a strategy for network resilience
play

A Strategy for Network Resilience David Hutchison Lancaster - PowerPoint PPT Presentation

Jun 03, 2023 •111 likes •340 views

A Strategy for Network Resilience David Hutchison Lancaster University d.hutchison@lancaster.ac.uk University of Liverpool, 26 June 2014 InfoLab21 InfoLab21 Resilience Generally, this means the capability of people to bounce back

  1. A Strategy for Network Resilience David Hutchison Lancaster University d.hutchison@lancaster.ac.uk University of Liverpool, 26 June 2014 InfoLab21 InfoLab21

  2. Resilience Generally, this means the capability of people to ‘bounce back’ after experiencing problems [Oxford English Dictionary definition: “Power of resuming the original form after compression &c.”] Specifically, a resilient system is one that can continue to offer a satisfactory level of service even in the face (or in the aftermath) of the challenges it experiences Resilience goes beyond security; it encompasses security but aims to recover from security breaches and also any other challenges that compromise the system InfoLab21 InfoLab21 2

  3. Resilience as a network need • Society is increasingly reliant on the Internet and on “Future Internet Research: networked systems in general (‘Information Society’) The EU framework” by Joao da Silva • Communication networks now underpin many of “ … as the Internet is increasingly becoming a society’s critical infrastructures “critical infrastructure, security and robustness of • We need resilience , a (QoS) property of networks the Internet are naturally becoming issues of major and systems such that they can withstand any concern.” (ACM CCR, 2007) challenge, whether from natural disasters, mis- acmqueue “Resolved: the configurations, hardware or software failures, Internet Is No Place for congestion/overloads (including flash crowds), Critical Infrastructure” by Dan Geer | April 2, 2013 or attacks • Network system attacks are increasing in variety Chinese domains downed by 'largest ever' cyber-attack. and number: virus, worms, botnets, DoS, … DDoS attacks targeted the country's national registry. The Independent, Aug 27, 2013 It is no coincidence that every single major cloud storage provider went down last week. That's Google's cloud storage, Microsoft's cloud storage, Intel's cloud services and Amazon's (the biggest and used by a huge number of other providers from Dixons and Dropbox to Spotify). Remember these services are supposed to have a 99.999% availability yet they've all failed with one day of each other. Not a single word of explanation from any of the companies involved … InfoLab21 InfoLab21 3

  4. Some notable past challenges • 2001 Baltimore tunnel fire • 2001 9/11 terrorist attacks General lessons: • 2003 Cogent peering disputes • 2003 Northeast US blackout - Plan for vulnerabilities (threats may be predictable) • 2005 7/7 terrorist attacks • 2005 Hurricane Katrina - Redundancy without diversity is not resilient • 2006 Hengchun earthquake • 2008 Pakistan YouTube hijack • 2008 Mideast submarine cable cuts European Network • 2009 H1N1 influenza pandemic and Information Security Agency • 2010 Stuxnet worm attack www.enisa.europa.eu A crucial issue identified by ENISA is the lack of a standardised framework, even for the most basic resilience measurements. There are not many frameworks, none of them globally accepted. InfoLab21 InfoLab21 4

  5. ResiliNets project (Kansas, Lancaster): to establish a strategy for network resilience First, investigated the relationship between resilience and other previously-researched areas: • Disciplines related to tolerance of faults and challenges – Fault Tolerance – Survivability – Disruption Tolerance – Traffic Tolerance • Trustworthiness disciplines with quantifiable properties – Dependability – Security – Performability InfoLab21 InfoLab21 5

  6. ResiliNets “formula” and strategy “D 2 R 2 +DR” à Resilience Real-time Control Loop D efend D etect R emediate R ecover System Enhancement D iagnose R efine InfoLab21 InfoLab21 6

  7. Resilience cube model InfoLab21 InfoLab21 7

  8. The ResumeNet project (2008-2011): to evaluate the D 2 R 2 +DR resilience strategy ETH Zürich (ETHZ) – coordinator Switzerland Lancaster University (ULanc)* United Kingdom Technical University Münich (TUM) Germany France Telecom (FT) France NEC Europe Ltd (NEC) United Kingdom Universität Passau (UP) Germany Technical University Delft (TUDelft) Netherlands Uppsala Universitet (UU) Sweden Université de Liège (ULg) Belgium * Also: the Universities of Kansas (USA) and Sydney (Australia) InfoLab21 InfoLab21 8

