a policy framework for a secure future internet future
play

A Policy Framework for a Secure Future Internet Future Internet - PowerPoint PPT Presentation

Apr 25, 2023 •146 likes •1.14k views

A Policy Framework for a Secure Future Internet Future Internet Jad Naous (Stanford University) Arun Seehra (UT Austin) Michael Walfish (UT Austin) David Mazires (Stanford University) Antonio Nicolosi (Stevens Institute of Tech) Scott

  1. A Policy Framework for a Secure Future Internet Future Internet Jad Naous (Stanford University) Arun Seehra (UT Austin) Michael Walfish (UT Austin) David Mazières (Stanford University) Antonio Nicolosi (Stevens Institute of Tech) Scott Shenker (UC Berkeley)

  2. What do we want from the network? Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  3. Network Policies Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  4. Network Policies Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  5. Network Policies Conflicting requirements from many stakeholders Middlebox Jad Naous – DIMACS Woorkshop on Secure Routing

  6. Network Policies Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  7. Network Policies Conflicting requirements from many stakeholders Middlebox Jad Naous – DIMACS Woorkshop on Secure Routing

  8. Network Policies Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  9. Network Policies Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  10. Network Policies Conflicting requirements from many stakeholders Jad Naous – DIMACS Woorkshop on Secure Routing

  11. Network Policies There are many stakeholders: senders, receivers, enterprises that are both senders and receivers (e.g. data centers), service providers, security middlemen (à la service providers, security middlemen (à la Prolexic), governments, data owners, … Each has many valid policy goals, and they might conflict. Jad Naous – DIMACS Woorkshop on Secure Routing

  12. Prior proposals: Large union, small intersection �������������� ���� ��� o - - - - x x o o - - - x o o o o o - - - o o x �������� ����� ����� ��� ��� - - - - o x - - - - o x - - - o x o - - - o x o o x o - - o - - o x o o - - o x o o o - - o x o - o x o o o - o x o o o ������� o x o o o o o x o o o o - - o - - x x o o o o o [legend: x exerts control over o ’s] Jad Naous – DIMACS Woorkshop on Secure Routing

  13. Prior Proposals Incomplete or insufficient Incompatible Incompatible Jad Naous – DIMACS Woorkshop on Secure Routing

  14. What Types of Policies for the Future Internet? Three choices: 1. Embrace the status quo: Do nothing. Unsatisfactory. 2. Make a hard choice: Select the “right” subset. A high-stakes gamble. 3. Choose “all of the above”: Take union of controls. Preserve all options; no picking winners/losers. Jad Naous – DIMACS Woorkshop on Secure Routing

  15. “All of the above” brings challenges: 1. How do we enable all these different policies? 1. How do we enable all these different policies? 2. How do we enforce all of them efficiently? Jad Naous – DIMACS Woorkshop on Secure Routing

  16. The ICING Policy Framework “Pluggable” Control Plane Engine . . . Pathlets BGP SR Policy Policy Policy Engine Engine ? General Efficient Secure Data Plane Jad Naous – DIMACS Woorkshop on Secure Routing

  17. The ICING Policy Framework “Pluggable” Control Plane Engine . . . Pathlets BGP SR Policy Policy Policy Engine Engine ? General Efficient Secure Data Plane Jad Naous – DIMACS Woorkshop on Secure Routing

  18. Outline • How general is general? (What is the control? Who gets control? How can it be used?) • How do we enforce policy decisions in the data plane? • What is the control/data plane interface and how can it be used? Jad Naous – DIMACS Woorkshop on Secure Routing

  19. Outline • How general is general? (What is the control? Who gets control? How can it be used?) • How do we enforce policy decisions in the data plane? • What is the control/data plane interface and how can it be used? Jad Naous – DIMACS Woorkshop on Secure Routing

  20. Control over what? Policy requirements � Who handles the packets and how � The path or parts of it � The path or parts of it (interdomain-level) Jad Naous – DIMACS Woorkshop on Secure Routing

  21. Control over what? Policy requirements � Who handles packets they send/receive/transit and how send/receive/transit and how � The path or parts of it (interdomain-level) For most flexibility: Give control over full path Jad Naous – DIMACS Woorkshop on Secure Routing

  22. Who gets control? Three principles: 1. Entities whose network resources are consumed. 2. Entities that are consuming network resources. 3. Entities should be within a single layer – the network layer. Jad Naous – DIMACS Woorkshop on Secure Routing

  23. Who gets control? The three principles � Give control to all entities on the path. Other stakeholders use other layers or external power of authority (e.g. laws). Jad Naous – DIMACS Woorkshop on Secure Routing

  24. ICING’s Policy Principle ����� x o o o o o o o x o o o o o o o x o o o o o o o x o o o o o o o x o o o o o o o x o o o o o o o x A path is legal if and only if all participants on the path approve of the path. Architecture enforces that only legal paths are used. Jad Naous – DIMACS Woorkshop on Secure Routing

