NetQuery: a knowledge plane for reasoning about network properties

This paper presents the design and implementation of NetQuery, a knowledge plane for federated networks such as the Internet. In such networks, not all administrative domains will generate information that an application can trust and many administrative domains may have restrictive policies on disclosing network information. Thus, both the trustworthiness and accessibility of network information pose obstacles to effective reasoning. NetQuery employs trustworthy computing techniques to facilitate reasoning about the trustworthiness of information contained in the knowledge plane while preserving confidentiality guarantees for operator data. By characterizing information disclosure between operators, NetQuery enables remote verification of advertised claims and contractual stipulations; this enables new applications because network guarantees can span administrative boundaries. We have implemented NetQuery, built several NetQuery-enabled devices, and deployed applications for cloud datacenters, enterprise networks, and the Internet. Simulations, testbed experiments, and a deployment on a departmental network indicate NetQuery can support hundreds of thousands of operations per second and can thus scale to large ISPs.

[1]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[2]  Walter Willinger,et al.  cSamp: A System for Network-Wide Flow Monitoring , 2008, NSDI.

[3]  Leendert van Doorn,et al.  The IBM PCIXCC: A new cryptographic coprocessor for the IBM eServer , 2004, IBM J. Res. Dev..

[4]  Jennifer Rexford,et al.  Accountability in hosted virtual networks , 2009, VISA '09.

[5]  Nick Feamster,et al.  MINT: a Market for INternet Transit , 2008, CoNEXT '08.

[6]  Srinivasan Seshan,et al.  Wifi-Reports: Improving Wireless Network Selection with Collaboration , 2010, IEEE Transactions on Mobile Computing.

[7]  Trent Jaeger,et al.  Attestation-based policy enforcement for remote access , 2004, CCS '04.

[8]  Martín Casado,et al.  Flow-Cookies: Using Bandwidth Amplification to Defend Against DDoS Flooding Attacks , 2006, 200614th IEEE International Workshop on Quality of Service.

[9]  Nick Feamster,et al.  Packets with Provenance , 2008 .

[10]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[11]  Emin Gün Sirer,et al.  Nexus: a new operating system for trustworthy computing , 2005, SOSP '05.

[12]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[13]  Xu Chen,et al.  DECOR: DEClaritive network management and OpeRation , 2009, PRESTO '09.

[14]  Nick Feamster,et al.  Accountable internet protocol (aip) , 2008, SIGCOMM '08.

[15]  Zheng Cai,et al.  Design and implementation of the Maestro network control platform , 2008 .

[16]  Jennifer Rexford,et al.  Stealth Probing: Efficient Data-Plane Security for IP Routing , 2006, USENIX Annual Technical Conference, General Track.

[17]  Nick G. Duffield,et al.  Trajectory sampling for direct traffic observation , 2001, TNET.

[18]  Katerina J. Argyraki,et al.  Verifiable network-performance measurements , 2010, CoNEXT.

[19]  Thomas E. Anderson,et al.  An End to the Middle , 2009, HotOS.

[20]  Martín Abadi,et al.  Unified Declarative Platform for Secure Netwoked Information Systems , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[21]  Adrian Perrig,et al.  Help Me Help You: Using Trustworthy Host-Based Information in the Network (CMU-CyLab-09-016) , 2009 .

[22]  Olivier Bonaventure,et al.  Achieving sub-second IGP convergence in large IP networks , 2005, CCRV.

[23]  Daniel W. Manchala E-Commerce Trust Metrics and Models , 2000, IEEE Internet Comput..

[24]  Emin Gün Sirer,et al.  Nexus authorization logic (NAL): Design rationale and applications , 2011, TSEC.

[25]  James Hendricks,et al.  Secure bootstrap is not enough: shoring up the trusted computing base , 2004, EW 11.

[26]  Xin Liu,et al.  Efficient and Secure Source Authentication with Packet Passports , 2006, SRUTI.

[27]  David D. Clark,et al.  A knowledge plane for the internet , 2003, SIGCOMM '03.

[28]  Sharon Goldberg,et al.  Rationality and traffic attraction: incentives for honest path announcements in bgp , 2008, SIGCOMM '08.

[29]  Rajeev Rastogi,et al.  Restoration algorithms for virtual private networks in the hose model , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[30]  Jeff Z. Pan,et al.  Resource Description Framework , 2020, Definitions.

[31]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[32]  Nick McKeown,et al.  Delegating network security with more information , 2009, WREN '09.

[33]  Hari Balakrishnan,et al.  Not-a-Bot: Improving Service Availability in the Face of Botnet Attacks , 2009, NSDI.

[34]  Andreas Haeberlen,et al.  NetReview: Detecting When Interdomain Routing Goes Wrong , 2009, NSDI.

[35]  Antony I. T. Rowstron,et al.  Network exception handlers: host-network control in enterprise networks , 2008, SIGCOMM '08.

[36]  Marten van Dijk,et al.  Efficient memory integrity verification and encryption for secure processors , 2003, Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36..

[37]  Emin Gün Sirer,et al.  Securing BGP Using External Security Monitors , 2006 .