a policy framework for a secure future internet future
play

A Policy Framework for a Secure Future Internet Future Internet - PowerPoint PPT Presentation

Apr 25, 2023 •146 likes •1.14k views

A Policy Framework for a Secure Future Internet Future Internet Jad Naous (Stanford University) Arun Seehra (UT Austin) Michael Walfish (UT Austin) David Mazires (Stanford University) Antonio Nicolosi (Stevens Institute of Tech) Scott

  1. A Policy Framework for a Secure Future Internet Future Internet Jad Naous (Stanford University) Arun Seehra (UT Austin) Michael Walfish (UT Austin) David Mazières (Stanford University) Antonio Nicolosi (Stevens Institute of Tech) Scott Shenker (UC Berkeley)

  2. What do we want from the network? Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  3. Network Policies Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  4. Network Policies Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  5. Network Policies Conflicting requirements from many stakeholders Middlebox Jad Naous – DIMACS Woorkshop on Secure Routing

  6. Network Policies Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  7. Network Policies Conflicting requirements from many stakeholders Middlebox Jad Naous – DIMACS Woorkshop on Secure Routing

  8. Network Policies Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  9. Network Policies Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  10. Network Policies Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  11. Network Policies There are many stakeholders: senders, receivers, enterprises that are both senders and receivers (e.g. data centers), service providers, security middlemen (à la service providers, security middlemen (à la Prolexic), governments, data owners, … Each has many valid policy goals, and they might conflict. Jad Naous – DIMACS Woorkshop on Secure Routing

  12. Prior proposals: Large union, small intersection �������������� ���� ��� o - - - - x x o o - - - x o o o o o - - - o o x �������� ����� ����� ��� ��� - - - - o x - - - - o x - - - o x o - - - o x o o x o - - o - - o x o o - - o x o o o - - o x o - o x o o o - o x o o o ������� o x o o o o o x o o o o - - o - - x x o o o o o [legend: x exerts control over o ’s] Jad Naous – DIMACS Woorkshop on Secure Routing

  13. Prior Proposals Incomplete or insufficient Incompatible Incompatible Jad Naous – DIMACS Woorkshop on Secure Routing

  14. What Types of Policies for the Future Internet? Three choices: 1. Embrace the status quo: Do nothing. Unsatisfactory. 2. Make a hard choice: Select the “right” subset. A high-stakes gamble. 3. Choose “all of the above”: Take union of controls. Preserve all options; no picking winners/losers. Jad Naous – DIMACS Woorkshop on Secure Routing

  15. “All of the above” brings challenges: 1. How do we enable all these different policies? 1. How do we enable all these different policies? 2. How do we enforce all of them efficiently? Jad Naous – DIMACS Woorkshop on Secure Routing

  16. The ICING Policy Framework “Pluggable” Control Plane Engine . . . Pathlets BGP SR Policy Policy Policy Engine Engine ? General Efficient Secure Data Plane Jad Naous – DIMACS Woorkshop on Secure Routing

  17. The ICING Policy Framework “Pluggable” Control Plane Engine . . . Pathlets BGP SR Policy Policy Policy Engine Engine ? General Efficient Secure Data Plane Jad Naous – DIMACS Woorkshop on Secure Routing

  18. Outline • How general is general? (What is the control? Who gets control? How can it be used?) • How do we enforce policy decisions in the data plane? • What is the control/data plane interface and how can it be used? Jad Naous – DIMACS Woorkshop on Secure Routing

  19. Outline • How general is general? (What is the control? Who gets control? How can it be used?) • How do we enforce policy decisions in the data plane? • What is the control/data plane interface and how can it be used? Jad Naous – DIMACS Woorkshop on Secure Routing

  20. Control over what? Policy requirements � Who handles the packets and how � The path or parts of it � The path or parts of it (interdomain-level) Jad Naous – DIMACS Woorkshop on Secure Routing

