Decentralized trust in the inter-domain routing infrastructure

Inter-domain routing security is of critical importance to the Internet since it prevents unwanted traffic redirections. The current system is based on a Public Key Infrastructure (PKI), a centralized repository of digital certificates. However, the inherent centralization of such design creates tensions between its participants and hinders its deployment. In addition, some technical drawbacks of PKIs delay widespread adoption. In this paper we present IPchain, a blockchain to store the allocations and delegations of IP addresses. IPchain leverages blockchains' properties to decentralize trust among its participants, with the final goal of providing flexible trust models that adapt better to the ever-changing geopolitical landscape. Moreover, we argue that Proof of Stake is a suitable consensus algorithm for IPchain due to the unique incentive structure of this use-case, and that blockchains offer relevant technical advantages when compared to existing systems, such as simplified management. In order to show its feasibility and suitability, we have implemented and evaluated IPchain's performance and scalability storing around 350k IP prefixes in a 2.5 GB chain.Peer ReviewedPostprint (published version

Global state, local decisions: Decentralized NFV for ISPs via enhanced SDN

The network functions virtualization paradigm is rapidly gaining interest among Internet service providers. However, the transition to this paradigm on ISP networks comes with a unique set of challenges: legacy equipment already in place, heterogeneous traffic from multiple clients, and very large scalability requirements. In this article we thoroughly analyze such challenges and discuss NFV design guidelines that address them efficiently. Particularly, we show that a decentralization of NFV control while maintaining global state improves scalability, offers better per-flow decisions and simplifies the implementation of virtual network functions. Building on top of such principles, we propose a partially decentralized NFV architecture enabled via an enhanced software-defined networking infrastructure. We also perform a qualitative analysis of the architecture to identify advantages and challenges. Finally, we determine the bottleneck component, based on the qualitative analysis, which we implement and benchmark in order to assess the feasibility of the architecture.Peer ReviewedPostprint (author's final draft

Distributed Access Control with Blockchain

The specification and enforcement of network-wide policies in a single administrative domain is common in today's networks and considered as already resolved. However, this is not the case for multi-administrative domains, e.g. among different enterprises. In such situation, new problems arise that challenge classical solutions such as PKIs, which suffer from scalability and granularity concerns. In this paper, we present an extension to Group-Based Policy -- a widely used network policy language -- for the aforementioned scenario. To do so, we take advantage of a permissioned blockchain implementation (Hyperledger Fabric) to distribute access control policies in a secure and auditable manner, preserving at the same time the independence of each organization. Network administrators specify polices that are rendered into blockchain transactions. A LISP control plane (RFC 6830) allows routers performing the access control to query the blockchain for authorizations. We have implemented an end-to-end experimental prototype and evaluated it in terms of scalability and network latency.Comment: 7 pages, 9 figures, 2 table

BILLY BUDD O SOBRE LA EXISTENCIA DEL DERECHO NATURAL

This is the Spanish version of the class Professor Gabriel Maino (UCA-UBA) gave at Ave Maria Law School (USA). The class was about Natural Law and was attended by the students of Jurisprudence of Prof. Brian Scarnecchia. The previous reading for the assistants was a text of fiction whose drama served to illuminate the problem to approach: Billy Budd sailor, by Herman Melville. The class addressed several topics of the Natural Law theory, such us the modern concept of Law, the human nature, and the practical reasonLa presente es la versión en castellano de la clase magistral del Profesor Gabriel Maino (UCA-UBA) sobre Derecho Natural en Ave Maria School of Law (USA), brindada a los alumnos de la cátedra de Jurisprudence del Prof. Brian Scarnecchia. La lectura previa para los asistentes a la clase fue una obra de ficción cuyo drama sirvió para iluminar el problema a abordar: Billy Budd sailor, de Herman Melville. Durante la clase se estudiaron distintos aspectos vinculados a la teoría iusnaturalista, tales como el concepto de Derecho moderno, la naturaleza humana y la razón práctica.

ORIGEN Y DESARROLLO DE LAS POLÍTICAS DE GÉNERO EN EDUCACIÓN

This work addresses the legal-political background of comprehensive sexuality education in Argentina, linked to population policies, both nationally and internationally, then performs an analysis of it’s philosophical foundations and the current legal situation. For this purpose, we will analyze public policies regarding sexuality, the ideological foundations of gender policy, the regulation of sex education in Argentine law and the official material that has been developed on the subject. The problem of the use of the word “gender” is also analyzed. The text demonstrates how sexual education has been ideologized through law and politicsEl trabajo aborda los antecedentes jurídico-políticos de la educación sexual integral en Argentina, vinculados a las políticas de población, tanto a nivel nacional como internacional, para luego realizar un análisis de sus fundamentos filosóficos y de la situación jurídica actual en la materia. Para tal fin se analizan las políticas públicas en materia de sexualidad, los fundamentos ideológicos de la política de género, la regulación de la educación sexual en el Derecho argentino y el material oficial que se ha desarrollado en la temática. También se analiza la problemática del uso de la palabra “género”. El texto demuestra cómo a través del Derecho y la política la educación sexual se ha ideologizado

Hypercoagulability and the risk of recurrence in young women with myocardial infarction or ischaemic stroke: a cohort study

