off by default
play

Off by Default! Hitesh Ballani, Yatin Chawathe, Sylvia Ratnasamy, - PowerPoint PPT Presentation

Mar 08, 2023 •133 likes •767 views

Off by Default! Hitesh Ballani, Yatin Chawathe, Sylvia Ratnasamy, Timothy Roscoe, Scott Shenker HotNets-IV, 2005 Internet, then and now Internet, circa 1975 Trust in the ends Universal reachability Routability implies reachability

  1. Off by Default! Hitesh Ballani, Yatin Chawathe, Sylvia Ratnasamy, Timothy Roscoe, Scott Shenker HotNets-IV, 2005

  2. Internet, then and now Internet, circa 1975 ◮ Trust in the ends ⇒ Universal reachability ◮ Routability implies reachability ◮ “On” by default Internet, circa 2005 ◮ Less trust in the ends ◮ every host is vulnerable to any other host(s) ◮ Firewalls/NATs ◮ end-hosts are “Off”, the network is not ◮ ad-hoc and not universal

  3. Off by default!

  4. Turn it “Off” Reachability is “Off” by default ◮ Hosts turn “On” by explicitly telling the network

  5. Turn it “Off” Reachability is “Off” by default ◮ Hosts turn “On” by explicitly telling the network Issues ◮ What are the advantages? ◮ What are the assumptions? ◮ What are the incentives? ◮ . . .

  6. Is it even worth a thought? Design a Default-Off network Evaluate its feasibility

  7. Default-Off design Stub Network Def-Off Internet End-hosts are unreachable by defaultg g

  8. Default-Off design want to be reachable Stub Network Def-Off Internet End-hosts signal their intent to turn “On” g g

  9. Default-Off design Reachability protocol Stub Network Def-Off Internet g Reachability protocol propagates this intent into the network as Reachability Advertisements g

  10. Default-Off design Reachability protocol Stub Network Def-Off Internet Na¨ ıve Approach (not feasible) Routers maintain exact reachability state for all hosts Instantaneous propagation of advertisements

  11. Default-Off design Reachability protocol Stub Network Def-Off Internet Challenges Router State Reachability dynamics

  12. Reachability Protocol Reachability overlaid on Routing ◮ Inherit routing trust relationships ◮ Reachability events � Route recalculation

  13. Reachability Protocol Reachability overlaid on Routing ◮ Inherit routing trust relationships ◮ Reachability events � Route recalculation Routing protocol Stub Network Def-Off Internet

  14. Reachability Protocol Reachability overlaid on Routing ◮ Inherit routing trust relationships ◮ Reachability events � Route recalculation Routing protocol Reachability protocol Stub Network Def-Off Internet

  15. Reachability Protocol Reachability overlaid on Routing ◮ Inherit routing trust relationships ◮ Reachability events � Route recalculation Routing protocol Reachability protocol Stub Network Def-Off Internet Periodic reachability exchanges between domains ◮ Load due to dynamics Vs Turn-“On” time

  16. Reachability Advertisements Flexibility : allow for evolution

  17. Reachability Advertisements Flexibility : allow for evolution Who? What? When? How much?

  18. Reachability Advertisements Flexibility : allow for evolution Who? What? When? How much? Reachability Advertisement [ prefix, length,RC ... ,scope ]

  19. Reachability Advertisements Flexibility : allow for evolution Who? What? When? How much? Reachability Advertisement [ prefix, length,RC ... ,scope ] The host whose reachability this advertisement describes

  20. Reachability Advertisements Flexibility : allow for evolution Who? What? When? How much? Reachability Advertisement [ prefix, length,RC ... ,scope ] list of constraints, for eg. 1. on to all [ Dst IP, Dst Port, Proto ] 2. on to one [ Dst IP, Dst Port, Proto, Src IP ]

  21. Reachability Advertisements Flexibility : allow for evolution Who? What? When? How much? Reachability Advertisement [ prefix, length,RC ... ,scope ] Avoids needless propagation of state For eg. Limit advertisement in terms of AS Hops, Set of AS’es, ....

