but how is it to be accomplished short of "clean slate" initiatives?
PDF of Presentation Slides can be found at http://netseminar.stanford.edu/seminars/05_08_08.pdf (right click then save...).
Subscribe to:
Posts (Atom)