  9. Approach: three conceptual levels • Framework – Architecture The ResumeNet framework was experimentally evaluated in Future Internet scenarios: wireless – Information flow mesh networks; cloud-based networks; a multimedia service provisioning context; and an – Metrics Internet of Things environment – Challenge classification • Mechanisms and algorithms – Network resilience (redundancy, diversity in routing, transport, incentives for collaboration, challenge detection) – Service resilience (overlays/P2P, virtualization, challenge detection, machine learning) • Validation by experimentation in testbeds and with simulation – {network, service, challenge, resilience mechanism} – Realistic models, traffic and system behavior traces InfoLab21 InfoLab21 9

  10. De-constructing D 2 R 2 +DR (1) • Defend: static, and dynamic Marcus Schoeller et al, “Assessing Risk for Network Resilience” (RNDM 2011) • Initially: – System analysis – Risk assessment – Prioritise the assets – Build defensive walls – E.g. redundant links, nodes • Runtime: – Make adjustments as appropriate – E.g. adjust firewall rules, resources InfoLab21 InfoLab21 10

  11. De-constructing D 2 R 2 +DR (2) • Detect A Knowledge Plane for the Internet • Implies a monitoring system David D. Clark et al, SIGCOMM’03 “To learn about and alter its environment, the – Instrument the network! knowledge plane must access, and manage, what the cognitive community calls sensors and – cf. the Knowledge Plane? actuators. Sensors are entities that produce observations. Actuators are entities that change – Aim to observe normal behaviour behavior (e.g., change routing tables or bring links up or down). So, for instance, a knowledge – Then look for anomalies / intrusions application that sought to operate a network according to certain policies might use sensors to • Employ suitable ADTs / IDSs collect observations on the network, use assertions to determine if the network’s behavior complies with policy, and, if necessary, use – Classify the detected anomalies actuators to change the network’s behavior.” – Attempt a root cause analysis? Fig. 5: Entropy changes with the Slammer Worm From: “PReSET: A Toolset for the Evaluation of Network Resilience Strategies”, by Alberto Schaeffer-Filho et al (IM 2013) InfoLab21 InfoLab21 11

  12. De-constructing D 2 R 2 +DR (3) Alberto Schaeffer-Filho et al, “Policy-based • Remediate DDoS remediation” [see also DRCN 2011] – Rely on symptoms, or root cause – Typically use traffic engineering – Get as much context as possible ① Attack starts Rate limit only the attack flow ④ Rate limit the entire link ② Attack flows successfully classified ⑤ Rate limit all traffic towards the victim • Recover ③ – Get back to normal behaviour if Azman Ali et al, “Evolving Classifier utilizing eClass0 and eCluster (ALS algorithms)” possible – Use policies for high-level guidance • Diagnose & Refine – Learning phase – Human in the loop InfoLab21 InfoLab21 12

  13. Resilience as a network metric • We need to know how to specify resilience and how to measure it – Resilience classes: i.e. the science and the engineering Operational State Resilience class = • For computer networks, we should (challenge tolerance, Normal Partially Severely Operation Degraded Degraded trustworthiness) specify and measure resilience at Gold (Au) Unacceptable – normal operation the topology and the service levels ensures Cu Sn acceptable service • Topology resilience: typically, Silver (Ag) Service Parameters – only partial structural diversity degradation Impaired Ag ensures at most impaired • Service resilience: for example, a service Bronze (CuSn) combination of availability and Acceptable – no assurance of Au reliability service • Overall R [0,1]: a combination of individual metrics, maybe simplified as a set of ‘resilience classes’ InfoLab21 InfoLab21 13

  14. ResumeNet architectural model: D 2 R 2 Note: Centralized view of a complex distributed system InfoLab21 InfoLab21 14

  15. System enhancement: +DR • Outer feedback loop • long-term, slow reaction • Driven by politics or market forces InfoLab21 InfoLab21 15 • humans in the loop : re-design, policy change

  16. System implementation view Idealized system operation + Refine - + (Human) Off-line Loop: DR Defence Design & Mechanisms Policies Real-time Loop: D 2 R 2 Challenges Service provided Network & Resilience to Services Target users Resilience Resilience Estimator Manager Resilience Mechanisms Resilience Challenge Knowledge Analysis Diagnose InfoLab21 InfoLab21 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Community Resilience and Engagement Strategy What is the strategy? Public facing document

Community Resilience and Engagement Strategy What is the strategy? Public facing document

Community Resilience and Engagement Strategy What is the strategy? Public facing document Aim is to improve community resilience to emergencies Outlines how the team plans to develop community resilience Explains

248 views • 9 slides
Outline Node vs. edge percolation Resilience of randomly vs. preferentially grown

Outline Node vs. edge percolation Resilience of randomly vs. preferentially grown

