Session 4
File-Based Network Collaboration System
Toshinari Takahashi (takahasi@isl.rdc.toshiba.co.jp)
presented a secure file-based network collaboration system.
They use a special file structure that is similar to SCCS in
that it only sends DIFFs of files around over the network.
The information is sent in encrypted form (8-bit CFB DES).
There is some danger in semantic inconsistency, but they say
they have a workable solution with LIFO ordering. RSA
public-key authentication is used.
Safe Use of X Window System Protocol Across a
Firewall
Brian Kahn (blk@mitre.org) showed
MITRE's X gateway product, which attempts to filter X client
requests as they travel across a firewall system. Existing
proxy agents include:
- xroute - forwards everything
- xscope, xmon - selectively audit packets
- xforward (DEC), x-gw (TIS) - seek user confirmation before
allowing packets, but no filtering
- Xnest (X11R6) - creates virtual X display in a window
The Xgate system (MITRE) puts several limitations on clients:
- client can only use X resources it creates
- clients have access to atoms, fonts, own colormap ONLY. No
access to keyboard state or root window events
- This results in no cut and paste ability between these
clients
The Xgate system can provide user confirmation if you wish.
xv posed some problems for them - it queries the state of all
other clients (presumably looking for some specific window
manager), so they simply put a special check in to make it
return "there are no other clients running" if a client asks
this. Denial of service is difficult to prevent - someone
could flood you with user confirmation requests.
An Architecture for Advanced Packet Filtering
Andrew Molitor (amolitor@network.com) showed NSC's
router filter language. It defines 5 "filter points" at which you
can write your own subroutines to flexibly filter things like
ftp GET's, etc. A reference to the networking company
"Crisco" was a highlight of the talk.