High-Performance Distributed Computing, International Symposium on (2005)
Research Triangle Park, NC, USA
July 24, 2005 to July 27, 2005
Sechang Son , Comput. Sci. Dept., Wisconsin Univ., Madison, WI, USA
B. Allcock , San Diego Supercomput. Center, CA, USA
M. Livny , San Diego Supercomput. Center, CA, USA
Firewalls and network address translators (NATs) cause significant connectivity problems along with benefits such as network protection and easy address planning. Connectivity problems make nodes separated by a firewall/NAT unable to communicate with each other. Due to the bidirectional and multi-organizational nature of grids, they are particularly susceptible to connectivity problems. These problems make collaboration difficult or impossible and cause resources to be wasted. This paper presents a system, called CODO, which provides applications end-to-end connectivity over firewalls/NATs in a secure way. CODO allows applications authorized through strong security mechanisms to traverse firewalls/NATs, while blocking unauthorized applications. This paper also formalizes the firewall/NAT traversal problem and clarifies how a traversal system fits in the overall security policy enforcement by a firewall/NAT.
B. Allcock, M. Livny and S. Son, "CODO: firewall traversal by cooperative on-demand opening," High-Performance Distributed Computing, International Symposium on(HPDC), Research Triangle Park, NC, USA, 2005, pp. 233-242.