  21. Control over what? Policy requirements � Who handles packets they send/receive/transit and how send/receive/transit and how � The path or parts of it (interdomain-level) For most flexibility: Give control over full path Jad Naous – DIMACS Woorkshop on Secure Routing

  22. Who gets control? Three principles: 1. Entities whose network resources are consumed. 2. Entities that are consuming network resources. 3. Entities should be within a single layer – the network layer. Jad Naous – DIMACS Woorkshop on Secure Routing

  23. Who gets control? The three principles � Give control to all entities on the path. Other stakeholders use other layers or external power of authority (e.g. laws). Jad Naous – DIMACS Woorkshop on Secure Routing

  24. ICING’s Policy Principle ����� x o o o o o o o x o o o o o o o x o o o o o o o x o o o o o o o x o o o o o o o x o o o o o o o x A path is legal if and only if all participants on the path approve of the path. Architecture enforces that only legal paths are used. Jad Naous – DIMACS Woorkshop on Secure Routing

  25. How general are policies? • Provider: Allow use of high speed links from 5pm to 8am only • Internet2: Only carry traffic between universities • Internet2: Only carry traffic between universities • Sender: Only use paths that my neighbor is using. => Policies can be arbitrary. Jad Naous – DIMACS Woorkshop on Secure Routing

  26. For flexibility and evolvability: Allow arbitrary policies For accuracy: Provide sufficient information Jad Naous – DIMACS Woorkshop on Secure Routing

  27. What are policy decisions based on? 1. The path 2. Consumed resources: Long/short haul, high/low speed, Long/short haul, high/low speed, – – transit/delivery, … 3. Arbitrary external information: Billing status, costs, time of day – Does everyone else consent? – Jad Naous – DIMACS Woorkshop on Secure Routing

  28. Checkpoint Summary • There are many stakeholders in a communication, and we give control to all network-level participants. • For most flexibility and to satisfy the largest For most flexibility and to satisfy the largest number of requirements we need to give them control over the full path. • For evolvability and flexibility, allow arbitrary policies and provide sufficient information Jad Naous – DIMACS Woorkshop on Secure Routing

  29. Outline • How general is general? (What is the control? Who gets control? How can it be used?) • How do we enforce policy decisions in the data plane? • What is the control/data plane interface and how can it be used? Jad Naous – DIMACS Woorkshop on Secure Routing

  30. Secure Routing Insufficient Data packets today do not necessarily follow BGP-given routes i.e. Data plane does not necessarily conform to the control plane. Jad Naous – DIMACS Woorkshop on Secure Routing

  31. Challenges Many challenges: • Enabling arbitrary informed policies • Enforcing policy decisions at line-rate • Handling errors and network failures in a Handling errors and network failures in a locked-down Internet • Delegating access • Bootstrapping Jad Naous – DIMACS Woorkshop on Secure Routing

  32. Challenges Many challenges: • Enabling arbitrary informed policies • Enforcing policy decisions at line-rate • Handling errors and network failures in a Handling errors and network failures in a locked-down Internet • Delegating access • Bootstrapping Jad Naous – DIMACS Woorkshop on Secure Routing

  33. Challenge: Enabling arbitrary informed policies Router Control plane Data plane Jad Naous – DIMACS Woorkshop on Secure Routing

  34. Challenge: Enabling arbitrary informed policies ICING Consent Makes all policy decisions Server ICING Forwarder Enforces policy Data decisions plane Jad Naous – DIMACS Woorkshop on Secure Routing

  35. Challenge: Enforcing policy decisions at line-rate 1. Make sure that the path is legal 2. Make sure that the path is followed 2. Make sure that the path is followed Jad Naous – DIMACS Woorkshop on Secure Routing

  36. Challenge: Enforcing policy decisions at line-rate Step 1: Make sure the path is legal Consent Consent Consent Consent Server 1 Server 1 Server 2 Server D Data Data Data plane plane plane Sender Destination R1 R2 Jad Naous – DIMACS Woorkshop on Secure Routing

