an architectural approach to inter domain measurement
play

An Architectural Approach to Inter-domain Measurement Data Sharing - PowerPoint PPT Presentation

Sep 14, 2022 •123 likes •308 views

An Architectural Approach to Inter-domain Measurement Data Sharing Brian Trammell Communication Systems Group, ETH Zrich DUST 2012, San Diego, 15 May 2012 Questions and Wishes common platform for darkspace analysis lets use

  1. An Architectural Approach to Inter-domain Measurement Data Sharing Brian Trammell Communication Systems Group, ETH Zürich DUST 2012, San Diego, 15 May 2012

  2. Questions and Wishes § common platform for darkspace analysis § “let’s use the same software to make it easier to share data” § common interface for collaborative interface § “what sort of interface do we provide to a running window of data?” § analyze unsolicited traffic on lit space § keep doing “darkspace”-like studies in an v4-scarce world § but, assumptions about privacy don’t hold at all anymore. § even “one-way” traffic isn’t all unsolicited 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 2

  3. Privacy issues in measurement data sharing § In the general case, most collected data simultaneously quite sensitive and completely uninteresting. § Darkspace collection suffers less from these concerns: § no “legitimate” user traffic, so no “users” to threaten; however: § illegitimate user traffic (compromised host IPs, occasional payload) § structure of the darkspace itself § Anonymization alone not a solution to the problem § any attacker that can induce or otherwise know details about traffic can reverse identifiers with ~24 bits of information per (Burkhart et al., “The Role of Network Trace Anonymization Under Attack, ACM CCR Jan ‘10) § Any solution must include policy framework § Semi-open consortia of operators/CSIRTs/researchers/etc. 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 3

  4. Scalability issues in measurement data sharing § Passive network measurement collects [insert impressive word for “big”] amounts of data. § Separation of collection and analysis presents scalability issues at the sharing interface. § Data volume in darkspace directly proportional to size of observation surface; bigger surfaces are more useful. § Usual methods of addressing this: § limit retrospection interval (“last two weeks”) § limit fidelity for older data (sampling, aggregation) § spend a lot of money on disks … § … and don’t underestimate the bandwidth of a delivery truck. 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 4

  5. The DEMONS Approach Centralized DEMONS Network Network Meter Router Capture Capture Analyze Repository Repository Analyze Present Mitigate Present 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 5

  6. The DEMONS approach: decentralization § Move processing to the edge Network § Support iterative analysis on live traffic using programmable edge devices. Capture § Emphasize stream processing § Assumes temporal non- Analyze uniqueness of interesting activity in darkspace. § Data reduction improves scalability. Repository § (and reduces sensitivity of collected data) Present Mitigate 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 6

  7. The DEMONS approach: sharing § Share analysis, not data Analyses built by composition of § Domain X Domain Y well-defined processing modules Inspection of intermediate results § Network Network before export § “yes/no decision” instead of anonymization/protection at the Capture Capture edge. Analyze Share Analyze Realism about technical § limitations of data protection Repository Repository § Designed to operate within a consortium governed by a legal Present Mitigate Present Mitigate agreement. 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 7

  8. Components and Interfaces § Measurement layer nodes provide capture and analysis. Network Interdomain exchange point § (IXP) provides "sharing" Interdomain Measurement interfaces to external domains. Exchange Point (IXP) Capture Layer Workflow-based control § Analyze Share interface, for passing requests within and among domains Integration with existing § Repository mitigation processes § not particularly relevant for research Workflow Present Mitigate Planner and Orchestrator Application Mitigation User Interface Control Point (Control) (AUI) (MCP) 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 8

  9. Inspirations § EU FP7 PRISM (March 2008 – May 2010) § Architecture for privacy-aware network monitoring applying context-sensitive access control § Explicit application of regulatory framework to access control and conditional data protection § Focus on single domain (no sharing) § Secure Queries (Mirkovic, NDA ‘08) § Trol (SQL-like) language for network queries § Anonymity-aware access control § Dialing Privacy and Utility (Kenneally and Claffy, IEEE S&P July ‘10) § Combines technical data protection techniques with a policy framework considering legal, social, privacy and utility aspects of sharing. § Applied to network telescope operations 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 9

  10. Measurement Layer: Blockmon § Composable measurement using small blocks § Increases parallelizability, measurement performance on multicore hardware § Code reuse for measurement development § Platform for understanding composable measurement application development § Enable code and analysis interchange in the form of compositions of modules from a standard, trusted base. § Current work in ontology of basic operations: § Filters, Metrics, Features, Correlations, and Feedback § Current work in core performance tuning: § cache-aware allocation, automatic queue balancing January 11, 2012 DEMONS/BlockMon - Flocon 2012 Austin 10

