l subramanian v roth i stoica s shenker r h katz
play

L. Subramanian, V. Roth, I. Stoica, S. Shenker, R. H. Katz - PowerPoint PPT Presentation

May 30, 2023 •209 likes •392 views

L. Subramanian, V. Roth, I. Stoica, S. Shenker, R. H. Katz Presented by Ashish Vulimiri Focus on invalid routes Invalid routes in the control plane Invalid routes in the data plane Solution: both control and data plane verification

  1. L. Subramanian, V. Roth, I. Stoica, S. Shenker, R. H. Katz Presented by Ashish Vulimiri

  2. Focus on invalid routes  Invalid routes in the control plane  Invalid routes in the data plane Solution: both control and data plane verification

  3. Requirement: Path Verification Actual Guarantee: If an AS receives at least one valid path to AS A, receipt of an invalid path to A will trigger an alarm

  4. Is this a good property to provide?

  5. Loop Verification  Suppose two paths received, A and B  Build loop out of these paths  Source-route along loop (in both directions)

  6. Hash Schemes  When D receives path CBA from C • Signature received: S = h(B, h(A, h(z))) • D computes h(C, S) before sending onwards  Authors suggest two schemes for computing and using these hashes

  7. Secondary Requirement: If an AS sends out “too many” invalid paths, it will be identified Actual Mechanism: Count how many times AS is in a problem-path

  8. ?

  9. Requirement: Check if data plane path matches control plane path Actual Guarantee: Check if data plane path reaches destination

  10. Can you do anything better with end-to-end feedback?

  11.  Mechanism: passive probing • Why?  Raise alert if too many (N) unsuccessful TCP connection attempts in time T  T proportional to popularity of destination • Popularity measured by MTBA

  12.  False negatives • Suggest values for N based on experimental results  False positives • Drop packets on m paths • Observe these m and an additional n • Expected: retransmissions on m, none on n • If not, raise alert

  13.  What they list as potential misbehaviour: • End-hosts collude with adversary, generate fake valid TCP connections • Port scanners: false positives  What else could happen?

  14.  Authors do not assume malicious attempts to game Listen/Whisper  Independent adversaries: if 1000 largest ASes deploy L/W, then in worst-case • 8% of all nodes affected w/o penalties • 1% with penalties

  15.  Colluding adversaries

  16.  Path verification in the control plane  Reachability analysis in the data plane  They remove existing vulnerabilities  … and then add their own  Still, could be a net improvement

  17. Questions?

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pathlet Routing Brighten Godfrey Scott Shenker Ion Stoica {pbg,shenker,istoica}@cs.berkeley.edu

Pathlet Routing Brighten Godfrey Scott Shenker Ion Stoica {pbg,shenker,istoica}@cs.berkeley.edu

Pathlet Routing Brighten Godfrey Scott Shenker Ion Stoica {pbg,shenker,istoica}@cs.berkeley.edu UC Berkeley Hotnets 2008 multipath internet routing good for everyone! reliability source observes directly, reacts quickly path quality

552 views • 20 slides
Towards a Next- Generation Inter-domain Routing Protocol L. Subramanian, M. Caesar, C.T. Ee, M.

Towards a Next- Generation Inter-domain Routing Protocol L. Subramanian, M. Caesar, C.T. Ee, M.

Towards a Next- Generation Inter-domain Routing Protocol L. Subramanian, M. Caesar, C.T. Ee, M. Handley , Z. Mao, S. Shenker, and I. Stoica Routing 1999 Internet Map Coloured by ISP Source: Bill Cheswick, Lumeta AS-level Topology 2003

946 views • 37 slides
One More Bit Is Enough One More Bit Is Enough Yong Xia, RPI Lakshmi Subramanian, UCB

One More Bit Is Enough One More Bit Is Enough Yong Xia, RPI Lakshmi Subramanian, UCB

One More Bit Is Enough One More Bit Is Enough Yong Xia, RPI Lakshmi Subramanian, UCB Ion Stoica, UCB Shiv Kalyanaraman, RPI SIGCOMM 05 , Philadelphia, PA 08 / 23 / 2005 Motivation #1: TCPdoesnt work well in high b/w or delay

540 views • 32 slides
Minimizing Churn in Distributed Systems Brighten Godfrey Scott Shenker Ion Stoica SIGCOMM 2006

Minimizing Churn in Distributed Systems Brighten Godfrey Scott Shenker Ion Stoica SIGCOMM 2006

Minimizing Churn in Distributed Systems Brighten Godfrey Scott Shenker Ion Stoica SIGCOMM 2006 1 introduction Churn: an important factor for most distributed systems Turnover causes dropped requests, increased bandwidth, ... Would like to

631 views • 31 slides
Pathlet Routing P. Brighten Godfrey pbg@illinois.edu Igor Ganichev, Scott Shenker, and Ion

Pathlet Routing P. Brighten Godfrey pbg@illinois.edu Igor Ganichev, Scott Shenker, and Ion

