Your browser does not allow JavaScript!
JavaScript is necessary for the proper functioning of this website. Please enable JavaScript or use a modern browser.
Repository of the University of Ljubljana
Open Science Slovenia
Open Science
DiKUL
slv
|
eng
Search
Browse
New in RUL
About RUL
In numbers
Help
Sign in
Details
SPA Scalability in Software Defined Perimeter
ID
Krmelj, Gregor Robert
(
Author
),
ID
Ciglarič, Mojca
(
Mentor
)
More about this mentor...
,
ID
Pančur, Matjaž
(
Comentor
)
PDF - Presentation file,
Download
(549,40 KB)
MD5: 025624789EDDA69E75CFFA9CDA364DE7
Image galllery
Abstract
Single Packet Authorization (SPA) is a method of gaining network access to a network service by sending a single IP packet which contains all the necessary data to authenticate and authorize a particular client. The result of the exchange is a temporary firewall rule that enables the client access to the requested service. OpenSPA is an implementation of SPA which we have re-implemented from the ground up with countermeasures for Denial of Service (DoS) attacks and replaced the binary encoding protocol with a TLV variant. Using our testing environment with a 100 Gbit/s network we were able to defend against a 6.7 Mpps DoS attacks using a single CPU core and a 106 Mpps attack using 16 CPU cores.
Language:
English
Keywords:
SPA
,
Firewall
,
Network Security
,
eBPF
,
XDP
,
Network Protocol Design
,
Hidden Services
Work type:
Master's thesis/paper
Typology:
2.09 - Master's Thesis
Organization:
FRI - Faculty of Computer and Information Science
Year:
2022
PID:
20.500.12556/RUL-142965
COBISS.SI-ID:
136683779
Publication date in RUL:
06.12.2022
Views:
1471
Downloads:
149
Metadata:
Cite this work
Plain text
BibTeX
EndNote XML
EndNote/Refer
RIS
ABNT
ACM Ref
AMA
APA
Chicago 17th Author-Date
Harvard
IEEE
ISO 690
MLA
Vancouver
:
KRMELJ, Gregor Robert, 2022,
SPA Scalability in Software Defined Perimeter
[online]. Master’s thesis. [Accessed 26 April 2025]. Retrieved from: https://repozitorij.uni-lj.si/IzpisGradiva.php?lang=eng&id=142965
Copy citation
Share:
Secondary language
Language:
Slovenian
Title:
Skalabilnost protokola SPA v programsko določenem robu omrežja
Abstract:
Preverjanje pristnosti z enim paketom (ang. Single Packet Authorization -- SPA) je metoda, s katero lahko pridobimo dostop do storitve izključno na podlagi enega paketa IP. V ta paket shranimo vse informacije, ki jih strežnik potrebuje, da lahko preveri pristnost zahtevka. V primeru, da imamo pravico do željene storitve, strežnik v požarnem zidu določi začasno pravilo, ki nam (odjemalcu) omogoči dostop. Med odprtokodne implementacije principa SPA spada tudi OpenSPA. V magistrski nalogi bomo predstavili našo novo implementacijo protokola OpenSPA. Novosti protokola sta zaščita ob napadih ohromitev storitve (ang. Denial of Service -- DoS) in binarno kodiranje podatkov v formatu TLV. Znotraj testnega okolja z omrežjem hitrosti 100 Gbit/s smo lahko obranili napad DoS velikosti 6.7 Mpps z uporabo 1 jedra in napad DoS velikosti 106 Mpps z uporabo 16 jeder.
Keywords:
SPA
,
požarni zid
,
omrežna varnost
,
eBPF
,
XDP
,
omrežni protokoli
,
skrite storitve
Similar documents
Similar works from RUL:
Searching for similar works...
Similar works from other Slovenian collections:
Back
