Distributed Internet security and measurement

The Internet has developed into an important economic, military, academic, and social resource. It is a complex network, comprised of tens of thousands of independently operated networks, called Autonomous Systems (ASes). A significant strength of the Internet\u27s design, one which enabled its rapid growth in terms of users and bandwidth, is that its underlying protocols (such as IP, TCP, and BGP) are distributed. Users and networks alike can attach and detach from the Internet at will, without causing major disruptions to global Internet connectivity. This dissertation shows that the Internet\u27s distributed, and often redundant structure, can be exploited to increase the security of its protocols, particularly BGP (the Internet\u27s interdomain routing protocol). It introduces Pretty Good BGP, an anomaly detection protocol coupled with an automated response that can protect individual networks from BGP attacks. It also presents statistical measurements of the Internet\u27s structure and uses them to create a model of Internet growth. This work could be used, for instance, to test upcoming routing protocols on ensemble of large, Internet-like graphs. Finally, this dissertation shows that while the Internet is designed to be agnostic to political influence, it is actually quite centralized at the country level. With the recent rise in country-level Internet policies, such as nation-wide censorship and warrantless wiretaps, this centralized control could have significant impact on international reachability

Aspects of legal regulation in the context of the Internet

Die wêreld soos dit vandag bestaan, is gebaseer op die Internasionaalregtelike konsep van soewereiniteit. State het die bevoegdheid om hulle eie sake te reël, maar die ontwikkeling van die Internet as ’n netwerk wat globaal verspreid is, het hierdie beginsel verontagsaam. Dit wou voorkom asof die Internet die einde van soewereiniteit en staatskap sou beteken. ’n Geskiedkundige oorsig toon dat reguleerders aanvanklik onseker was oor hoe hierdie nuwe medium hanteer moes word. Dit het geblyk dat nuwe tegnologieë wat fragmentasie van die Internet bewerkstellig, gebruik kon word om staatsgebonde regsreëls af te dwing. Verskeie state van die wêreld het uiteenlopende metodologieë gevolg om die Internet op staatsvlak te probeer reguleer, en dit het tot die lukraak-wyse waarop die Internet tans gereguleer word, aanleiding gegee. Hierdie studie bespreek verskeie aspekte van regsbeheer in die konteks van die Internet, en bepaal daardeur hoe die Internet tans gereguleer word. Toepaslike wetgewing van verskeie state word regdeur die studie bespreek. Vier prominente state, wat verskeie belangrike ingrepe ten aansien van Internetregulering gemaak het, word verder uitgelig. Dit is die Verenigde State van Amerika, die Volksrepubliek van Sjina, die Europese Unie as verteenwoordiger van Europese state, en Suid-Afrika. Aspekte wat op Internasionaalregtelike vlak aangespreek moet word, soos internasionale organisasies en internasionale regsteorieë ten aansien van die regulering van die Internet, word ook onder die loep geneem. Die bevindings wat uit die studie volg, word gebruik om verskeie aanbevelings te maak, en die aanbevelings word uiteindelik in ’n nuwe model saamgevoegom’n sinvoller wyse van regulering van die Internet voor te stel. Aangesien die huidige studie in die konteks van die Internasionale reg onderneem word, word die studie afgesluit met ’n bespreking van kubersoewereiniteit, wat ’n uiteensetting is van hoe soewereiniteit ten aansien van die Internet toegepas behoort te word. Die gevolgtrekking is insiggewend — die ontwikkeling van die Internet het nie die einde van soewereiniteit beteken nie, maar het dit juis bevestig.The world is currently structured in different states, and this is premised on the International law concept of sovereignty. States have the capacity to structure their own affairs, but the development of the Internet as a globally distributed network has violated this principle. It would seem that the development of the Internet would mean the end of sovereignty and statehood. A historical overview shows that regulators were initially unsure of how this new medium should be dealt with. It appeared that new technologies that could fragment the Internet, could be used to enforce state bound law. Several states of the world have used different methodologies trying to regulate the Internet at state level, and this led to the random way in which the Internet is currently regulated. This study examines various aspects of legal regulation in the context of the Internet, and determines how the Internet is currently regulated. Appropriate legislation of several states are discussed throughout the study. Four prominent states, which made several important interventions regarding the regulation of the Internet, are highlighted further. It is the United States, the People’s Republic of China, the European Union as the representative of European countries, and South Africa. Aspects that need to be addressed on International law level, such as international organizations and international legal theories regarding the regulation of the Internet, are also discussed. The findings that follow from this study are used to make several recommendations, which in turn are used to construct a new model for a more meaningful way in which the Internet could be regulated. Since the present study is undertaken in the context of the International law, the study is concluded with a discussion of cyber sovereignty, which is a discussion of how sovereignty should be applied with regards to the Internet. The conclusion is enlightening—the development of the Internet does not indicate the end of sovereignty, but rather confirms it.Criminal and Procedural LawLL