Pathlet Routing P. Brighten Godfrey pbg@illinois.edu Igor Ganichev, Scott Shenker, and Ion Stoica {igor,shenker,istoica}@cs.berkeley.edu SIGCOMM 2009 Internet routing challenges Multipath reliability path quality Scalability Policy

973 views • 73 slides
Pathlet Routing P. Brighten Godfrey, Igor Ganichev, Scott Shenker, and Ion Stoica

Pathlet Routing P. Brighten Godfrey, Igor Ganichev, Scott Shenker, and Ion Stoica

Pathlet Routing P. Brighten Godfrey, Igor Ganichev, Scott Shenker, and Ion Stoica & $'

721 views • 40 slides
THE DATACENTER NEEDS AN OPERATING SYSTEM MATEI ZAHARIA, BENJAMIN HINDMAN, ANDY KONWINSKI, ALI

THE DATACENTER NEEDS AN OPERATING SYSTEM MATEI ZAHARIA, BENJAMIN HINDMAN, ANDY KONWINSKI, ALI

THE DATACENTER NEEDS AN OPERATING SYSTEM MATEI ZAHARIA, BENJAMIN HINDMAN, ANDY KONWINSKI, ALI GHODSI, ANTHONY JOSEPH, RANDY KATZ, SCOTT SHENKER, ION STOICA UC BERKELEY THE DATACENTER IS THE NEW COMPUTER Running todays most popular

182 views • 14 slides
Mesos: A Platform for Fine-Grained Resource Sharing in the Data Center Benjamin Hindman, Andy

Mesos: A Platform for Fine-Grained Resource Sharing in the Data Center Benjamin Hindman, Andy

Mesos: A Platform for Fine-Grained Resource Sharing in the Data Center Benjamin Hindman, Andy Konwinski, Matei Zaharia, Ali Ghodsi, Anthony D. Joseph, Randy Katz, Scott Shenker, Ion Stoica University of California, Berkeley Thomas Marshall

397 views • 5 slides
Pathlet Routing P. Brighten Godfrey pbg@illinois.edu Igor Ganichev, Scott Shenker, and Ion

Pathlet Routing P. Brighten Godfrey pbg@illinois.edu Igor Ganichev, Scott Shenker, and Ion

Pathlet Routing P. Brighten Godfrey pbg@illinois.edu Igor Ganichev, Scott Shenker, and Ion Stoica {igor,shenker,istoica}@cs.berkeley.edu SIGCOMM 2009 1 Design for variation Design for variation in outcome, so that the outcome can be

646 views • 23 slides
QoS Services with Dynamic Packet State Ion Stoica Carnegie Mellon University (joint work with

QoS Services with Dynamic Packet State Ion Stoica Carnegie Mellon University (joint work with

QoS Services with Dynamic Packet State Ion Stoica Carnegie Mellon University (joint work with Hui Zhang and Scott Shenker) Todays Internet Service: best-effort datagram delivery Architecture: stateless routers excepting

485 views • 33 slides
"A proof is whatever convinces me.", Shimon Even. G ROTH -S AHAI P ROOFS R EVISITED 1 /

"A proof is whatever convinces me.", Shimon Even. G ROTH -S AHAI P ROOFS R EVISITED 1 /

N ON -I NTERACTIVE P ROOF S YSTEMS G ROTH -S AHAI P ROOFS C ORRECTED G ROTH -S AHAI NIWI P ROOFS G ROTH -S AHAI P ROOFS IN T YP G ROTH -S AHAI P ROOFS R EVISITED E. Ghadafi N.P. Smart B. Warinschi Department of Computer Science, University of

613 views • 29 slides
D Dominant Resource Fairness (DRF) i t R F i (DRF) Fair Allocation of Multiple Resource Types

D Dominant Resource Fairness (DRF) i t R F i (DRF) Fair Allocation of Multiple Resource Types

D Dominant Resource Fairness (DRF) i t R F i (DRF) Fair Allocation of Multiple Resource Types Ali Ghodsi , Matei Zaharia Benjamin Hindman, Andy Konwinski, B j i Hi d A d K i ki Scott Shenker, Ion Stoica University of California, Berkeley

781 views • 51 slides
End-to-End Arguments and Design Philosophy ECE/CS598HPN Instructor: Radhika Mittal

End-to-End Arguments and Design Philosophy ECE/CS598HPN Instructor: Radhika Mittal

End-to-End Arguments and Design Philosophy ECE/CS598HPN Instructor: Radhika Mittal Acknowledgement: Presentation contents derived from Ion Stoica and Scott Shenker at UC Berkeley End-to-End Arguments in System Design J.H. Saltzer, D.P.

818 views • 26 slides
A Layered Naming Architecture Michael Walfish MIT Computer Science and Artificial Intelligence

A Layered Naming Architecture Michael Walfish MIT Computer Science and Artificial Intelligence

A Layered Naming Architecture Michael Walfish MIT Computer Science and Artificial Intelligence Lab Joint work with: H. Balakrishnan, M. Krohn, K. Lakshminarayanan, S. Ratnasamy, S. Shenker, I. Stoica, J. Stribling IRTF HIP RG 6 August 2004

728 views • 10 slides
Resilient Distributed Datasets: A Fault-Tolerant Abstraction for In-Memory Cluster Computing M.

