Security Enhancements for a User-Controlled Lightpath Provisioning System

User owned and managed optical networks offer new benefits compared to carrier networks. There are basically two types of user owned and managed optical networks: metro dark fibre networks and long-haul wavelength networks. A user-controlled lightpath provisioning system is designed to address the network management challenges, where only the customer has complete visibility of its own network and no provider can see all the network elements. The prototyped management software has a service-oriented architecture and uses the Jini and JavaSpaces technologies. Within one management system for a federation, there are six key components: a Jini Lookup Service, an instance of JavaSpaces; for storage of Light Path Objects (LPOs), a Jini Service Access Point (SAP), an LPO service, an instance of switch communication service for each switch in the transport layer and a Grid SAP. Since the new management system is a distributed system and the new management system may be deployed over a public Internet infrastructure, secure access to the management modules is required. The application of existing system security technologies to the new management system is analyzed. To securely transfer objects across a network, SSL is used to encrypt RMI data streams and thus data streams between Jini services. To securely execute a dynamically downloaded Java class, Jini adopts the Java security model. To securely use a dynamically downloaded proxy to communicate to a remote service, Jini Extensible Remote Invocation is implemented to support security features such as invocation constraints, remote method control, and the trust verification model.