Interdomain Route Leak Mitigation: A Pragmatic Approach

The Internet has grown to support many vital functions, but it is not administered by any central authority. Rather, the many smaller networks that make up the Internet - called Autonomous Systems (ASes) - independently manage their own distinct host address space and routing policy. Routers at the borders between ASes exchange information about how to reach remote IP prefixes with neighboring networks over the control plane with the Border Gateway Protocol (BGP). This inter-AS communication connects hosts across AS boundaries to build the illusion of one large, unified global network - the Internet. Unfortunately, BGP is a dated protocol that allows ASes to inject virtually any routing information into the control plane. The Internet’s decentralized administrative structure means that ASes lack visibility of the relationships and policies of other networks, and have little means of vetting the information they receive. Routes are global, connecting hosts around the world, but AS operators can only see routes exchanged between their own network and directly connected neighbor networks. This mismatch between global route scope and local network operator visibility gives rise to adverse routing events like route leaks, which occur when an AS advertises a route that should have been kept within its own network by mistake. In this work, we explore our thesis: that malicious and unintentional route leaks threaten Internet availability, but pragmatic solutions can mitigate their impact. Leaks effectively reroute traffic meant for the leak destination along the leak path. This diversion of flows onto unexpected paths can cause broad disruption for hosts attempting to reach the leak destination, as well as obstruct the normal traffic on the leak path. These events are usually due to misconfiguration and not malicious activity, but we show in our initial work that vrouting-capable adversaries can weaponize route leaks and fraudulent path advertisements to enhance data plane attacks on Internet infrastructure and services. Existing solutions like Internet Routing Registry (IRR) filtering have not succeeded in solving the route leak problem, as globally disruptive route leaks still periodically interrupt the normal functioning of the Internet. We examine one relatively new solution - Peerlocking or defensive AS PATH filtering - where ASes exchange toplogical information to secure their networks. Our measurements reveal that Peerlock is already deployed in defense of the largest ASes, but has found little purchase elsewhere. We conclude by introducing a novel leak defense system, Corelock, designed to provide Peerlock-like protection without the scalability concerns that have limited Peerlock’s scope. Corelock builds meaningful route leak filters from globally distributed route collectors and can be deployed without cooperation from other network

From MANET to people-centric networking: Milestones and open research challenges

In this paper, we discuss the state of the art of (mobile) multi-hop ad hoc networking with the aim to present the current status of the research activities and identify the consolidated research areas, with limited research opportunities, and the hot and emerging research areas for which further research is required. We start by briefly discussing the MANET paradigm, and why the research on MANET protocols is now a cold research topic. Then we analyze the active research areas. Specifically, after discussing the wireless-network technologies, we analyze four successful ad hoc networking paradigms, mesh networks, opportunistic networks, vehicular networks, and sensor networks that emerged from the MANET world. We also present an emerging research direction in the multi-hop ad hoc networking field: people centric networking, triggered by the increasing penetration of the smartphones in everyday life, which is generating a people-centric revolution in computing and communications

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

Adaptive tension, self-organization and emergence : A complex system perspective of supply chain disruptions

The purpose of this thesis was to explore how microstate human interactions produce macro level self-organization and emergence in a supply disruption scenario, as well as discover factors and typical human behaviour that bring about disruptions. This study argues that the complex adaptive system’s view of complexity is most suited scholarly foundation for this research enquiry. Drawing on the dissipative structure based explanation of emergence and self-organization in a complex adaptive system, this thesis further argues that an energy gradient between the ongoing and designed system conditions, known as adaptive tension, causes supply chains to self-organize and emerge. This study adopts a critical realist ontology operationalized by a qualitative case research and grounded theory based analysis. The data was collected using repertory grid interviews of 22 supply chain executives from 21 firms. In all 167 cases of supply disruptions were investigated. Findings illustrate that agent behaviours like loss of trust, over ambitious pursuit, use of power and privilege, conspiring against best practices and heedless performance were contributing to disruption. Impacted by these behaviours, supply chains demonstrated impaired disruption management capabilities and increased disruption probability. It was also discovered that some of these system patterns and microstate agent behaviours pushed the supply chains to a zone of emergent complexity where these networks self-organized and emerged into new structures or embraced changes in prevailing processes or goals. A conceptual model was developed to explain the transition from micro agent behaviour to system level self-organization and emergence. The model described alternate pathways of a supply chain under adaptive tension. The research makes three primary research contributions. Firstly, based upon the theoretical model, this research presents a conceptualization of supply chain emergence and self-organization from dissipative structures and adaptive tension based view of complexity. Secondly, it formally introduces and validates the role of behavioural and cognitive element of human actions in a supply chain scenario. Lastly, it affirms the complex adaptive system based conceptualization of supply chain networks. These contributions succeed in providing organizations with an explanation for observed deviations in their operations performance using a behavioural aspect of human agents

Stormwater Disconnection: Transient Scenario Analysis of Intervention Flexibility

Urban drainage networks protect people, society, and the environment from the hazards presented by domestic and industrial effluent, and urban stormwater run-off. However, urban drainage networks are financially and carbon intensive, and their failure results in damage to people and the environment. The likelihood and magnitude of failure is anticipated to increase in the future as a result of pressures including climate change and urbanisation. The rate and extent of these pressures manifesting is uncertain. Sustainable drainage systems (SuDS) are structural measures that can be retrofitted to replace or augment an urban drainage network, reducing the likelihood of failure now and in the future. Adaptation of infrastructure to encroaching future pressures requires infrastructure constructed in the present to be flexible. An existing method for assessing flexibility is combined with transient scenario analysis to enable the flexibility of conventional solutions, and source-control and regional-control retrofit SuDS interventions to be compared in two real-world case-study catchments. A new multi-criteria assessment framework is proposed for the comparison of these interventions. A method for distributing retrofit SuDS within an urban drainage catchment is developed from first principles. It is a hydraulic modelling method based on identifying potentially disparate locations within an urban drainage catchment that possess similar times of concentration to a point of interest within the network. The concept of the efficiency of stormwater disconnection is introduced. The developed method is shown to be more effective at identifying efficient disconnection locations than existing methods in two real-world case study catchments