NetQuery: a knowledge plane for reasoning about network properties

Depending on their configuration, administration, and provisioning, networks provide drastically different features. For instance, some networks provide little failure resilience while others provision failover capacity and deploy middleboxes to protect against denial of service attacks [1, 2]. Yet the standard IP interface masks these differences; every network appears to provide the same basic "dial-tone" service. Consequently, clients that desire certain network properties must resort to ad hoc techniques to detect these differences or must target the lowest common denominator service.

[1]  Morrie Gasser,et al.  The Digital Distributed System Security Architecture , 1989 .

[2]  Daniel W. Manchala E-Commerce Trust Metrics and Models , 2000, IEEE Internet Comput..

[3]  Nick G. Duffield,et al.  Trajectory sampling for direct traffic observation , 2000, TNET.

[4]  Rajeev Rastogi,et al.  Restoration algorithms for virtual private networks in the hose model , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[5]  David D. Clark,et al.  A knowledge plane for the internet , 2003, SIGCOMM '03.

[6]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[7]  Marten van Dijk,et al.  Efficient memory integrity verification and encryption for secure processors , 2003, Proceedings. 36th Annual IEEE/ACM International Symposium on Microarchitecture, 2003. MICRO-36..

[8]  Leendert van Doorn,et al.  The IBM PCIXCC: A new cryptographic coprocessor for the IBM eServer , 2004, IBM J. Res. Dev..

[9]  Trent Jaeger,et al.  Attestation-based policy enforcement for remote access , 2004, CCS '04.

[10]  James Hendricks,et al.  Secure bootstrap is not enough: shoring up the trusted computing base , 2004, EW 11.

[11]  Randy H. Katz,et al.  Reconciling Cooperation with Confidentiality in Multi-Provider Distributed Systems , 2004 .

[12]  Emin Gün Sirer,et al.  Nexus: a new operating system for trustworthy computing , 2005, SOSP '05.

[13]  Olivier Bonaventure,et al.  Achieving sub-second IGP convergence in large IP networks , 2005, CCRV.

[14]  Sean W. Smith,et al.  Preventing theft of quality of service on open platforms , 2005, Workshop of the 1st International Conference on Security and Privacy for Emerging Areas in Communication Networks, 2005..

[15]  Emin Gün Sirer,et al.  Securing BGP Using External Security Monitors , 2006 .

[16]  Xin Liu,et al.  Efficient and Secure Source Authentication with Packet Passports , 2006, SRUTI.

[17]  Martín Casado,et al.  Flow-Cookies: Using Bandwidth Amplification to Defend Against DDoS Flooding Attacks , 2006, 200614th IEEE International Workshop on Quality of Service.

[18]  Arun Venkataramani,et al.  iPlane: an information plane for distributed services , 2006, OSDI '06.

[19]  Jennifer Rexford,et al.  Stealth Probing: Efficient Data-Plane Security for IP Routing , 2006, USENIX Annual Technical Conference, General Track.

[20]  D. Clark,et al.  Complexity of Internet Interconnections: Technology, Incentives and Implications for Policy , 2007 .

[21]  Bobby Bhattacharjee,et al.  Accountability as a Service , 2007, SRUTI.

[22]  Claudia Keser,et al.  Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[23]  Zheng Cai,et al.  Design and implementation of the Maestro network control platform , 2008 .

[24]  Martín Casado,et al.  NOX: towards an operating system for networks , 2008, CCRV.

[25]  Wu-chang Feng,et al.  The case for network witnesses , 2008, 2008 4th Workshop on Secure Network Protocols.

[26]  Nick Feamster,et al.  Packets with Provenance , 2008 .

[27]  Walter Willinger,et al.  cSamp: A System for Network-Wide Flow Monitoring , 2008, NSDI.

[28]  Nick Feamster,et al.  MINT: a Market for INternet Transit , 2008, CoNEXT '08.

[29]  Yun Wang The Evil Twin , 2008, SIGGRAPH Asia '08.

[30]  Sharon Goldberg,et al.  Rationality and traffic attraction: incentives for honest path announcements in bgp , 2008, SIGCOMM '08.

[31]  Antony I. T. Rowstron,et al.  Network exception handlers: host-network control in enterprise networks , 2008, SIGCOMM '08.

[32]  Thomas E. Anderson,et al.  An End to the Middle , 2009, HotOS.

[33]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[34]  Jeff Z. Pan,et al.  Resource Description Framework , 2020, Definitions.

[35]  Adrian Perrig,et al.  Help Me Help You: Using Trustworthy Host-Based Information in the Network (CMU-CyLab-09-016) , 2009 .

[36]  Hari Balakrishnan,et al.  Not-a-Bot: Improving Service Availability in the Face of Botnet Attacks , 2009, NSDI.

[37]  Nick McKeown,et al.  Delegating network security with more information , 2009, WREN '09.

[38]  Andreas Haeberlen,et al.  NetReview: Detecting When Interdomain Routing Goes Wrong , 2009, NSDI.

[39]  Martín Abadi,et al.  Unified Declarative Platform for Secure Netwoked Information Systems , 2009, 2009 IEEE 25th International Conference on Data Engineering.

[40]  H. Niedermayer,et al.  Accountable Internet Protocol , 2009 .

[41]  Jennifer Rexford,et al.  Accountability in hosted virtual networks , 2009, VISA '09.

[42]  Srinivasan Seshan,et al.  Wifi-Reports: Improving Wireless Network Selection with Collaboration , 2010, IEEE Transactions on Mobile Computing.

[43]  Z. Morley Mao,et al.  DECOR: DEClarative network management and OpeRation , 2010, CCRV.

[44]  Katerina J. Argyraki,et al.  Verifiable network-performance measurements , 2010, Co-NEXT '10.

[45]  Emin Gün Sirer,et al.  Nexus authorization logic (NAL): Design rationale and applications , 2011, TSEC.