  22. Router State : “Off” hosts “Off” hosts do not incur state

  23. Router State : “Off” hosts “Off” hosts do not incur state ◮ Clients are “Off” [Handley FDNA’04] ◮ “Off” hosts accessed using path-based addresses (address gives path back to the “Off” host)

  24. Router State : “Off” hosts “Off” hosts do not incur state ◮ Clients are “Off” [Handley FDNA’04] ◮ “Off” hosts accessed using path-based addresses (address gives path back to the “Off” host) A|B Q S P Server/Peer B R Client A g(“Off” host A wants to communicate with “On” host B (A | B)(

  25. Router State : “Off” hosts “Off” hosts do not incur state ◮ Clients are “Off” [Handley FDNA’04] ◮ “Off” hosts accessed using path-based addresses (address gives path back to the “Off” host) A|B PA|B Q S P Server/Peer B R Client A g(Host B is “On” so domain P forwards it; but also adds itself into the source (PA)g(

  26. Router State : “Off” hosts “Off” hosts do not incur state ◮ Clients are “Off” [Handley FDNA’04] ◮ “Off” hosts accessed using path-based addresses (address gives path back to the “Off” host) QPA|B A|B PA|B Q S P Server/Peer B R Client A g(At the egress of domain Q, Q is added to the source (QPA)g(

  27. Router State : “Off” hosts “Off” hosts do not incur state ◮ Clients are “Off” [Handley FDNA’04] ◮ “Off” hosts accessed using path-based addresses (address gives path back to the “Off” host) QPA|B RQPA|B A|B PA|B Q S P Server/Peer B R Client A g(Host B can use the path (RQPA) to get to “Off” host Ag(

  28. Router State : “Off” hosts “Off” hosts do not incur state ◮ Clients are “Off” [Handley FDNA’04] ◮ “Off” hosts accessed using path-based addresses (address gives path back to the “Off” host) QPA|B RQPA|B A|B PA|B Q S P Server/Peer B R Client A B|RQPA B|QPA B|RQPA B|PA g(Destination field is stripped off, source field accumulates the pathg(

  29. Router State : “Off” hosts “Off” hosts do not incur state ◮ Clients are “Off” [Handley FDNA’04] ◮ “Off” hosts accessed using path-based addresses (address gives path back to the “Off” host) QPA|B RQPA|B A|B PA|B Q S P Server/Peer B R Client A B|RQPA B|QPA B|RQPA B|PA g(Issues and advantages associated with path-based addresses(

  30. Router State : “On” hosts Routers don’t keep exact reachability state

  31. Router State : “On” hosts Routers don’t keep exact reachability state ◮ Aggregation according to router memory RA1 RA2 [ prefix, length,RC ... ,scope ] [ prefix, length,RC ... ,scope ] classic prefix Union aggregation Aggregated Advertisement [ prefix, length,RC ... ,scope ]

  32. Router State : “On” hosts Routers don’t keep exact reachability state ◮ Aggregation according to router memory ◮ Introduces false-positives ◮ Default-Off offers best-effort protection to “Off” hosts Increasing Protection Increasing Aggregation

  33. How effective is Default-Off at limiting unwanted traffic?

  34. Feasibility : Router State Simulated Default-Off operation ◮ AS-level internet topology [Subramanian ’05] ◮ 200,000 routable prefixes [Route-Views ’05] Parameters of interest ◮ H - hosts per prefix that are “On” ◮ T - amount of router memory available

  35. Feasibility : Router State Simulated Default-Off operation ◮ AS-level internet topology [Subramanian ’05] ◮ 200,000 routable prefixes [Route-Views ’05] Parameters of interest ◮ H - hosts per prefix that are “On” ◮ T - amount of router memory available ISP C ISP B Stub A hosts x "on" ISP D

  36. Feasibility : Router State Simulated Default-Off operation ◮ AS-level internet topology [Subramanian ’05] ◮ 200,000 routable prefixes [Route-Views ’05] Parameters of interest ◮ H - hosts per prefix that are “On” ◮ T - amount of router memory available Reachability Advertisements (thickness is amount of state) ISP C ISP B Stub A hosts x "on" ISP D