  11. Blockmon: Implementation § Compositions of blocks exchange messages (packets, flows, etc.) connected at runtime via gates. § Control over thread/CPU assignment and block invocation for tuning. § Blocks, framework and scheduling implemented in C++ § Python-based CLI and JSON-RPC daemon, compositions in XML § Compositions split among instances via IPFIX import/export Composition I BlockA O Export Source I BlockC O I O Block Block I BlockB O January 11, 2012 DEMONS/BlockMon - Flocon 2012 Austin 11

  12. Blockmon: Applicability § Researchers and data providers agree on a set of blocks as primitives from which to build analyses. § Additional blocks may be distributed as object code signed by a trusted third party and dynamically loaded at runtime. § A given study is handed to data provider in terms of a composition. § Composition runs over live traffic from telescope, or replayed traces / pre-analyzed data kept by the data provider. 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 12

  13. Interdomain Data Exchange § Intermediate and final results of analyses sent to remote domains through an interdomain exchange point (IXP) § Data crossing domain boundaries always significantly reduced for scalability as well as privacy reasons. § Data subject to inspection at a proxy. § Forwarding logic is presently application-specific. § Data may be further analyzed by another Blockmon instance in the remote domain. § In certain circumstances, data protected by secure multiparty computation protocols such as SEPIA instead. 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 13

  14. Secure Multiparty Computation: SEPIA § Secure multiparty computation framework based on Shamir secret sharing. § Optimized for network traffic analysis and list/set operations. § can be applied to aggregation over realistically large time bins from reasonably sized networks § parallelization of rounds reduces overhead among privacy peers § Applicable to aggregate or set operations on data from multiple sources without a trusted third party. § available under LGPL at http://sepia.ee.ethz.ch 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 14

  15. Secure Multiparty Computation: SEPIA 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 15

  16. SEPIA: Applicability § Example: aggregate traffic per port without exposing differences per provider among providers. § Example: union/intersection of unsolicited senders without attribution. § Limited to situations with § many data providers § relatively limited data volumes § easily defined aggregation operations § So: unclear whether it’s worth the trouble in most network telescope operations. 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 16

  17. Guidance for Darkspace Monitoring § Data sharing is fraught with peril … § and becomes moreso the closer you get to lit networks § … so share analysis instead of data. § Composable measurement is one way to do this § Sandboxing, code inspection/signing are other approaches § A common vocabulary for description (and tools supporting it) would be a third. § Reduce data aggressively close to the edge § Throw away what you know isn’t interesting. § Consider “live” analysis § Assume that unsolicited traffic is temporally non-unique. 15 May 2012 - San Diego Interdomain Measurement Data Sharing - DUST 2012 19

Recommend

1 Inter-Domain Routing Network comprised of many Autonomous Systems (ASes) or domains 23

1 Inter-Domain Routing Network comprised of many Autonomous Systems (ASes) or domains 23

CSE/EE 461 Lecture 11 Inter-domain Routing This Lecture Focus How do we make routing scale? Application Presentation Inter-domain routing Session ASes and BGP Transport Network Data Link Physical sdg // CSE/EE 461,

395 views • 5 slides
Inter-Domain DOTS Use Cases draft-nishizuka-dots-inter-domain-usecases-00 Kaname Nishizuka, NTT

Inter-Domain DOTS Use Cases draft-nishizuka-dots-inter-domain-usecases-00 Kaname Nishizuka, NTT

Inter-Domain DOTS Use Cases draft-nishizuka-dots-inter-domain-usecases-00 Kaname Nishizuka, NTT Communications Nov. 2015 IETF94@yokohama Draft Overview Motivation The volume of DDoS attack will exceed available anti- DDoS capability by

802 views • 10 slides
How NOC manages and controls inter-domain traffic? 5 th tf-noc meeting, Dubrovnik

How NOC manages and controls inter-domain traffic? 5 th tf-noc meeting, Dubrovnik

How NOC manages and controls inter-domain traffic? 5 th tf-noc meeting, Dubrovnik nino.ciurleo@garr.it Agenda Inter-domain traffic: o how does NOC monitor and control it? Common case as example: new BGP peer activation -> new

479 views • 35 slides
A Connector- A Connector- Centric Approach Centric Approach to Architectural to Architectural

A Connector- A Connector- Centric Approach Centric Approach to Architectural to Architectural

A Connector- A Connector- Centric Approach Centric Approach to Architectural to Architectural Access Control Access Control Jie Ren Department of Informatics University of California, Irvine Outline Overview Architecture and

