1,262 research outputs found
CAIR: Using Formal Languages to Study Routing, Leaking, and Interception in BGP
The Internet routing protocol BGP expresses topological reachability and
policy-based decisions simultaneously in path vectors. A complete view on the
Internet backbone routing is given by the collection of all valid routes, which
is infeasible to obtain due to information hiding of BGP, the lack of
omnipresent collection points, and data complexity. Commonly, graph-based data
models are used to represent the Internet topology from a given set of BGP
routing tables but fall short of explaining policy contexts. As a consequence,
routing anomalies such as route leaks and interception attacks cannot be
explained with graphs.
In this paper, we use formal languages to represent the global routing system
in a rigorous model. Our CAIR framework translates BGP announcements into a
finite route language that allows for the incremental construction of minimal
route automata. CAIR preserves route diversity, is highly efficient, and
well-suited to monitor BGP path changes in real-time. We formally derive
implementable search patterns for route leaks and interception attacks. In
contrast to the state-of-the-art, we can detect these incidents. In practical
experiments, we analyze public BGP data over the last seven years
An Adaptive Policy Management Approach to BGP Convergence
The Border Gateway Protocol (BGP) is the current inter-domain routing protocol used to exchange reachability information between Autonomous Systems (ASes) in the Internet. BGP supports policy-based routing which allows each AS to independently adopt a set of local policies that specify which routes it accepts and advertises from/to other networks, as well as which route it prefers when more than one route becomes available. However, independently chosen local policies may cause global conflicts, which result in protocol divergence. In this paper, we propose a new algorithm, called Adaptive Policy Management Scheme (APMS), to resolve policy conflicts in a distributed manner. Akin to distributed feedback control systems, each AS independently classifies the state of the network as either conflict-free or potentially-conflicting by observing its local history only (namely, route flaps). Based on the degree of measured conflicts (policy conflict-avoidance vs. -control mode), each AS dynamically adjusts its own path preferences—increasing its preference for observably stable paths over flapping paths. APMS also includes a mechanism to distinguish route flaps due to topology changes, so as not to confuse them with those due to policy conflicts. A correctness and convergence analysis of APMS based on the substability property of chosen paths is presented. Implementation in the SSF network simulator is performed, and simulation results for different performance metrics are presented. The metrics capture the dynamic performance (in terms of instantaneous throughput, delay, routing load, etc.) of APMS and other competing solutions, thus exposing the often neglected aspects of performance.National Science Foundation (ANI-0095988, EIA-0202067, ITR ANI-0205294
Bootstrapping Real-world Deployment of Future Internet Architectures
The past decade has seen many proposals for future Internet architectures.
Most of these proposals require substantial changes to the current networking
infrastructure and end-user devices, resulting in a failure to move from theory
to real-world deployment. This paper describes one possible strategy for
bootstrapping the initial deployment of future Internet architectures by
focusing on providing high availability as an incentive for early adopters.
Through large-scale simulation and real-world implementation, we show that with
only a small number of adopting ISPs, customers can obtain high availability
guarantees. We discuss design, implementation, and evaluation of an
availability device that allows customers to bridge into the future Internet
architecture without modifications to their existing infrastructure
Aggregate implications of innovation policy
In this paper we present a tractable model of innovating firms and the aggregate economy that we use to assess quantitatively the link between the responses of firms to changes in innovation policy and the impact of those policy changes on aggregate output and welfare. We show that, to a first-order approximation, a wide range of policy changes have a long-run impact in direct proportion to the fiscal expenditures on those policies, and that to evaluate the aggregate impact of a policy change, there is no need to calculate changes in firms' decisions in response to these policy changes. ; We use these results to compare the relative magnitudes of the impact on aggregates in the long run of three innovation policies in the United States: the Research and Experimentation Tax Credit, federal expenditure on R&D, and the corporate profits tax. We argue that the corporate profits tax is a relatively important policy through its negative effects on innovation and physical capital accumulation. We also use a calibrated version of our model to examine the absolute magnitude of the impact of these policies on aggregates. We show that, depending on the magnitude of spillovers, it is possible for changes in innovation policies to have very large impact on aggregates in the long run. However, over a 15-year horizon, the impact of changes in innovation policies on aggregate output is not very sensitive to the magnitude of spillovers. ; On the basis of these results we conclude that, while it is possible to make comparisons about the relative importance of different policies and sharp predictions about their aggregate impact in the medium term, it is very difficult to shed much light on the implications of innovation policies for long-run aggregate outcomes and welfare in the absence of direct quantitative evidence on the magnitude of spillovers.
