A Secure Programming Paradigm for Network Virtualization ( Invited Paper )

The central paradigm of today’s successful Internet is to keep the network core simple and move complexity towards the network end points. Unfortunately, this very paradigm limits network management and control capabilities, and creates opportunities for attacks such as worms, viruses, and spam that often seriously disrupt and degrade Internet and user performance. The thrust of this paper is that such problems cannot be effectively solved unless a paradigm shift is adopted. Towards a more secure and manageable Internet, we propose “virtualization” of the Internet, by carefully balancing its scalability and programmability properties. Our objective is to provide a programmable virtual Internet to users and to let them manage, control, and optimize it based on their individual needs.

[1]  Carl A. Gunter,et al.  PLAN: a packet language for active networks , 1998, ICFP '98.

[2]  G.J. Minden,et al.  A survey of active network research , 1997, IEEE Communications Magazine.

[3]  Narciso Martí-Oliet,et al.  Maude: specification and programming in rewriting logic , 2002, Theor. Comput. Sci..

[4]  Markus Wenzel,et al.  Isabelle/Isar , 2006, The Seventeen Provers of the World.

[5]  Catherine Rosenberg,et al.  Cyber defense technology networking and evaluation , 2004, CACM.

[6]  Peter Druschel,et al.  Pastry: Scalable, distributed object location and routing for large-scale peer-to- , 2001 .

[7]  John V. Guttag,et al.  ANTS: a toolkit for building and dynamically deploying network protocols , 1998, 1998 IEEE Open Architectures and Network Programming.

[8]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[9]  William M. Farmer,et al.  IMPS: An interactive mathematical proof system , 1990, Journal of Automated Reasoning.

[10]  Amin Vahdat,et al.  Detour: a Case for Informed Internet Routing and Transport , 2007 .

[11]  Kenneth L. Calvert,et al.  Directions in active networks , 1998 .

[12]  Dawson R. Engler,et al.  Static Analysis Versus Model Checking for Bug Finding , 2005, CONCUR.

[13]  Eddie Kohler,et al.  The Click modular router , 1999, SOSP.

[14]  Ness B. Shroff,et al.  Emulation versus simulation: a case study of TCP-targeted denial of service attacks , 2006, 2nd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities, 2006. TRIDENTCOM 2006..

[15]  Konstantine Arkoudas Certified Computation , 2020 .

[16]  M. Mellia,et al.  Click vs. Linux: two efficient open-source IP network stacks for software routers , 2005, HPSR. 2005 Workshop on High Performance Switching and Routing, 2005..

[17]  Zhong Shao,et al.  Building certified libraries for PCC: dynamic storage allocation , 2003, Sci. Comput. Program..

[18]  Srinivasan Seshan,et al.  Enabling conferencing applications on the internet using an overlay muilticast architecture , 2001, SIGCOMM '01.

[19]  William A. Arbaugh,et al.  Safety and security of programmable network infrastructures , 1998, IEEE Commun. Mag..

[20]  Ossama Younis,et al.  FlowMate: scalable on-line flow clustering , 2005, IEEE/ACM Transactions on Networking.

[21]  K. K. Ramakrishnan,et al.  Eliminating receive livelock in an interrupt-driven kernel , 1996, TOCS.

[22]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[23]  Manish Mahajan,et al.  Proof carrying code , 2015 .

[24]  Sibylle Schupp,et al.  The Tecton Concept Library , 1999 .

[25]  Sonia Fahmy,et al.  Characterizing overlay multicast networks , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[26]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[27]  Bharat K. Bhargava,et al.  On detecting service violations and bandwidth theft in QoS network domains , 2003, Comput. Commun..

[28]  Konstantinos Arkoudas Denotational proof languages , 2000 .

[29]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[30]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[31]  Andrew W. Appel,et al.  A stratified semantics of general references embeddable in higher-order logic , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[32]  George C. Necula,et al.  A certifying compiler for Java , 2000, PLDI '00.

[33]  George C. Necula,et al.  Efficient Representation and Validation of Logical Proofs , 1997, LICS 1997.

[34]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[35]  Kirk L. Johnson,et al.  Overcast: reliable multicasting with on overlay network , 2000, OSDI.

[36]  Experiences with a high-speed network adaptor: a software perspective , 1994 .

[37]  Lori A. Clarke,et al.  FLAVERS: A finite state verification technique for software systems , 2002, IBM Syst. J..