Towards Secure and Leak-Free Workflows Using Microservice Isolation

Data leaks and breaches are on the rise. They result in huge losses of money for businesses like the movie industry, as well as a loss of user privacy for businesses dealing with user data like the pharmaceutical industry. Preventing data exposures is challenging, because the causes for such events are various, ranging from hacking to misconfigured databases. Alongside the surge in data exposures, the recent rise of microservices as a paradigm brings the need to not only secure traffic at the border of the network, but also internally, pressing the adoption of new security models such as zero-trust to secure business processes. Business processes can be modeled as workflows, where the owner of the data at risk interacts with contractors to realize a sequence of tasks on this data. In this paper, we show how those workflows can be enforced while preventing data exposure. Following the principles of zero-trust, we develop an infrastructure using the isolation provided by a microservice architecture, to enforce owner policy. We show that our infrastructure is resilient to the set of attacks considered in our security model. We implement a simple, yet realistic, workflow with our infrastructure in a publicly available proof of concept. We then verify that the specified policy is correctly enforced by testing the deployment for policy violations, and estimate the overhead cost of authorization

Caractérisation de la table de routage BGP

International audienceBGP routing table growth is one of the major Internet scaling issues, and prefix deaggregation is thought to be a major contributor to table growth. In this work we quantify the fragmentation of the routing table by the type of IP prefix. We observe that the proportion of deaggregated prefixes has quasi doubled in the last fifteen years. Our study also shows that the deaggregated prefixes are the least stable; they appear and disappear more frequently. While we can not see significant differences in path prepending between the categories, deaggregated prefixes do tend to be announced more selectively, indicating traffic engineering. We find cases where lonely prefixes are actually deaggregation in disguise. Indeed, some large transit ISPs advertise many lonely prefixes when they own the covering prefix. We show the extents of this practice that has a negative impact on the routing table even though it could usually be avoided.La croissance de la table de routage BGP est un des problèmes majeurs de l'expansion d'Internet, et la désaggrégation des préfixes semble être la cause principale de cette croissance. Dans cet article, nous quantifions la fragmentation de la table de routage BGP en classant les préfixes IP par type. Nous observons que la proportion de préfixes désaggrégés a doublé dans les quinze dernières années. Nous montrons également que ces préfixes sont les moins stables: ils apparaissent et disparaissent plus fréquemment. Malgrés le taux similaire de path prepending pour les différentes catégories de préfixes, les préfixes désaggrégés ont tendance à être annoncés sélectivement, indiquant de l'ingénierie de trafic. Une partie des préfixes solitaires sont en réalité désaggrégés. En effet, certains grands FAI annoncent un grand nombre de préfixes solitaires alors qu'ils possèdent le préfixe les couvrant. Nous dévoilons l'étendue de cette pratique qui a un effet non négligeable sur la fragmentation de la table de routage alors qu'elle pourrait généralement être évitée

Computing Delay-Constrained Least-Cost Paths for Segment Routing is Easier Than You Think

With the growth of demands for quasi-instantaneous communication services such as real-time video streaming, cloud gaming, and industry 4.0 applications, multi-constraint Traffic Engineering (TE) becomes increasingly important. While legacy TE management planes have proven laborious to deploy, Segment Routing (SR) drastically eases the deployment of TE paths and thus became the most appropriate technology for many operators. The flexibility of SR sparked demands in ways to compute more elaborate paths. In particular, there exists a clear need in computing and deploying Delay-Constrained Least-Cost paths (DCLC) for real-time applications requiring both low delay and high bandwidth routes. However, most current DCLC solutions are heuristics not specifically tailored for SR. In this work, we leverage both inherent limitations in the accuracy of delay measurements and an operational constraint added by SR. We include these characteristics in the design of BEST2COP, an exact but efficient ECMP-aware algorithm that natively solves DCLC in SR domains. Through an extensive performance evaluation, we first show that BEST2COP scales well even in large random networks. In real networks having up to thousands of destinations, our algorithm returns all DCLC solutions encoded as SR paths in way less than a second