  37. Feasibility : Router State Simulated Default-Off operation ◮ AS-level internet topology [Subramanian ’05] ◮ 200,000 routable prefixes [Route-Views ’05] Parameters of interest ◮ H - hosts per prefix that are “On” ◮ T - amount of router memory available Packet for "off" host ISP C ISP B Stub A hosts x "on" ISP D

  38. Feasibility : Router State Simulated Default-Off operation ◮ AS-level internet topology [Subramanian ’05] ◮ 200,000 routable prefixes [Route-Views ’05] Parameters of interest ◮ H - hosts per prefix that are “On” ◮ T - amount of router memory available Packet for Blocked 2 AS hops "off" host X from DST ISP C ISP B Stub A hosts x "on" ISP D

  39. Feasibility : Router State Simulated Default-Off operation ◮ AS-level internet topology [Subramanian ’05] ◮ 200,000 routable prefixes [Route-Views ’05] Parameters of interest ◮ H - hosts per prefix that are “On” ◮ T - amount of router memory available Packet for "off" host Blocked 1 AS hop ISP C from DST X ISP B Stub A hosts x "on" ISP D

  40. Feasibility : Router State Simulated Default-Off operation ◮ AS-level internet topology [Subramanian ’05] ◮ 200,000 routable prefixes [Route-Views ’05] Parameters of interest ◮ H - hosts per prefix that are “On” ◮ T - amount of router memory available Packet for "off" host Blocked 0 AS hop ISP C from DST X ISP B Stub A hosts x "on" ISP D

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Credit Default Swaps Pamela Heijmans Matthew Hays Adoito Haroon Credit Default Swaps

Credit Default Swaps Pamela Heijmans Matthew Hays Adoito Haroon Credit Default Swaps

Credit Default Swaps Pamela Heijmans Matthew Hays Adoito Haroon Credit Default Swaps Definition A credit default swap (CDS) is a kind of insurance against credit risk Privately negotiated bilateral contract Reference Obligation,

1.11k views • 42 slides
Sovereign Debt and Default Costas Arkolakis Teaching fellow: Federico Esposito Economics 407,

Sovereign Debt and Default Costas Arkolakis Teaching fellow: Federico Esposito Economics 407,

Sovereign Debt and Default Costas Arkolakis Teaching fellow: Federico Esposito Economics 407, Yale February 2014 Outline Sovereign debt and default A brief history of default episodes A Simple Model of Default Managing Sovereign

682 views • 54 slides
Loss Given Default as a Function of the Default Rate Moody's Risk Practitioner Conference

Loss Given Default as a Function of the Default Rate Moody's Risk Practitioner Conference

Loss Given Default as a Function of the Default Rate Moody's Risk Practitioner Conference Chicago, October 17, 2012 Jon Frye Senior Economist Federal Reserve Bank of Chicago Any views expressed are the author's and do not necessarily

571 views • 31 slides
Debt and Default Costas Arkolakis teaching fellow: Federico Esposito Economics 407, Yale

Debt and Default Costas Arkolakis teaching fellow: Federico Esposito Economics 407, Yale

Debt and Default Costas Arkolakis teaching fellow: Federico Esposito Economics 407, Yale February 2014 Outline Sovereign debt and default A brief history of default episodes A Simple Model of Default Managing Sovereign Debt

775 views • 51 slides
Security By Default A Comparative Security Evaluation of Default Configurations Bernardus A.

Security By Default A Comparative Security Evaluation of Default Configurations Bernardus A.

Security By Default A Comparative Security Evaluation of Default Configurations Bernardus A. Jansen, BSc MSc System and Network Engineering Universiteit van Amsterdam July 3, 2018 B.A. Jansen, BSc (UvA) Security By Default July 3, 2018 1 /

286 views • 15 slides
ICTP_011_03142012 Page 1 of 6 ProductivI.T.y tip 82_(PowerPoint): Create a Default Presentation

ICTP_011_03142012 Page 1 of 6 ProductivI.T.y tip 82_(PowerPoint): Create a Default Presentation

ICTP_011_03142012 Page 1 of 6 ProductivI.T.y tip 82_(PowerPoint): Create a Default Presentation Template_03142012 Create a Default Presentation Template Before you start making any changes, you should make a copy of the original default