Resilient Distributed Datasets: A Fault-Tolerant Abstraction for In-Memory Cluster Computing M.

Resilient Distributed Datasets: A Fault-Tolerant Abstraction for In-Memory Cluster Computing M. Zaharia, M. Chowdhury, T. Das, A. Dave, J. Ma, M. McCauley, M.J. Franklin, S. Shenker, I. Stoica Computer Laboratory Principal Motivation

628 views • 15 slides
Software Sustainability and Software Citation Daniel S. Katz (d.katz@ieee.org,

Software Sustainability and Software Citation Daniel S. Katz (d.katz@ieee.org,

Software Sustainability and Software Citation Daniel S. Katz (d.katz@ieee.org, http://danielskatz.org, @danielskatz) Assistant Director for Scientific Software & Applications Research Associate Professor, CS, ECE, iSchool What is

403 views • 28 slides
De Decisions cisions Computer ter Sc Science ce cpsc3 c322 22, , Lectur ture e 33 (Te

De Decisions cisions Computer ter Sc Science ce cpsc3 c322 22, , Lectur ture e 33 (Te

De Decision cision Th Theo eory: ry: Singl ngle e Sta tage ge De Decisions cisions Computer ter Sc Science ce cpsc3 c322 22, , Lectur ture e 33 (Te Text xtbo book ok Chpt 9.2) No Nov 26, 2012 Lecture cture Ov Overview

591 views • 26 slides
Introduc)on*to*Databases 1 Rela%onal(Databases(with(PostgreSQL

Introduc)on*to*Databases 1 Rela%onal(Databases(with(PostgreSQL

Introduc)on*to*Databases 1 Rela%onal(Databases(with(PostgreSQL Databases(have(tables(to(classify(data Collec3ons(have: rows :(data(defining(an(en3re(rectod,(e.g.(a(user columns

862 views • 25 slides
INFO 4300 / CS4300 Information Retrieval slides adapted from Hinrich Sch utzes, linked from

INFO 4300 / CS4300 Information Retrieval slides adapted from Hinrich Sch utzes, linked from

INFO 4300 / CS4300 Information Retrieval slides adapted from Hinrich Sch utzes, linked from http://informationretrieval.org/ IR 24/26: Text Classification and Naive Bayes Paul Ginsparg Cornell University, Ithaca, NY 24 Nov 2009 1 / 44

774 views • 44 slides
Tackling Real-Life Relaxed Concurrency with FSL++ Marko Doko Viktor Vafeiadis Max Planck

Tackling Real-Life Relaxed Concurrency with FSL++ Marko Doko Viktor Vafeiadis Max Planck

Tackling Real-Life Relaxed Concurrency with FSL++ Marko Doko Viktor Vafeiadis Max Planck Institute for Software Systems (MPI-SWS) ESOP 2017-04-26 Weak memory memory models weaker than sequential consistency (SC) gives us better performance

787 views • 58 slides
Magellan: Automatic SDN Pipelining from Algorithmic Policies Presenter: Qiao Xiang Work by S.

Magellan: Automatic SDN Pipelining from Algorithmic Policies Presenter: Qiao Xiang Work by S.

Magellan: Automatic SDN Pipelining from Algorithmic Policies Presenter: Qiao Xiang Work by S. Chen, A. Voellmy, T. Wang, R. Yang* Systems Networking Lab (SNLab) June 3, 2016 Authors are ordered alphabetically. NSF DIMACS Workshop on SDN

685 views • 37 slides
PROGR OGRAMMING NG IN N HA HASKE KELL LL Chapter 3 - Types and Classes 0 What is a Type?

PROGR OGRAMMING NG IN N HA HASKE KELL LL Chapter 3 - Types and Classes 0 What is a Type?

PROGR OGRAMMING NG IN N HA HASKE KELL LL Chapter 3 - Types and Classes 0 What is a Type? A type is a name for a collection of related values. For example, in Haskell the basic type Bool contains the two logical values: False True 1

1.56k views • 27 slides
Higher-Order Functions Original slides by Koen Lindstrm Claessen What is a Higher Order

Higher-Order Functions Original slides by Koen Lindstrm Claessen What is a Higher Order

Higher-Order Functions Original slides by Koen Lindstrm Claessen What is a Higher Order Function? A function which takes another function as a argument, and/or returns a function even :: Int -> Bool even n = n`mod` 2 == 0 Examples

817 views • 53 slides
Where are we? Informatics 2D Reasoning and Agents Semester 2, 20192020 Last time . . .

Where are we? Informatics 2D Reasoning and Agents Semester 2, 20192020 Last time . . .

Introduction Introduction Direct sampling methods Direct sampling methods Inference by Markov chain simulation Inference by Markov chain simulation Summary Summary Where are we? Informatics 2D Reasoning and Agents Semester 2,

315 views • 5 slides

More recommend