SNP provides a high-level abstraction for secure end-toend network communications. It supports both stream and datagram semantics with security guarantees (e.g., data originauthenticity, data integrityand data confidentiality). Itis designed to resemble the Berkeley sockets interface so that security can be easily retrofitted into existing socket programs with only minor modifications. SNP is built on top of GSS-API, thus making it relatively portable across different authentication mechanisms conforming to GSSAPI. SNP hides the details of GSS-API (e.g., credentials and contexts management), the communication sublayer as well as the cryptographic sublayer from the application programmers. It also encapsulates security sensitive information, thus preventing accidental or intentional disclosure by an application program.
Thomas Y. C. Woo, Raghuram Bindignavle, Shaowen Su