A critical look at power law modelling of the Internet
This paper takes a critical look at the usefulness of power law models of the
Internet. The twin focuses of the paper are Internet traffic and topology
generation. The aim of the paper is twofold. Firstly it summarises the state of
the art in power law modelling particularly giving attention to existing open
research questions. Secondly it provides insight into the failings of such
models and where progress needs to be made for power law research to feed
through to actual improvements in network performance.Comment: To appear Computer Communication
Implementing the New Structural Model of the Czech National Bank
The purpose of the paper is to introduce the new “g3†structural model of the Czech National Bank and illustrate how it is used for forecasting and policy analysis. As from January 2007 the model was regularly used for shadowing official forecasts, and in July 2008 it became the core model of the CNB. In the paper we highlight the most important and unusual features of the model and discuss tools and procedures that help us in forecasting and assessing the economy with the model. The paper is not meant to provide a full derivation of the model or the complete characteristics of its behavior and should not be regarded as model documentation. Rather, the paper demonstrates how the model is used and how it contributes to policy analysis.DSGE, filtering, forecasting, general equilibrium, monetary policy.
Diagnose network failures via data-plane analysis
Diagnosing problems in networks is a time-consuming and error-prone process. Previous tools to assist operators primarily focus on analyzing control
plane configuration. Configuration analysis is limited in that it cannot find
bugs in router software, and is harder to generalize across protocols since it
must model complex configuration languages and dynamic protocol behavior.
This paper studies an alternate approach: diagnosing problems through
static analysis of the data plane. This approach can catch bugs that are
invisible at the level of configuration files, and simplifies unified analysis of a
network across many protocols and implementations. We present Anteater, a
tool for checking invariants in the data plane. Anteater translates high-level
network invariants into boolean satisfiability problems, checks them against
network state using a SAT solver, and reports counterexamples if violations
have been found. Applied to a large campus network, Anteater revealed 23
bugs, including forwarding loops and stale ACL rules, with only five false
positives. Nine of these faults are being fixed by campus network operators
Performance Evaluation of Distributed Security Protocols Using Discrete Event Simulation
The Border Gateway Protocol (BGP) that manages inter-domain routing on the Internet lacks security. Protective measures using public key cryptography introduce complexities and costs. To support authentication and other security functionality in large networks, we need public key infrastructures (PKIs). Protocols that distribute and validate certificates introduce additional complexities and costs. The certification path building algorithm that helps users establish trust on certificates in the distributed network environment is particularly complicated. Neither routing security nor PKI come for free. Prior to this work, the research study on performance issues of these large-scale distributed security systems was minimal. In this thesis, we evaluate the performance of BGP security protocols and PKI systems. We answer the questions about how the performance affects protocol behaviors and how we can improve the efficiency of these distributed protocols to bring them one step closer to reality. The complexity of the Internet makes an analytical approach difficult; and the scale of Internet makes empirical approaches also unworkable. Consequently, we take the approach of simulation. We have built the simulation frameworks to model a number of BGP security protocols and the PKI system. We have identified performance problems of Secure BGP (S-BGP), a primary BGP security protocol, and proposed and evaluated Signature Amortization (S-A) and Aggregated Path Authentication (APA) schemes that significantly improve efficiency of S-BGP without compromising security. We have also built a simulation framework for general PKI systems and evaluated certification path building algorithms, a critical part of establishing trust in Internet-scale PKI, and used this framework to improve algorithm performance
- …