From the edge to the core : towards informed vantage point selection for internet measurement studies

Since the early days of the Internet, measurement scientists are trying to keep up with the fast-paced development of the Internet. As the Internet grew organically over time and without build-in measurability, this process requires many workarounds and due diligence. As a result, every measurement study is only as good as the data it relies on. Moreover, data quality is relative to the research question—a data set suitable to analyze one problem may be insufficient for another. This is entirely expected as the Internet is decentralized, i.e., there is no single observation point from which we can assess the complete state of the Internet. Because of that, every measurement study needs specifically selected vantage points, which fit the research question. In this thesis, we present three different vantage points across the Internet topology— from the edge to the Internet core. We discuss their specific features, suitability for different kinds of research questions, and how to work with the corresponding data. The data sets obtained at the presented vantage points allow us to conduct three different measurement studies and shed light on the following aspects: (a) The prevalence of IP source address spoofing at a large European Internet Exchange Point (IXP), (b) the propagation distance of BGP communities, an optional transitive BGP attribute used for traffic engineering, and (c) the impact of the global COVID-19 pandemic on Internet usage behavior at a large Internet Service Provider (ISP) and three IXPs.Seit den frühen Tagen des Internets versuchen Forscher im Bereich Internet Measu- rement, mit der rasanten Entwicklung des des Internets Schritt zu halten. Da das Internet im Laufe der Zeit organisch gewachsen ist und nicht mit Blick auf Messbar- keit entwickelt wurde, erfordert dieser Prozess eine Meg Workarounds und Sorgfalt. Jede Measurement Studie ist nur so gut wie die Daten, auf die sie sich stützt. Und Datenqualität ist relativ zur Forschungsfrage - ein Datensatz, der für die Analyse eines Problems geeiget ist, kann für ein anderes unzureichend sein. Dies ist durchaus zu erwarten, da das Internet dezentralisiert ist, d. h. es gibt keinen einzigen Be- obachtungspunkt, von dem aus wir den gesamten Zustand des Internets beurteilen können. Aus diesem Grund benötigt jede Measurement Studie gezielt ausgewählte Beobachtungspunkte, die zur Forschungsfrage passen. In dieser Arbeit stellen wir drei verschiedene Beobachtungspunkte vor, die sich über die gsamte Internet-Topologie erstrecken— vom Rand bis zum Kern des Internets. Wir diskutieren ihre spezifischen Eigenschaften, ihre Eignung für verschiedene Klas- sen von Forschungsfragen und den Umgang mit den entsprechenden Daten. Die an den vorgestellten Beobachtungspunkten gewonnenen Datensätze ermöglichen uns die Durchführung von drei verschiedenen Measurement Studien und damit die folgenden Aspekte zu beleuchten: (a) Die Prävalenz von IP Source Address Spoofing bei einem großen europäischen Internet Exchange Point (IXP), (b) die Ausbreitungsdistanz von BGP-Communities, ein optionales transitives BGP-Attribut, das Anwendung im Bereich Traffic-Enigneering findet sowie (c) die Auswirkungen der globalen COVID- 19-Pandemie auf das Internet-Nutzungsverhalten an einem großen Internet Service Provider (ISP) und drei IXPs