  25. How general are policies? • Provider: Allow use of high speed links from 5pm to 8am only • Internet2: Only carry traffic between universities • Internet2: Only carry traffic between universities • Sender: Only use paths that my neighbor is using. => Policies can be arbitrary. Jad Naous – DIMACS Woorkshop on Secure Routing

  26. For flexibility and evolvability: Allow arbitrary policies For accuracy: Provide sufficient information Jad Naous – DIMACS Woorkshop on Secure Routing

  27. What are policy decisions based on? 1. The path 2. Consumed resources: Long/short haul, high/low speed, Long/short haul, high/low speed, – – transit/delivery, … 3. Arbitrary external information: Billing status, costs, time of day – Does everyone else consent? – Jad Naous – DIMACS Woorkshop on Secure Routing

  28. Checkpoint Summary • There are many stakeholders in a communication, and we give control to all network-level participants. • For most flexibility and to satisfy the largest For most flexibility and to satisfy the largest number of requirements we need to give them control over the full path. • For evolvability and flexibility, allow arbitrary policies and provide sufficient information Jad Naous – DIMACS Woorkshop on Secure Routing

  29. Outline • How general is general? (What is the control? Who gets control? How can it be used?) • How do we enforce policy decisions in the data plane? • What is the control/data plane interface and how can it be used? Jad Naous – DIMACS Woorkshop on Secure Routing

  30. Secure Routing Insufficient Data packets today do not necessarily follow BGP-given routes i.e. Data plane does not necessarily conform to the control plane. Jad Naous – DIMACS Woorkshop on Secure Routing

  31. Challenges Many challenges: • Enabling arbitrary informed policies • Enforcing policy decisions at line-rate • Handling errors and network failures in a Handling errors and network failures in a locked-down Internet • Delegating access • Bootstrapping Jad Naous – DIMACS Woorkshop on Secure Routing

  32. Challenges Many challenges: • Enabling arbitrary informed policies • Enforcing policy decisions at line-rate • Handling errors and network failures in a Handling errors and network failures in a locked-down Internet • Delegating access • Bootstrapping Jad Naous – DIMACS Woorkshop on Secure Routing

  33. Challenge: Enabling arbitrary informed policies Router Control plane Data plane Jad Naous – DIMACS Woorkshop on Secure Routing

  34. Challenge: Enabling arbitrary informed policies ICING Consent Makes all policy decisions Server ICING Forwarder Enforces policy Data decisions plane Jad Naous – DIMACS Woorkshop on Secure Routing

  35. Challenge: Enforcing policy decisions at line-rate 1. Make sure that the path is legal 2. Make sure that the path is followed 2. Make sure that the path is followed Jad Naous – DIMACS Woorkshop on Secure Routing

  36. Challenge: Enforcing policy decisions at line-rate Step 1: Make sure the path is legal Consent Consent Consent Consent Server 1 Server 1 Server 2 Server D Data Data Data plane plane plane Sender Destination R1 R2 Jad Naous – DIMACS Woorkshop on Secure Routing

  37. Challenge: Enforcing policy decisions at line-rate Step 1: Make sure the path is legal Share Consent Consent Consent Consent Secret Key = Server 1 Server 1 Server 2 Server D s_1 s_1 Data Data Data plane plane plane Sender Destination R1 R2 Jad Naous – DIMACS Woorkshop on Secure Routing

  38. Challenge: Enforcing policy decisions at line-rate Step 1: Make sure the path is legal Share Consent Consent Consent Consent Secret Key = Server 1 Server 1 Server 2 Server D s_2 s_2 Data Data Data plane plane plane Sender Destination R1 R2 Jad Naous – DIMACS Woorkshop on Secure Routing

Recommend

THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR Under the framework of

THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR Under the framework of

THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR Under the framework of Bonjour India, the Institut franais en Inde is pleased to present The Future Tour - a series of thematic rendezvous between scientists, academics,

270 views • 5 slides
Trusted Architecture for Secure Shared Services (with Privacy), Future of Internet PPP, and

Trusted Architecture for Secure Shared Services (with Privacy), Future of Internet PPP, and

TAS 3 Trusted Architecture for Secure Shared Services (with Privacy), Future of Internet PPP, and Internet of Subject Personal Data Store Sampo Kellomki (sampo@zxidp.org) 11. October 2010, IIW London 09 TAS 3 Intro and Vision EU FP7

968 views • 75 slides
Future Internet Future Internet Internet has evolved from 4-node network to ubiquituous, global

Future Internet Future Internet Internet has evolved from 4-node network to ubiquituous, global

An Architecture for An Architecture for Supporting Future Internet Supporting Future Internet Applications Applications Sebastian Mies Institute of Telematics, University of Karlsruhe (TH), Germany The SpoVNet Consortium: University of