206 views • 6 slides
A Default Logic Patch for Default Logic { ECSQARU09 Verona, Italy July 1-3, 2009 }

A Default Logic Patch for Default Logic { ECSQARU09 Verona, Italy July 1-3, 2009 }

A Default Logic Patch for Default Logic { ECSQARU09 Verona, Italy July 1-3, 2009 } Ph. Besnard 1 egoire 2 E. Gr S. Ramon 2 1 IRIT CNRS UMR 5505 Toulouse, France 2 Universit e dArtois CRIL CNRS UMR 8188 Lens, France A

670 views • 47 slides
Corporate Yield Spreads: Default Risk or Liquidity? New Evidence from the Credit Default Swap

Corporate Yield Spreads: Default Risk or Liquidity? New Evidence from the Credit Default Swap

Corporate Yield Spreads: Default Risk or Liquidity? New Evidence from the Credit Default Swap Market Professor Francis Longstaff UCLA/Anderson School Introduction How are corporate bonds priced in the market? In theory, corporate

781 views • 28 slides
Hedging Default Risks of CDOs in Markovian Hedging Default Risks of CDOs in Markovian Contagion

Hedging Default Risks of CDOs in Markovian Hedging Default Risks of CDOs in Markovian Contagion

Hedging Default Risks of CDOs in Markovian Hedging Default Risks of CDOs in Markovian Contagion Models Contagion Models Second Princeton Credit Risk Conference 24 May 2008 Jean-Paul LAURENT ISFA Actuarial School, University of Lyon,

573 views • 44 slides
Product Presentation in PDF As we have been doing, start with a default slide and get rid of

Product Presentation in PDF As we have been doing, start with a default slide and get rid of

Product Presentation in PDF As we have been doing, start with a default slide and get rid of default items to make the slide blank. We are going to change the slide to a regular paper size (11 x 8.5 inches). Select File-Page Setup. Then change

71 views • 5 slides
Making Default Address Selection More Robust FoolProof

Making Default Address Selection More Robust FoolProof

Making Default Address Selection More Robust FoolProof draft-linkova-6man-default-addr-selection-update-00 Jen Linkova IETF99, Prague, July 2017 When Does a Host Stop Using an Address? Preferred lifetime expired An RA received

540 views • 14 slides
BACK TO THE FUTURE On the State of the Art in Default Reasoning Emil Weydert Individual and

BACK TO THE FUTURE On the State of the Art in Default Reasoning Emil Weydert Individual and

BACK TO THE FUTURE On the State of the Art in Default Reasoning Emil Weydert Individual and Collective Reasoning Group Lab for Intelligent and Adaptive Systems University of Luxembourg Dagstuhl 2015, May 26-29 What to expect On default

317 views • 12 slides
Structuring Default Provisions g in Commercial Loans Maximizing Borrower Protection and Lender

Structuring Default Provisions g in Commercial Loans Maximizing Borrower Protection and Lender

Presenting a live 90 minute webinar with interactive Q&A Structuring Default Provisions g in Commercial Loans Maximizing Borrower Protection and Lender Remedies Through Effective Event of Default Clauses TUES DAY, JUNE 7, 2011 1pm

888 views • 41 slides
current project Default File Location Transfer Project Standards BPs Model

current project Default File Location Transfer Project Standards BPs Model

Creating Templates from Set template as default current project Default File Location Transfer Project Standards BPs Model Management Setting up a Fabrication eTransmit Template Audit / Purge Review Warnings

119 views • 10 slides
Syndicated Loan Facilities With Lenders and Agents Facing Default presents presents Mi i

Syndicated Loan Facilities With Lenders and Agents Facing Default presents presents Mi i

Syndicated Loan Facilities With Lenders and Agents Facing Default presents presents Mi i Minimizing Risks for Co-Lenders and Borrowers Through i i Ri k f C L d d B Th h Credit Agreements and Post-Default Remedies A Live 90-Minute

889 views • 47 slides
Mehdi Azarmi Your default shell? (Bash or Tcsh) %echo $SHELL You may change your