Improving the Accuracy of the Internet Cartography

As the global Internet expands to satisfy the demands of the ever-increasing connected population, profound changes are occurring in its interconnection structure. The pervasive growth of IXPs and CDNs, two initially independent but synergistic infrastructure sectors, have contributed to the gradual flattening of the Internet’s inter-domain hierarchy with primary routing paths shifting from backbone networks to peripheral peering links. At the same time the IPv6 deployment has taken off due to the depletion of unallocated IPv4 addresses. These fundamental changes in Internet dynamics has obvious implications for network engineering and operations, which can be benefited by accurate topology maps to understand the properties of this critical infrastructure. This thesis presents a set of new measurement techniques and inference algorithms to construct a new type of semantically rich Internet map, and improve the state of the art in Internet cartography. The author first develops a methodology to extract large-scale validation data from the Communities BGP attribute, which encodes rich routing meta-data on BGP messages. Based on this better-informed dataset the author proceeds to analyse popular assumptions about inter-domain routing policies and devise a more accurate model to describe inter-AS business relationships. Accordingly, the thesis proposes a new relationship inference algorithm to accurately capture both simple and complex AS relationships across two dimensions: prefix type, and geographic location. Validation against three sources of ground-truth data reveals that the proposed algorithm achieves a near-perfect accuracy. However, any inference approach is constrained by the inability of the existing topology data sources to provide a complete view of the inter-domain topology. To limit the topology incompleteness problem the author augments traditional BGP data with routing policy data obtained directly from IXPs to discover massive peering meshes which have thus far been largely invisible

Integrating distributed post-genomic data to infer the molecular basis of bacterial phenotypes

The aim of the project described in this thesis is to understand and predict the characteristics and behaviour of a family of bacteria through an analysis of genome wide data from a variety of sources. The focus of the research is a family of bacteria, Bacillus, whose members show a diverse range of phenotypes, from the non-pathogenic B. subtilis to B. anthrncis, the causative agent of anthrax. Specifically, the focus was on the genomic scale identification and characterisation of secreted proteins from Bacillus species. Firstly, the application of Grid-based computational approaches to problems in genomic analysis and annotation was investigated, applying mllGrid technology to a biological problem not previously addressed using this approach. e-Science workflows and a service-oriented approach were developed and applied to predict and characterise secreted proteins, and the results automatically integrated into a custom relational database. An associated Web portal was also developed to facilitate expert curation, results browsing and querying over the database. Workflow technology was also used to classify the putative secreted proteins into families and to study the relationships between and within these families. The design of the workflows, the architecture and the reasoning behind the approach used to build this system, called BaSPP, are discussed. Analysis of the putative Bacillus secretomes revealed clear distinctions between proteins present in the pathogens and those in the non-pathogens. The properties of the protein families present in all Bacillus secretomes, as well as those specific either to the pathogens or to the non-pathogens were investigated. Many of the protein families contained members of unknown function. In the iv second part of the project, these families were investigated in more depth, using additional data integration strategies not previously applied to these organisms. The secretomes were modelled at the system level, in the broader context of interactomes. A system called SubtilNet was therefore developed, using B. subtilis as the reference organism. As part of SubtilNet, a toolkit and architecture were developed and implemented for building and analysing probabilistic functional integrated networks (PFINs). The PFINs built for each Bacillus species using this system were subsequently used to delve further into the interactions specific to the secreted proteins by extracting and exploring the cross-species PFINs of these proteins. The cross-species PFINs for the protein families specific to the pathogens and non-pathogens were explored, with particular emphasis on the core PrsA-like protein family, which acted as a use case to show how the PFIN s can be used to shed light on protein function. The addition of orthologous links between species was demonstrated to facilitate network clustering and analysis, enabling putative annotations to be applied to proteins previously of unknown function.EThOS - Electronic Theses Online ServiceNorth East Regional e-Science Centre : European Commission (LSHC-CT-2004-503468) : EPSRC : Non-Linear DynamicsGBUnited Kingdo