268 views • 11 slides
Distributed mobility management more IPv4 blocks available) for Future Internet for Future

Distributed mobility management more IPv4 blocks available) for Future Internet for Future

Internet Core network: converge (cellular and Internet no Distributed mobility management more IPv4 blocks available) for Future Internet for Future Internet Access networks: diverse Devices: multiple interfaces, multiple

145 views • 12 slides
Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective

Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective

Future Internet of Services Future Internet of Services 3 Perspective From a TAS 3 Perspective From a TAS Danny De Cock TAS 3 Project Coordinator Slides available from http://godot.be/slides Email: Danny.DeCock@esat.kuleuven.be Future

252 views • 12 slides
DESIGN AND IMPLEMENTATION OF A VIRTUAL NETWORKING FRAMEWORK FOR THE MOBILITYFIRST FUTURE INTERNET

DESIGN AND IMPLEMENTATION OF A VIRTUAL NETWORKING FRAMEWORK FOR THE MOBILITYFIRST FUTURE INTERNET

DESIGN AND IMPLEMENTATION OF A VIRTUAL NETWORKING FRAMEWORK FOR THE MOBILITYFIRST FUTURE INTERNET ARCHITECTURE Aishwarya Babu Adviser: Dr. Dipankar Raychaudhuri Content Introduction MobilityFirst Overview Network Virtualization

692 views • 41 slides
Understanding current IPv4 depletion management For discussions on future policy proposals TWNIC

Understanding current IPv4 depletion management For discussions on future policy proposals TWNIC

Understanding current IPv4 depletion management For discussions on future policy proposals TWNIC 31 ST OPM 27 November 2018 George Kuo APNIC 1 APNIC A global, open, stable and secure Internet that serves the entire Asia Pacific

433 views • 16 slides
ICT SHOK Future Internet Programme A Finnish national research programme on Future Internet

ICT SHOK Future Internet Programme A Finnish national research programme on Future Internet

ICT SHOK Future Internet Programme A Finnish national research programme on Future Internet Jukka Manner, TKK Page 1 Finnish SHOKs Strategic Centres for Science, Technology and Innovation (SHOK) will provide a new way of bringing together

331 views • 19 slides
ICANN Policy Development How you can help ICANN Shape the New gTLD Program Future of the Internet

ICANN Policy Development How you can help ICANN Shape the New gTLD Program Future of the Internet

ICANN Policy Development How you can help ICANN Shape the New gTLD Program Future of the Internet Liz Gasster, Senior Policy Counselor Marika Konings, Policy Director ICANN 4 August 2009 Karla Valente Director New gTLD Program 1 What is

762 views • 59 slides
A Public Web Services Security Framework Based on Current and Future Usage Scenarios Internet

A Public Web Services Security Framework Based on Current and Future Usage Scenarios Internet

A Public Web Services Security Framework Based on Current and Future Usage Scenarios Internet Computing 2002 Conference, Las Vegas, June 2002 J.Thelin, Chief Architect PJ.Murray, Product Manager Cape Clear Software Inc. Web Services Usage

357 views • 11 slides
Policy mix concepts and applications: Reflections on the emergence, and potential future

Policy mix concepts and applications: Reflections on the emergence, and potential future

Policy mix concepts and applications: Reflections on the emergence, and potential future directions, of market based instruments for conservation within a policy mix framework Vic Adamowicz Alberta Land Institute & REES University of

489 views • 32 slides
SESSION E DESIGN FRAMEWORK FOR FUTURE GUIDELINES ON B2C SUPPLIES OF SERVICES AND INTANGIBLES

SESSION E DESIGN FRAMEWORK FOR FUTURE GUIDELINES ON B2C SUPPLIES OF SERVICES AND INTANGIBLES

SESSION E DESIGN FRAMEWORK FOR FUTURE GUIDELINES ON B2C SUPPLIES OF SERVICES AND INTANGIBLES 17-18 April 2014 Tokyo, Japan Pia Michelsen, European Commission Tax policy perspective Ms Pia Michelsen, Policy Officer, VAT Unit, Taxation

808 views • 22 slides
Internet Future Internet Future CRA Biennial Conference CRA Biennial Conference Snowbird, Utah

Internet Future Internet Future CRA Biennial Conference CRA Biennial Conference Snowbird, Utah

Internet Future Internet Future CRA Biennial Conference CRA Biennial Conference Snowbird, Utah Snowbird, Utah Vint Cerf MCI July 11, 2004 th Anniversary of TCP/IP 30 th Anniversary of TCP/IP 30 May 1974: A Protocol for Packet

493 views • 27 slides
Framework for Our Future 2.0 February 26-28, 2009 Framework for Our Future 2.0 February 26-28,