  37. Challenge: Enforcing policy decisions at line-rate Step 1: Make sure the path is legal Share Consent Consent Consent Consent Secret Key = Server 1 Server 1 Server 2 Server D s_1 s_1 Data Data Data plane plane plane Sender Destination R1 R2 Jad Naous – DIMACS Woorkshop on Secure Routing

  38. Challenge: Enforcing policy decisions at line-rate Step 1: Make sure the path is legal Share Consent Consent Consent Consent Secret Key = Server 1 Server 1 Server 2 Server D s_2 s_2 Data Data Data plane plane plane Sender Destination R1 R2 Jad Naous – DIMACS Woorkshop on Secure Routing

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR Under the framework of

THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR Under the framework of

THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR Under the framework of Bonjour India, the Institut franais en Inde is pleased to present The Future Tour - a series of thematic rendezvous between scientists, academics,

270 views • 5 slides
Trusted Architecture for Secure Shared Services (with Privacy), Future of Internet PPP, and

Trusted Architecture for Secure Shared Services (with Privacy), Future of Internet PPP, and

TAS 3 Trusted Architecture for Secure Shared Services (with Privacy), Future of Internet PPP, and Internet of Subject Personal Data Store Sampo Kellomki (sampo@zxidp.org) 11. October 2010, IIW London 09 TAS 3 Intro and Vision EU FP7

968 views • 75 slides
Future Internet Future Internet Internet has evolved from 4-node network to ubiquituous, global

Future Internet Future Internet Internet has evolved from 4-node network to ubiquituous, global

An Architecture for An Architecture for Supporting Future Internet Supporting Future Internet Applications Applications Sebastian Mies Institute of Telematics, University of Karlsruhe (TH), Germany The SpoVNet Consortium: University of

268 views • 11 slides
Distributed mobility management more IPv4 blocks available) for Future Internet for Future

Distributed mobility management more IPv4 blocks available) for Future Internet for Future

Internet Core network: converge (cellular and Internet no Distributed mobility management more IPv4 blocks available) for Future Internet for Future Internet Access networks: diverse Devices: multiple interfaces, multiple

145 views • 12 slides
Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective

Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective

Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective From a TAS Danny De Cock TAS 3 Project Coordinator Slides available from http://godot.be/slides Email: Danny.DeCock@esat.kuleuven.be Future

252 views • 12 slides
DESIGN AND IMPLEMENTATION OF A VIRTUAL NETWORKING FRAMEWORK FOR THE MOBILITYFIRST FUTURE INTERNET

DESIGN AND IMPLEMENTATION OF A VIRTUAL NETWORKING FRAMEWORK FOR THE MOBILITYFIRST FUTURE INTERNET

DESIGN AND IMPLEMENTATION OF A VIRTUAL NETWORKING FRAMEWORK FOR THE MOBILITYFIRST FUTURE INTERNET ARCHITECTURE Aishwarya Babu Adviser: Dr. Dipankar Raychaudhuri Content Introduction MobilityFirst Overview Network Virtualization

692 views • 41 slides
Understanding current IPv4 depletion management For discussions on future policy proposals TWNIC

Understanding current IPv4 depletion management For discussions on future policy proposals TWNIC

Understanding current IPv4 depletion management For discussions on future policy proposals TWNIC 31 ST OPM 27 November 2018 George Kuo APNIC 1 APNIC A global, open, stable and secure Internet that serves the entire Asia Pacific

433 views • 16 slides
ICT SHOK Future Internet Programme A Finnish national research programme on Future Internet

ICT SHOK Future Internet Programme A Finnish national research programme on Future Internet

ICT SHOK Future Internet Programme A Finnish national research programme on Future Internet Jukka Manner, TKK Page 1 Finnish SHOKs Strategic Centres for Science, Technology and Innovation (SHOK) will provide a new way of bringing together