Background: We aimed to investigate the role of hypercoagulability on the risk of lifetime cardiovascular recurrences after myocardial infarction or ischaemic stroke. Methods: Young women (< 50 years) with either myocardial infarction (n = 197) or ischaemic stroke (n = 107) were followed between 1995 and 2012 in the RATIO follow-up study. To determine whether hypercoagulability affects the risk or recurrence, a coagulation score based on acquired and inherited markers was compiled and used in a quartile analysis. Hazard ratios (HRs) obtained from Cox proportional models and adjusted for several cardiovascular risk factors were used to compare quartiles of the coagulation score for the risk of recurrence. Results: During a median follow-up of 19 years, 59 cardiovascular recurrences occurred. In patients with myocardial infarction no association was found between a high prothrombotic score and recurrences (highest quartile vs lowest quartile HR 0.7, 95% CI, 0.3–1.8). Conversely, ischaemic stroke patients with a high prothrombotic score showed a doubling in risk of long-term cardiovascular recurrences (HR 1.9, 95% CI 0.6–6.3) compared with ischaemic stroke patients and low levels of the score, with a dose response relationship. Conclusions: An increased coagulation tendency might be associated with long-term cardiovascular risk in women with ischaemic stroke, but not in women with myocardial infarction

A Systematic Review

Background and Purpose Hypercoagulability increases the risk of arterial thrombosis; however, this effect may differ between various manifestations of arterial disease. Methods In this study, we compared the effect of coagulation factors as measures of hypercoagulability on the risk of ischaemic stroke (IS) and myocardial infarction (MI) by performing a systematic review of the literature. The effect of a risk factor on IS (relative risk for IS, RRIS) was compared with the effect on MI (RRMI) by calculating their ratio (RRR = RRIS/RRMI). A relevant differential effect was considered when RRR was >1+ its own standard error (SE) or <1−SE. Results We identified 70 publications, describing results from 31 study populations, accounting for 351 markers of hypercoagulability. The majority (203/351, 58%) had an RRR greater than 1. A larger effect on IS risk than MI risk (RRE>1+1SE) was found in 49/343 (14%) markers. Of these, 18/49 (37%) had an RRR greater than 1+2SE. On the opposite side, a larger effect on MI risk (RRR<1-1SE) was found in only 17/343 (5%) markers. Conclusions These results suggest that hypercoagulability has a more pronounced effect on the risk of IS than that of MI

A control plane for WireGuard

WireGuard is a VPN protocol that has gained significant interest recently. Its main advantages are: (i) simple configuration (via pre-shared SSH-like public keys), (ii) mobility support, (iii) reduced codebase to ease auditing, and (iv) Linux kernel implementation that yields high performance. However, WireGuard (intentionally) lacks a control plane. This means that each peer in a WireGuard network has to be manually configured with the other peers’ public key and IP addresses, or by other means. In this paper we present an architecture based on a centralized server to automatically distribute this information. In a nutshell, first we manually establish a WireGuard tunnel to the centralized server, and ask all the peers to store their public keys and IP addresses in it. Then, WireGuard peers use this secure channel to retrieve on-demand the information for the peers they want to communicate to. Our design strives to: (i) offer a key distribution scheme simpler than PKI-based ones, (ii) limit the number of public keys sent to the peers, and (iii) reduce tunnel establishment latency by means of an UDP-based protocol. We argue that such automation can help the deployment in enterprise or ISP scenarios. We also describe in detail our implementation and analyze several performance metrics. Finally, we discuss possible improvements regarding several shortcomings we found during implementation.This work was partially supported by the Spanish MINECO under contract TEC2017-90034-C2-1-R (ALLIANCE) and the Catalan Institution for Research and Advanced Studies (ICREA).Peer ReviewedPostprint (author's final draft

Wide area network autoscaling for cloud applications

Modern cloud orchestrators like Kubernetes provide a versatile and robust way to host applications at scale. One of their key features is autoscaling, which automatically adjusts cloud resources (compute, memory, storage) in order to adapt to the demands of applications. However, the scope of cloud autoscaling is limited to the datacenter hosting the cloud and it doesn't apply uniformly to the allocation of network resources. In I/O-constrained or data-in-motion use cases this can lead to severe performance degradation for the application. For example, when the load on a cloud service increases and the Wide Area Network (WAN) connecting the datacenter to the Internet becomes saturated, the application flows experience an increase in delay and loss. In many cases this is dealt with overprovisioning network capacity, which introduces additional costs and inefficiencies. On the other hand, thanks to the concept of "Network as Code", the WAN exposes a set of APIs that can be used to dynamically allocate and de-allocate capacity on-demand. In this paper we propose extending the concept of cloud autoscaling into the network to address this limitation. This way, applications running in the cloud can communicate their networking requirements, like bandwidth or traffic profile, to a Software-Defined Networking (SDN) controller or Network as a Service (NaaS) platform. Moreover, we aim to define the concepts of vertical and horizontal autoscaling applied to networking. We present a prototype that automatically allocates bandwidth to the underlay network, according to the requirements of the applications hosted in Kubernetes. Finally, we discuss open research challenges.This work was supported by the Spanish MINECO under contract TEC2017-90034-C2-1-R (ALLIANCE), the Catalan Institution for Research and Advanced Studies (ICREA).Peer ReviewedPostprint (author's final draft