917 views • 74 slides
CS 557 Inter-Domain Routing Introduction to BGP Routing Tutorial slides from Tim Griffin, 2001

CS 557 Inter-Domain Routing Introduction to BGP Routing Tutorial slides from Tim Griffin, 2001

CS 557 Inter-Domain Routing Introduction to BGP Routing Tutorial slides from Tim Griffin, 2001 Spring 2013 Inter-domain Routing 2153 11537 1706 52 FRGP Level 3 ARIZONA ColoState Autonomous Systems (AS) Border Gateway Protocol

566 views • 30 slides
Bootstrapping evolvability for inter-domain routing with D-BGP Raja Sambasivan David Tran-Lam,

Bootstrapping evolvability for inter-domain routing with D-BGP Raja Sambasivan David Tran-Lam,

Bootstrapping evolvability for inter-domain routing with D-BGP Raja Sambasivan David Tran-Lam, Aditya Akella, Peter Steenkiste This talk in one slide What evolvability features needed in any Q inter-domain protocol? New New Existing

609 views • 26 slides
Inter-Domain Routing Security Inter-Domain Routing Security ~ ~BGP BGP Route Hijacking~ Route

Inter-Domain Routing Security Inter-Domain Routing Security ~ ~BGP BGP Route Hijacking~ Route

Inter-Domain Routing Security Inter-Domain Routing Security ~ ~BGP BGP Route Hijacking~ Route Hijacking~ Mar 1 2007 in APRICOT 2007 NTT Communications Corp. Taka Mizuguchi Tomoya Yoshida What s BGP Route Hijacking? s BGP Route

583 views • 40 slides
Partnering for Relief - Optimizing Logistics. An Inter-Agency Approach: Why and How?! George

Partnering for Relief - Optimizing Logistics. An Inter-Agency Approach: Why and How?! George

Partnering for Relief - Optimizing Logistics. An Inter-Agency Approach: Why and How?! George Fenton, May 8, 2008 Inter-Agency Approach Inter-Agency Approach With the Global (natural) risk hotspots analysis of the World Bank, future emergency

805 views • 14 slides
Bootstrapping evolvability for inter-domain routing Raja Sambasivan , David Tran-Lam, Aditya

Bootstrapping evolvability for inter-domain routing Raja Sambasivan , David Tran-Lam, Aditya

Bootstrapping evolvability for inter-domain routing Raja Sambasivan , David Tran-Lam, Aditya Akella, Peter Steenkiste Inter-domain routing is stagnant Many proposed fi xes/replacements for BGP E.g., LISP [RFC 6830], S-BGP [SAC00], Wiser,

350 views • 23 slides
Inter-Domain Lies Based on TMA 2019 Paper - Focus on Infrastructure Julian M. Del Fiore Pascal

Inter-Domain Lies Based on TMA 2019 Paper - Focus on Infrastructure Julian M. Del Fiore Pascal

Filtering the Noise to Reveal Inter-Domain Lies Based on TMA 2019 Paper - Focus on Infrastructure Julian M. Del Fiore Pascal Merindol, Valerio Persico, Cristel Pelsser, Antonio Pescape AS C AS D p2p AS B AS X AS E Inter-Domain Lie

109 views • 9 slides
Time- -Domain Measurement Method to Domain Measurement Method to Time Guard Against

Time- -Domain Measurement Method to Domain Measurement Method to Time Guard Against

Time- -Domain Measurement Method to Domain Measurement Method to Time Guard Against Preamplifier Saturation Guard Against Preamplifier Saturation April 10, 2012 Matthew Jackson Outline Background Amplifier Saturation 1 dB

667 views • 17 slides
A Reproducibility Study of IP Spoofing Detection in Inter-Domain Traffic Jasper Eumann

A Reproducibility Study of IP Spoofing Detection in Inter-Domain Traffic Jasper Eumann

A Reproducibility Study of IP Spoofing Detection in Inter-Domain Traffic Jasper Eumann October 9, 2019 iNET RG, Hamburg University of Applied Sciences Overview IP Spoofing Mitigation in General Detection in Inter-Domain Traffic

778 views • 42 slides
Bloom Filter based Inter-domain Name Resolution: A Feasibility Study Konstantinos V. Katsaros,

Bloom Filter based Inter-domain Name Resolution: A Feasibility Study Konstantinos V. Katsaros,

Bloom Filter based Inter-domain Name Resolution: A Feasibility Study Konstantinos V. Katsaros, Wei Koong Chai and George Pavlou University College London, UK Outline Inter-domain name resolution in ICN Scalability concerns Bloom

