Projects of Computing Systems Architecture Department

Verification of new IPsec v2 protocol security features.

The studies of changes in security features of IP level introduced in IPsec v2 showed that formal specification and test scenarios designed in the previous project were almost impossible to use. New version of security features consisted of new protocols for protecting and transmitting data incompatible with the protocols from the previous version of IPsec. This project was aimed at the creation of new formal specifications and test scenarios and providing means for automated verification of security features in the implementations of the new protocols. This project was also done in close collaboration with Programming technologies department.

Verification of security and mobility features of IP protocols.

This project was devoted to research and development of formal methods for modeling telecommunication protocols in terms of security and mobility. Also new methods and tools were developed for automated tests generation used to check compliance with Internet standards. This project was done in collaboration with Programming technologies department.

Development of application-level gateways: DNS-ALG and FTP-ALG to provide communication between IPv4 and IPv6 networks and creation of network software testing tools.

Organization of effective interaction between IPv4 and IPv6 networks could not be done on the basis of existing mechanisms without the creation of application-level gateways translating corresponding protocol elements in this level. This project was aimed on design and implementation of such tools. Moreover network software debugging and testing is time consuming and error-prone if done manually. This is why as a part of this project tools for automated testing of network software were developed.

Implementation of IPv4 and IPv6 protocols compatibility with use of address context translation method.

Stateless IP/ICMP Translator (SIIT) has a number of limitations. Implemented in this project context method of addresses and protocols translation (NAT-PT) in Linux and FreeBSD allowed usage of normal IPv6 addresses instead of specific ones in IPv6 subnetworks as well as dynamic assigning of IPv4 addresses to IPv6 nodes in the process of session creation when IPv6 and IPv4 networks communicate.

Implementation of interprotocol gateway IPv4/IPv6 in FreeBSD operation system.

This project was concentrated on the specific features of FreeBSD and adaptation of stateless translator developed in the previous project to FreeBSD environment.

Implementation of interprotocol gateway IPv4/IPv6 in Linux operating system.

New method to provide compatibility for IPv4 and IPv6 protocols fulfilling the draft of the “Stateless IP/ICMP Translator (SIIT)” standard was created and implemented in this project. This method coupled with other means can provide seamless transition to IPv6 protocol. The method was successfully applied to Linux operation system after the studying of its specific features.

Creation of a firewall to protect unauthorized access to local networks from the Internet.

This project was aimed on creation of a firewall based on free software and capable of providing an effective protection for local networks from unauthorized access from the outside.

Organization of high-speed communication channel in ISP RAS.

This project pursued the following two goals. The first was in providing means for active information exchange performed to enhance research activities in the area of system programming and creation of new system software in collaboration with Russian and foreign scientific institutes including the projects using the Internet. The second was in creation of ISP RAS own web-server.