331 views • 19 slides
ICANN Policy Development How you can help ICANN Shape the New gTLD Program Future of the Internet

ICANN Policy Development How you can help ICANN Shape the New gTLD Program Future of the Internet

ICANN Policy Development How you can help ICANN Shape the New gTLD Program Future of the Internet Liz Gasster, Senior Policy Counselor Marika Konings, Policy Director ICANN 4 August 2009 Karla Valente Director New gTLD Program 1 What is

762 views • 59 slides
A Public Web Services Security Framework Based on Current and Future Usage Scenarios Internet

A Public Web Services Security Framework Based on Current and Future Usage Scenarios Internet

A Public Web Services Security Framework Based on Current and Future Usage Scenarios Internet Computing 2002 Conference, Las Vegas, June 2002 J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software Inc. Web Services Usage

357 views • 11 slides
Policy mix concepts and applications: Reflections on the emergence, and potential future

Policy mix concepts and applications: Reflections on the emergence, and potential future

Policy mix concepts and applications: Reflections on the emergence, and potential future directions, of market based instruments for conservation within a policy mix framework Vic Adamowicz Alberta Land Institute & REES University of

489 views • 32 slides
SESSION E DESIGN FRAMEWORK FOR FUTURE GUIDELINES ON B2C SUPPLIES OF SERVICES AND INTANGIBLES

SESSION E DESIGN FRAMEWORK FOR FUTURE GUIDELINES ON B2C SUPPLIES OF SERVICES AND INTANGIBLES

SESSION E DESIGN FRAMEWORK FOR FUTURE GUIDELINES ON B2C SUPPLIES OF SERVICES AND INTANGIBLES 17-18 April 2014 Tokyo, Japan Pia Michelsen, European Commission Tax policy perspective Ms Pia Michelsen, Policy Officer, VAT Unit, Taxation

808 views • 22 slides
Internet Future Internet Future CRA Biennial Conference CRA Biennial Conference Snowbird, Utah

Internet Future Internet Future CRA Biennial Conference CRA Biennial Conference Snowbird, Utah

Internet Future Internet Future CRA Biennial Conference CRA Biennial Conference Snowbird, Utah Snowbird, Utah Vint Cerf MCI July 11, 2004 th Anniversary of TCP/IP 30 th Anniversary of TCP/IP 30 May 1974: A Protocol for Packet

493 views • 27 slides
Framework for Our Future 2.0 February 26-28, 2009 Framework for Our Future 2.0 February 26-28,

Framework for Our Future 2.0 February 26-28, 2009 Framework for Our Future 2.0 February 26-28,

Framework for Our Future 2.0 February 26-28, 2009 Framework for Our Future 2.0 February 26-28, 2009 An event to help shape the future of education in the DeForest Area School District. This three-day event, hosted by the DeForest area school

360 views • 18 slides
DB Future Directions Future Directions The Future is hard to predict and is driven by

DB Future Directions Future Directions The Future is hard to predict and is driven by

DB Future Directions Future Directions The Future is hard to predict and is driven by technology trends, unforeseen events, special needs, previous commitments, policy, mistakes, innovation, etc. What follows is some personal

538 views • 20 slides
FUTURE INTERNET Testbed @TWAREN Che-Nan Yang NCHC,Taiwan Overview OpenFlow Testbed in

FUTURE INTERNET Testbed @TWAREN Che-Nan Yang NCHC,Taiwan Overview OpenFlow Testbed in

FUTURE INTERNET Testbed @TWAREN Che-Nan Yang NCHC,Taiwan Overview OpenFlow Testbed in TWAREN HPDMnet Multicast Streaming with OpenFlow Future Work 2 Future Internet There are many serious limitations in current Internet.