SNA 8: network resilience Lada Adamic Outline Node vs. edge percolation Resilience of randomly vs. preferentially grown networks Resilience in real-world networks network resilience Q: If a given fraction of nodes or

913 views • 35 slides
Learning network Three Resilience, Transformational Personal Branding and Progressing Career

Learning network Three Resilience, Transformational Personal Branding and Progressing Career

Learning network Three Resilience, Transformational Personal Branding and Progressing Career Pathways Thursday 13 February 2020 Moving up BAME leadership programme The Skills for Care welcomes you to: Learning Network 3 Resilience,

1.02k views • 76 slides
The Future Borough Strategy Putting community resilience at its heart Thinking about the way

The Future Borough Strategy Putting community resilience at its heart Thinking about the way

The Future Borough Strategy Putting community resilience at its heart Thinking about the way forward Recap of Strategy Background Created in 2010/11 Set of goals, ambitions and actions Owned and led by LSP Long term vision 10

571 views • 21 slides
Great East Japan Earthquake and research and development for network resilience and recovery 23

Great East Japan Earthquake and research and development for network resilience and recovery 23

WTSA-12 Side Events on Disaster Relief Systems, Network Resilience and Recovery Great East Japan Earthquake and research and development for network resilience and recovery 23 November 2012 Noriyuki Araki Chairman FG-DR&NRR NTT, Japan 0

400 views • 35 slides
The Concept of Resilience Developing Supports to Build Resilience Julia ten Hove What is

The Concept of Resilience Developing Supports to Build Resilience Julia ten Hove What is

The Concept of Resilience Developing Supports to Build Resilience Julia ten Hove What is Resilience? A network of resources, patterns of adaptation and supportive relationships A dynamic concept or state that is promoted and enhanced

391 views • 17 slides
Understanding risk for network resilience Paul Smith, Marcus Schoeller (NEC), and David Hutchison

Understanding risk for network resilience Paul Smith, Marcus Schoeller (NEC), and David Hutchison

Understanding risk for network resilience Paul Smith, Marcus Schoeller (NEC), and David Hutchison p.smith@comp.lancs.ac.uk Multi-service Networks July 2009 What is network resilience? The ability of a networked system to provide an

239 views • 9 slides
Evaluating the Trade-off between Resilience Design Alternatives in a Virtual Network Environment

Evaluating the Trade-off between Resilience Design Alternatives in a Virtual Network Environment

Network Architectures and Services, Georg Carle Faculty of Informatics Technische Universitt Mnchen, Germany Evaluating the Trade-off between Resilience Design Alternatives in a Virtual Network Environment under Different Network

428 views • 25 slides
Network Reliability and Resilience Mark S. Daskin Dept. of IE/MS Northwestern University

Network Reliability and Resilience Mark S. Daskin Dept. of IE/MS Northwestern University

Network Reliability and Resilience Mark S. Daskin Dept. of IE/MS Northwestern University Reliability and Resilience Reliability Resilience Low probability of Consequences of failure failure are designed to be small

155 views • 15 slides
How They Inform Resilience Building Deborah Deatrick, MPH Maine Resilience Building Network

How They Inform Resilience Building Deborah Deatrick, MPH Maine Resilience Building Network

Social Determinants of Health and Equity: How They Inform Resilience Building Deborah Deatrick, MPH Maine Resilience Building Network October 31, 2019 Objectives 1. Define social determinants of health, health disparities, health inequities,

810 views • 38 slides
resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the

resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the

How to improve our resilience Professor Kate Thomas c.p.thomas@bham.ac.uk What is resilience? Resilience is the process of adapting well in the face of adversity, trauma, tragedy, threats or significant sources of stress Resilience is

287 views • 9 slides
Chris Williams Agenda Advice Strategy Building Societys Financial Resilience Our

Chris Williams Agenda Advice Strategy Building Societys Financial Resilience Our

Technology Supporting Advice Chris Williams Agenda Advice Strategy Building Societys Financial Resilience Our journey so far 2 Advice Strategy Building Society KEY DRIVER / TREND IMPLICATIONS OPPORTUNITY 1 in 6 people are

150 views • 14 slides
NETWORK DEFENCE STRATEGY EVALUATION: SIMULATION VS. LIVE NETWORK Tuesday 9 th May, 2017 Jana

NETWORK DEFENCE STRATEGY EVALUATION: SIMULATION VS. LIVE NETWORK Tuesday 9 th May, 2017 Jana

NETWORK DEFENCE STRATEGY EVALUATION: SIMULATION VS. LIVE NETWORK Tuesday 9 th May, 2017 Jana Medkov Martin Husk, Martin Draar Introduction optimal strategy to defend network infrastructure no standard for benchmarking Network Defence