694 views • 33 slides
An Architectural Approach for Improving Availability in Web Services Evangelos Parchas and

An Architectural Approach for Improving Availability in Web Services Evangelos Parchas and

An Architectural Approach for Improving Availability in Web Services Evangelos Parchas and Rogrio de Lemos Computing Laboratory - University of Kent at Canterbury, UK Motivation Architectural pattern Implementation and results

306 views • 12 slides
Architectural Specialization for Inter-Iteration Loop Dependence Patterns Shreesha Srinath,

Architectural Specialization for Inter-Iteration Loop Dependence Patterns Shreesha Srinath,

Architectural Specialization for Inter-Iteration Loop Dependence Patterns Shreesha Srinath, Berkin Ilbeyi, Mingxing Tan, Gai Liu Zhiru Zhang, Christopher Batten Computer Systems Laboratory School of Electrical and Computer Engineering Cornell

1.34k views • 76 slides
Crossing Over the Bounded Domain: From Exponential To Power-law Inter- meeting time in MANET Han

Crossing Over the Bounded Domain: From Exponential To Power-law Inter- meeting time in MANET Han

Crossing Over the Bounded Domain: From Exponential To Power-law Inter- meeting time in MANET Han Cai, Do Young Eun Department of Electrical and Computer Engineering North Carolina State University Motivation inter-meeting time

720 views • 35 slides
CS 640: Introduction to Computer Networks Aditya Akella Lecture 11 - Inter-Domain Routing -

CS 640: Introduction to Computer Networks Aditya Akella Lecture 11 - Inter-Domain Routing -

CS 640: Introduction to Computer Networks Aditya Akella Lecture 11 - Inter-Domain Routing - BGP (Border Gateway Protocol) Intra -domain routing The Story So Far Routing protocols generate the forwarding table Two styles:

481 views • 12 slides
Inter-domain SDN Considera2ons Ronald van der Pol

Inter-domain SDN Considera2ons Ronald van der Pol

Inter-domain SDN Considera2ons Ronald van der Pol SURFnet Ronald.vanderPol@SURFnet.nl GLIF, 17 January 2013, Honolulu, USA Dis2nguish between:

575 views • 8 slides
NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural

NES Architectural Ltd http://www.nes-solutions.co.uk/architectural Who Are we? NES Architectural is a family owned business, based in Colchester. The manufacturing facility is 70,000 sq. ft with a staff of over 50. What do we do? NES

274 views • 16 slides
Towards a Next- Generation Inter-domain Routing Protocol L. Subramanian, M. Caesar, C.T. Ee, M.

Towards a Next- Generation Inter-domain Routing Protocol L. Subramanian, M. Caesar, C.T. Ee, M.

Towards a Next- Generation Inter-domain Routing Protocol L. Subramanian, M. Caesar, C.T. Ee, M. Handley , Z. Mao, S. Shenker, and I. Stoica Routing 1999 Internet Map Coloured by ISP Source: Bill Cheswick, Lumeta AS-level Topology 2003

946 views • 37 slides
An Architectural Approach to Support Online Updates of SPL

An Architectural Approach to Support Online Updates of SPL

An Architectural Approach to Support Online Updates of SPL Products Danny Weyns, Linnaeus University Vxj Campus, Sweden 23rd CREST Open Workshop

624 views • 40 slides
Architectural Approach for Providing Rela5ons in Biomedical

Architectural Approach for Providing Rela5ons in Biomedical

Architectural Approach for Providing Rela5ons in Biomedical Terminologies and Ontologies M. Brochhausen 1,2 & B. Blobel 3 1 IFOMIS, Saarland University,

268 views • 12 slides
Strengthening Weak Identities Through Inter-Domain Trust Transfer Giridhari Venkatadri,

Strengthening Weak Identities Through Inter-Domain Trust Transfer Giridhari Venkatadri,

Strengthening Weak Identities Through Inter-Domain Trust Transfer Giridhari Venkatadri, Oana Goga , Changtao Zhong, Bimal Viswanath, Nishanth Sastry, Krishna Gummadi Online

748 views • 40 slides
RAIDER: RAIDER: Responsive Responsive Architecture for Architecture for Inter Inter-Domain

RAIDER: RAIDER: Responsive Responsive Architecture for Architecture for Inter Inter-Domain

RAIDER: RAIDER: Responsive Responsive Architecture for Architecture for Inter Inter-Domain Economics and -Domain Economics and Routing Routing Nirmala Shenoy Nirmala Shenoy, Rochester Institute of T , Rochester Institute of Technology

234 views • 20 slides

More recommend