505 views • 28 slides
Technical Assistance Conference Call By: Janet Lytton, Director of Reimbursement Rural Health

Technical Assistance Conference Call By: Janet Lytton, Director of Reimbursement Rural Health

Presented for: Technical Assistance Conference Call By: Janet Lytton, Director of Reimbursement Rural Health Development P.O. Box 487, Cambridge, NE 69022 308-647-6455 RHDconsultJL@hotmail.com Know the 5010 RHC Claim requirements

594 views • 32 slides
Todays Lecture INF 111 / CSE 121: Software Tools and Methods Administrative details

Todays Lecture INF 111 / CSE 121: Software Tools and Methods Administrative details

Todays Lecture INF 111 / CSE 121: Software Tools and Methods Administrative details Review of Software Engineering Lecture Notes for Fall Quarter, 2007 Michele Rousseau Set 1 Topic 1 2 Introductions Introductions Instructor

491 views • 8 slides
What should I read next? A Visual Publication Recommender System Andr Calero Valdez Simon

What should I read next? A Visual Publication Recommender System Andr Calero Valdez Simon

What should I read next? A Visual Publication Recommender System Andr Calero Valdez Simon Bruns Christoph Greven Ulrik Schroeder Martina Ziefle Motivation - Challenges Information overload 679,858 papers per year in 2009 / 365 days /

302 views • 12 slides
Why Standards are Not Enough to Solve Healthcare's Interoperability Problem (And How RDF Can

Why Standards are Not Enough to Solve Healthcare's Interoperability Problem (And How RDF Can

- DRAFT - Why Standards are Not Enough to Solve Healthcare's Interoperability Problem (And How RDF Can Help) David Booth, Ph.D. Latest version of these slides: http://dbooth.org/2014/standards/ See also associated paper Definition Semantic

632 views • 23 slides
I c eh o u se 1 of 24 Ov er v i ew R ea l -t i m e g a m e o f a t t a c k a n d d ef en

I c eh o u se 1 of 24 Ov er v i ew R ea l -t i m e g a m e o f a t t a c k a n d d ef en

I c eh o u se 1 of 24 Ov er v i ew R ea l -t i m e g a m e o f a t t a c k a n d d ef en se. P l a y ed w i t h p y r a m i d s o n a f r ee-f o r m f i el d Ga m e en d s w h en t h e l a st p i ec e i s p l a y ed 2

360 views • 24 slides
Business Context Essential business requirements Projects are launched when the value of solving

Business Context Essential business requirements Projects are launched when the value of solving

Business Context Essential business requirements Projects are launched when the value of solving recognized problems exceeds the cost of doing so R. Kuehl/J. Scott Hawker p. 1 R I T Software Engineering Understand Business Context Learn

566 views • 22 slides
COMPUTATIONAL METHODS FOR TEXT ANALYSIS BA PROGRAM SOCIOLOGY AND SOCIAL INFORMATICS Kirill

COMPUTATIONAL METHODS FOR TEXT ANALYSIS BA PROGRAM SOCIOLOGY AND SOCIAL INFORMATICS Kirill

COMPUTATIONAL METHODS FOR TEXT ANALYSIS BA PROGRAM SOCIOLOGY AND SOCIAL INFORMATICS Kirill Maslinsky 2020 Higher School of Economics Saint Petersburg 1/14 WHY DO YOU NEED IT THE TIME WE LIVE IN 2/14 JUST TO LEARN TO MAKE THOSE

672 views • 21 slides
EECS 192: Mechatronics Design Lab Discussion 12: AGC & Mechanical Tuning GSI: Justin Yim 15

EECS 192: Mechatronics Design Lab Discussion 12: AGC & Mechanical Tuning GSI: Justin Yim 15

EECS 192: Mechatronics Design Lab Discussion 12: AGC & Mechanical Tuning GSI: Justin Yim 15 & 16 Apr 2015 (Week 12) 1 Vehicle Dynamics 2 Suspension Tuning Ducky (UCB EECS) Mechatronics Design Lab 15 & 16 Apr 2015 (Week 12) 1 / 19

622 views • 46 slides

More recommend