574 views • 18 slides
ReSIST ReSIST Resilience for Survivability in IST A European Network of Excellence Second Open

ReSIST ReSIST Resilience for Survivability in IST A European Network of Excellence Second Open

ReSIST ReSIST Resilience for Survivability in IST A European Network of Excellence Second Open Workshop 1 ReSIST ReSIST Resilience for Survivability in IST A European Network of Excellence Rationale Resilience: definition and

565 views • 8 slides
National Disaster Resilience Strategy: Approval and Presentation to the House Proposal 1. This

National Disaster Resilience Strategy: Approval and Presentation to the House Proposal 1. This

In Confidence Office of the Minister of Civil Defence Chair, Cabinet Economic Development Committee National Disaster Resilience Strategy: Approval and Presentation to the House Proposal 1. This paper seeks approval for the attached National

105 views • 7 slides
Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland Learning & Skills

Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland Learning & Skills

Safe, Secure and Prosperous: A Cyber Resilience Strategy for Scotland Learning & Skills Daniel Sellers Strategic Them es Leadership and Partnership Working Awareness Raising and Communication Education, Skills and Professional Developm

317 views • 18 slides
Qualification of Alloys for Structural Applications in Fluoride High Temperature Reactor (FHR)

Qualification of Alloys for Structural Applications in Fluoride High Temperature Reactor (FHR)

Qualification of Alloys for Structural Applications in Fluoride High Temperature Reactor (FHR) Preet M. Singh, Kevin J. Chan School of Materials Science and Engineering Georgia Institute of Technology Molten Salt Reactor (MSR) Workshop, Oak

297 views • 27 slides
BOARD OF COMMISSIONERS 7/20/2015 304 E. Grand River, Board Chambers, Howell, MI 48843 7:30 PM

BOARD OF COMMISSIONERS 7/20/2015 304 E. Grand River, Board Chambers, Howell, MI 48843 7:30 PM

"The mission of Livingston County is to be an effective and efficient steward in delivering quality services within the constraints of sound fiscal policy. Our priority is to provide mandated services which may be enhanced and supplemented to

863 views • 52 slides
Earnings Presentation July 29, 2016 Agenda Strategic Review Edward Tilly Chief Executive

Earnings Presentation July 29, 2016 Agenda Strategic Review Edward Tilly Chief Executive

Second Quarter 2016 Earnings Presentation July 29, 2016 Agenda Strategic Review Edward Tilly Chief Executive Officer Financial Review Alan Dean Executive Vice President, CFO and Treasurer Questions and Answers Edward Tilly Alan Dean

539 views • 41 slides
NRIC VI FG4 Broadband Report for December 5th 2003 Network Reliability and Interoperability

NRIC VI FG4 Broadband Report for December 5th 2003 Network Reliability and Interoperability

NRIC VI FG4 Broadband Report for December 5th 2003 Network Reliability and Interoperability Council FG4 Participation Network Reliability and Interoperability Council b Mission Statement Network Reliability and Interoperability Council

824 views • 49 slides
Network Slices for Vertical Industries The First Workshop on Control and C. Casetti, C. F.

Network Slices for Vertical Industries The First Workshop on Control and C. Casetti, C. F.

Network Slices for Vertical Industries The First Workshop on Control and C. Casetti, C. F. Chiasserini, Management of Vertical Slicing Including the Thomas omas Dei i, P. A. Frangoudis, Edge and Fog Systems (COMPASS) A. Ksentini, G.

314 views • 15 slides
tts r trs Ptrs t

tts r trs Ptrs t

trt tts r trs r r t r tts r trs

815 views • 45 slides
Reasoning about the Security of Open Architecture Software Systems Walt Scacchi and Thomas

Reasoning about the Security of Open Architecture Software Systems Walt Scacchi and Thomas

Reasoning about the Security of Open Architecture Software Systems Walt Scacchi and Thomas Alspaugh Institute for Software Research University of California, Irvine Irvine, CA 92697-3455 USA 14 December 2012 1 Overview Cyber security

887 views • 46 slides
Multipath Interference Characterization in Wireless Communication Systems Michael Rice BYU

Multipath Interference Characterization in Wireless Communication Systems Michael Rice BYU

Multipath Interference Characterization in Wireless Communication Systems Michael Rice BYU Wireless Communications Lab 9/29/00 BYU Wireless Communications 1 166 Multipath Propagation Multiple paths between transmitter and receiver

531 views • 31 slides

More recommend