Johannes Naab scite author profile

Johannes Naab

5Publications

61Citation Statements Received

134Citation Statements Given

How they've been cited

How they cite others

133

Affiliations

Technical University of Munich

Publications

Order By: Most citations

5G QoS: Impact of Security Functions on Latency

Gallenmüller

Naab

Adam

et al. 2020

View full text Add to dashboard Cite

Network slicing is considered a key enabler to 5th Generation (5G) communication networks. Mobile network operators may deploy network slices-complete logical networks customized for specific services expecting a certain Quality of Service (QoS). New business models like Network Slice-as-a-Service offerings to customers from vertical industries require negotiated Service Level Agreement (SLA) contracts, and network providers need automated enforcement mechanisms to assure QoS during instantiation and operation of slices. In this paper, we focus on ultra-reliable low-latency communication (URLLC). We propose a software architecture for security functions based on offthe-shelf hardware and open-source software and demonstrate, through a series of measurements, that the strict requirements of URLLC services can be achieved. As a real-world example, we perform our experiments using the intrusion prevention system (IPS) Snort to demonstrate the impact of security functions on latency. Our findings lead to the creation of a model predicting the system load that still meets the URLLC latency requirement. We fully disclose the artifacts presented in this paper including pcap traces, measurement tools, and plotting scripts at https://gallenmu.github.io/low-latency.

show abstract

A First Look at Certification Authority Authorization (CAA)

Scheitle

Chung

Hiller

et al. 2018

SIGCOMM Comput. Commun. Rev.

View full text Add to dashboard Cite

Shaken by severe compromises, the Web's Public Key Infrastructure has seen the addition of several security mechanisms over recent years. One such mechanism is the Certification Authority Authorization (CAA) DNS record, that gives domain name holders control over which Certification Authorities (CAs) may issue certificates for their domain. First defined in RFC 6844, adoption by the CA/B forum mandates that CAs validate CAA records as of September 8, 2017. The success of CAA hinges on the behavior of three actors: CAs, domain name holders, and DNS operators. We empirically study their behavior, and observe that CAs exhibit patchy adherence in issuance experiments, domain name holders configure CAA records in encouraging but error-prone ways, and only six of the 31 largest DNS operators enable customers to add CAA records. Furthermore, using historic CAA data, we uncover anomalies for already-issued certificates. We disseminated our results in the community. This has already led to specific improvements at several CAs and revocation of mis-issued certificates. Furthermore, in this work, we suggest ways to improve the security impact of CAA. To foster further improvements and to practice reproducible research, we share raw data and analysis tools.

show abstract

5G URLLC: A Case Study on Low-Latency Intrusion Prevention

et al. 2020

View full text Add to dashboard Cite

Ducked Tails: Trimming the Tail Latency of(f) Packet Processing Systems

Gallenmüller

Wiedner

Naab

et al. 2021

View full text Add to dashboard Cite

Agile Network Access Control in the Container Age

Diekmann

Naab

Korsten

et al. 2019

IEEE Trans. Netw. Serv. Manage.

View full text Add to dashboard Cite

Linux Containers, such as those managed by Docker, are an increasingly popular way to package and deploy complex applications. However, the fundamental security primitive of network access control for a distributed microservice deployment is often ignored or left to the network operations team. High-level application-specific security requirements are not appropriately enforced by low-level network access control lists. Apart from coarse-grained separation of virtual networks, Docker neither supports the application developer to specify nor the network operators to enforce fine-grained network access control between containers.In a fictional story, we follow DevOp engineer Alice through the lifecycle of a web application. From the initial design and software engineering through network operations and automation, we show the task expected of Alice and propose tool-support to help. As a full-stack DevOp, Alice is involved in high-level design decisions as well as low-level network troubleshooting. Focusing on network access control, we demonstrate shortcomings in today's policy management and sketch a tool-supported solution. We survey related academic work and show that many existing tools fail to bridge between the different levels of abstractions a full-stack engineer is operating on.Our toolset is formally verified using Isabell/HOL and is available as Open Source.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Johannes Naab

5G QoS: Impact of Security Functions on Latency

A First Look at Certification Authority Authorization (CAA)

5G URLLC: A Case Study on Low-Latency Intrusion Prevention

Ducked Tails: Trimming the Tail Latency of(f) Packet Processing Systems

Agile Network Access Control in the Container Age

Contact Info

Product

Resources

About