The BGP Visibility Toolkit: detecting anomalous internet routing behavior

In this paper, we propose the BGP Visibility Toolkit, a system for detecting and analyzing anomalous behavior in the Internet. We show that interdomain prefix visibility can be used to single out cases of erroneous demeanors resulting from misconfiguration or bogus routing policies. The implementation of routing policies with BGP is a complicated process, involving fine-tuning operations and interactions with the policies of the other active ASes. Network operators might end up with faulty configurations or unintended routing policies that prevent the success of their strategies and impact their revenues. As part of the Visibility Toolkit, we propose the BGP Visibility Scanner, a tool which identifies limited visibility prefixes in the Internet. The tool enables operators to provide feedback on the expected visibility status of prefixes. We build a unique set of ground-truth prefixes qualified by their ASes as intended or unintended to have limited visibility. Using a machine learning algorithm, we train on this unique dataset an alarm system that separates with 95% accuracy the prefixes with unintended limited visibility. Hence, we find that visibility features are generally powerful to detect prefixes which are suffering from inadvertent effects of routing policies. Limited visibility could render a whole prefix globally unreachable. This points towards a serious problem, as limited reachability of a non-negligible set of prefixes undermines the global connectivity of the Internet. We thus verify the correlation between global visibility and global connectivity of prefixes.This work was sup-ported in part by the European Community's Seventh Framework Programme (FP7/2007-2013) under Grant 317647 (Leone)

An analysis of the economic impact of strategic deaggregation

The work of Marcelo Bagnulo has been partially supported by project MASSES (TEC2012-35443) funded by the Spanish Ministry of Economy and Competitiveness (MINECO).The advertisement of more-specific prefixes provides network operators with a fine-grained method to control the interdomain ingress traffic. Prefix deaggregation is recognized as a steady long-lived phenomenon at the interdomain level, despite its well-known negative effects for the community. In this paper, we look past the original motivation for deploying deaggregation in the first place, and instead we focus on its aftermath. We identify and analyze here one particular side-effect of deaggregation regarding the economic impact of this type of strategy: decreasing the transit traffic bill. We propose a general Internet model to analyze the effect of advertising more-specific prefixes on the incoming transit traffic burstiness. We show that deaggregation combined with selective advertisements has a traffic stabilization side-effect, which translates into a decrease of the transit traffic bill. Next, we develop a methodology for Internet Service Providers (ISPs) to monitor general occurrences of prefix deaggregation within their customer base. Thus, the ISPs can detect selective advertisements of deaggregated prefixes, and thus identify customers which impact the business of their providers. We apply the proposed methodology on a complete set of data including routing, traffic, topological and billing information provided by a major Japanese ISP and we discuss the obtained results.Publicad

Chocolatine: Outage Detection for Internet Background Radiation

The Internet is a complex ecosystem composed of thousands of Autonomous Systems (ASs) operated by independent organizations; each AS having a very limited view outside its own network. These complexities and limitations impede network operators to finely pinpoint the causes of service degradation or disruption when the problem lies outside of their network. In this paper, we present Chocolatine, a solution to detect remote connectivity loss using Internet Background Radiation (IBR) through a simple and efficient method. IBR is unidirectional unsolicited Internet traffic, which is easily observed by monitoring unused address space. IBR features two remarkable properties: it is originated worldwide, across diverse ASs, and it is incessant. We show that the number of IP addresses observed from an AS or a geographical area follows a periodic pattern. Then, using Seasonal ARIMA to statistically model IBR data, we predict the number of IPs for the next time window. Significant deviations from these predictions indicate an outage. We evaluated Chocolatine using data from the UCSD Network Telescope, operated by CAIDA, with a set of documented outages. Our experiments show that the proposed methodology achieves a good trade-off between true-positive rate (90%) and false-positive rate (2%) and largely outperforms CAIDA's own IBR-based detection method. Furthermore, performing a comparison against other methods, i.e., with BGP monitoring and active probing, we observe that Chocolatine shares a large common set of outages with them in addition to many specific outages that would otherwise go undetected.Comment: TMA 201

Unambiguous, Real-Time and Accurate Map Matching for Multiple Sensing Sources

International audienceSmart Cities need real time information to improve the efficiency of their transportation systems. In particular, crowd sensing may help to identify the current speed for each street, the congested areas, etc. In this context, map matching techniques are required to map a sequence of GPS waypoints into a set of streets on a common map. Unfortunately, most map matching approaches are probabilistic. We propose rather an unambiguous algorithm, able to identify all the possible paths that match a given sequence of waypoints. We need an unambiguous identification for each waypoints set. For instance, the actual speed should be assigned to the correct set of streets, without error. To identify all the possible streets, we construct the set of candidates iteratively. We identify all the edge candidates around each waypoint, and reconstruct all the possible sub-routes that connect them. We then verify a set of constraints, to eliminate impossible routes. The road segments common to all computed routes form an unambiguous match. We evaluate the matching ratio of our technique on real city maps (London, Paris and Luxembourg). We also validate our approach with a real GPS trace in Seattle

Using Virtual Coordinates in the Establishment of Inter-domain LSPs

this paper, we propose two heuristics to select the downstream AS and the ingress router inside this AS for the establishment of inter-domain LSPs. Then, we evaluate them in terms of the quality of the resulting paths and the number of unsuccessful attempt