Mehdi Azarmi Your default shell? (Bash or Tcsh) %echo $SHELL You may change your

Mehdi Azarmi Your default shell? (Bash or Tcsh) %echo $SHELL You may change your default shell %chsh USERNAME /bin/bash More in the CS help page http://www.cs.purdue.edu/resources/facilities/oracle/cs.sxhtml Note te :

92 views • 5 slides
The Enhanced Role of the U.S. Securities and Exchange Commission: An analysis of investigations

The Enhanced Role of the U.S. Securities and Exchange Commission: An analysis of investigations

Panel 2A The Enhanced Role of the U.S. Securities and Exchange Commission: An analysis of investigations in 2015, asset freezes, coordination with USCIS, notices to terminate Regional Centers, and other related issues John Tishler, Sheppard

412 views • 12 slides
MATH 12002 - CALCULUS I 2.3, 2.4, and 2.5: Computing Derivatives (Part 2) Professor

MATH 12002 - CALCULUS I 2.3, 2.4, and 2.5: Computing Derivatives (Part 2) Professor

MATH 12002 - CALCULUS I 2.3, 2.4, and 2.5: Computing Derivatives (Part 2) Professor Donald L. White Department of Mathematical Sciences Kent State University D.L. White (Kent State University) 1 / 12 Derivatives 10 f ( x ) = sin( x 2

328 views • 12 slides
FLEET: Flexible Efficient Ensemble Training for Heterogenous Deep Neural Networks Hui Guan,

FLEET: Flexible Efficient Ensemble Training for Heterogenous Deep Neural Networks Hui Guan,

FLEET: Flexible Efficient Ensemble Training for Heterogenous Deep Neural Networks Hui Guan, Laxmikant Kishor Mokadam, Xipeng Shen, Seung-Hwan Lim, Robert Patton 1 Build an image classifier? Deep Neural Network (DNN) CPU GPU Training

957 views • 41 slides
SEC Comments Summary 2013 Disclaimer The information conveyed in the following presentation

SEC Comments Summary 2013 Disclaimer The information conveyed in the following presentation

H o u s t o n D e n v e r C a l g a r y SEC Comments Summary 2013 Disclaimer The information conveyed in the following presentation represents informed opinions about certain laws, regulations and interpretations but should not be

591 views • 29 slides
Hierarchical Task Network (HTN) Planning Section 12.2 Sec. 12.2 p.1/23 Outline Primitive

Hierarchical Task Network (HTN) Planning Section 12.2 Sec. 12.2 p.1/23 Outline Primitive

Hierarchical Task Network (HTN) Planning Section 12.2 Sec. 12.2 p.1/23 Outline Primitive vs. non-primitive operators Example HTN planning algorithm Practical planners Additional references used for the slides: desJardins , M. (2001).

248 views • 23 slides
Proving Confidentiality in a File System Using DiskSec (Poster #2) OSDI 18 Atalay Mert

Proving Confidentiality in a File System Using DiskSec (Poster #2) OSDI 18 Atalay Mert

Proving Confidentiality in a File System Using DiskSec (Poster #2) OSDI 18 Atalay Mert leri, Tej Chajed, Adam Chlipala, Frans Kaashoek, Nickolai Zeldovich MIT CSAIL Storage Systems Contain Confidential Data Users rely on the storage

796 views • 24 slides
Algorithms in HElib Shai Halevi and Victor Shoup http://eprint.iacr.org/2014/106 Whats HElib?

Algorithms in HElib Shai Halevi and Victor Shoup http://eprint.iacr.org/2014/106 Whats HElib?

Algorithms in HElib Shai Halevi and Victor Shoup http://eprint.iacr.org/2014/106 Whats HElib? A software library implementation of homomorphic encryption (HE) Implements the ring-LWE variant of [BGV12] Written in C++, uses NTL for

603 views • 8 slides
Run-Time Composite Event Recognition Alexander Artikis, Marek Sergot and George Paliouras

Run-Time Composite Event Recognition Alexander Artikis, Marek Sergot and George Paliouras

Run-Time Composite Event Recognition Alexander Artikis, Marek Sergot and George Paliouras Institute of Informatics & Telecommunications, NCSR Demokritos, Greece Department of Computing, Imperial College London, UK

477 views • 25 slides

More recommend