Framework for Our Future 2.0 February 26-28, 2009 Framework for Our Future 2.0 February 26-28,

Framework for Our Future 2.0 February 26-28, 2009 Framework for Our Future 2.0 February 26-28, 2009 An event to help shape the future of education in the DeForest Area School District. This three-day event, hosted by the DeForest area school

360 views • 18 slides
DB Future Directions Future Directions The Future is hard to predict and is driven by

DB Future Directions Future Directions The Future is hard to predict and is driven by

DB Future Directions Future Directions The Future is hard to predict and is driven by technology trends, unforeseen events, special needs, previous commitments, policy, mistakes, innovation, etc. What follows is some personal

538 views • 20 slides
FUTURE INTERNET Testbed @TWAREN Che-Nan Yang NCHC,Taiwan Overview OpenFlow Testbed in

FUTURE INTERNET Testbed @TWAREN Che-Nan Yang NCHC,Taiwan Overview OpenFlow Testbed in

FUTURE INTERNET Testbed @TWAREN Che-Nan Yang NCHC,Taiwan Overview OpenFlow Testbed in TWAREN HPDMnet Multicast Streaming with OpenFlow Future Work 2 Future Internet There are many serious limitations in current Internet.

505 views • 28 slides
The Future of Money? What is my purpose? #1: The Internet of Things is not about Internet. We

The Future of Money? What is my purpose? #1: The Internet of Things is not about Internet. We

The Future of Money? What is my purpose? #1: The Internet of Things is not about Internet. We need to settle M2M #2: We need a standardized protocol for value exchange One standard, frictionless means of exchange for all Machines Micro

698 views • 20 slides
Utilization of DCN/ION for Infrastructure of Future Internet Testbed Jin Tanaka KDDI/NICT

Utilization of DCN/ION for Infrastructure of Future Internet Testbed Jin Tanaka KDDI/NICT

Utilization of DCN/ION for Infrastructure of Future Internet Testbed Jin Tanaka KDDI/NICT APAN-JP/JGN2plus/TEIN3-JP NOCs Aug. 11 2010 APII / Future Internet Testbed WG in 30th APAN Meeting Hanoi, Vietnam 1 Outline 1. DCN Overview

508 views • 34 slides
The Psychological Anatomy of Users & The Future Internet Dr. Karmen Guevara Computer

The Psychological Anatomy of Users & The Future Internet Dr. Karmen Guevara Computer

The Psychological Anatomy of Users & The Future Internet Dr. Karmen Guevara Computer Laboratory Cambridge University May 2, 2012 Dr. Karmen Guevara Key Message The potential success of the future Internet will depend on the extent of

389 views • 17 slides
The Future of Monetary Policy and Macroprudential Policy Lars E.O. Svensson Stockholm School of

The Future of Monetary Policy and Macroprudential Policy Lars E.O. Svensson Stockholm School of

The Future of Monetary Policy and Macroprudential Policy Lars E.O. Svensson Stockholm School of Economics, CEPR, and NBER Web: larseosvensson.se The Future of Central Banking: An ECB Colloquium Held in Honour of Vtor Constancio Frankfurt,

536 views • 24 slides
Santander EC European Future Internet Science Projects & Industrial Based

Santander EC European Future Internet Science Projects & Industrial Based

Future Internet Cluster 9 June 2009 Santander EC European Future Internet Science Projects & Industrial Based Scientific & Approach Approach Commercial Relevance FI Cluster EIFFEL FIA ETPs (with links to FIRE,

119 views • 7 slides
Low carbon fuels exploring the future EU policy framework 13 th Concawe Symposium March 2019

Low carbon fuels exploring the future EU policy framework 13 th Concawe Symposium March 2019

Low carbon fuels exploring the future EU policy framework 13 th Concawe Symposium March 2019 Dr Chris Malins Introductions 2 Chris Malins Independent consultant at Cerulogy Previously: Fuels Lead for the International

392 views • 23 slides
The Future Internet is Present in Europe: The Future Internet is Present in Europe: The Future

The Future Internet is Present in Europe: The Future Internet is Present in Europe: The Future

The Future Internet is Present in Europe: The Future Internet is Present in Europe: The Future Internet is Present in Europe: The Future Internet is Present in Europe: Role of Research & Education Networks Role of Research & Education

393 views • 23 slides
Towards Towards Secure Secure and and Relia liable Io IoT Applica Applicatio ions Gang Gang Tan,

Towards Towards Secure Secure and and Relia liable Io IoT Applica Applicatio ions Gang Gang Tan,

Towards Towards Secure Secure and and Relia liable Io IoT Applica Applicatio ions Gang Gang Tan, Tan, CSE, CSE, Penn Penn State State Nov 15th, 2019 @ 2 nd IoT Security and Privacy Workshop Internet of Things (IoT) enables the future Power

686 views • 51 slides

More recommend