CAREER: Dependable Network Communication

职业：可靠的网络通信

• 批准号: 0133495
• 负责人: David Wetherall
• 金额: $ 35.5万
• 依托单位: University of Washington
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2002
• 资助国家: 美国
• 起止时间: 2002-08-15 至 2008-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0133495&HistoricalAwards=false
• 关键词: CAREER; Dependable; Network; Communication

The researcher's agenda over the next decade is to improve the robustness of network communication services to the point that they are suitable for applications that depend on assured connectivity. In this proposal, the researcher focuses on the key goal of containing the effects of router misconfigurations, implementation bugs in routing protocols, and other insider faults that, if left unchecked, can cause widespread loss of connectivity. Dependable communications are of clear importance as critical applications in the areas of aviation, medical services, emergency services, utilities and defense become integrated with the Internet. Yet the Internet today cannot be depended on because the routing protocols that provide connectivity are themselves fragile. They take a bimodal approach to security: well-developed cryptographic techniques are used to authenticate trusted entities and protect the protocol from untrusted attackers, but no further checks are placed on the information provided by an entity once it has been authenticated. The result is that once an inadvertent error or attacker slips in, the scope of error is potentially unbounded. As one example of a well-known, spectacular failure, misconfiguration at a Virginia-based ISP caused most Internet backbone traffic to be misdirected for up to two hours in April 1997. Data from one study of Internet failures suggests that insider faults account for roughly five times more trouble tickets than malicious attacks, such as denial-of-service. The researcher proposes to work towards the design of routing protocols that are able to efficiently tolerate the above kind of insider faults. Detecting and containing these faults is a challenging problem because traditional security techniques are often ineffective. For example, authentication can validate what entity sent which message, but not that the entity is behaving correctly. The key to his approach is to extend routing protocols with information that can be used by the participants to consistency-check the behavior of each other. This is a novel strategy that differs from most of the prior work, which is focused on adding security in the context of existing routing protocols. The researcher illustrates the approach in this proposal by describing his research on a robust congestion signaling protocol, where it was applied to substantial advantage in a related domain. To begin this work, the researcher will conduct a measurement study of configuration errors in BGP, the routing protocol used across the backbone of the Internet. I have already started this task, and include some preliminary results in the proposal. Such a study is important because there is little data to quantify the kind, prevalence or impact of insider faults. Armed with these results, the researcher will design routing protocols that limit the loss of connectivity caused by common faults. the researchers philosophy is to first put aside deployment considerations to focus on what can be achieved as a more fundamental result with a clean-slate design, and then map the designs into the context of existing routing protocols. Specifically, he will reason about the minimal mechanism required to handle different kinds of faults, and evaluate the costs of that mechanism by using a combination of implementation, simulation, and comparison to alternatives in the literature. The researcher's approach is also to tackle the simplest, non-malicious insider faults first and work towards progressively more complex classes of faults, rather than beginning with the design of a .Byzantine robust. protocol. This has the advantages of both breaking a known, hard problem into pieces, and exposing the increased computational costs of tolerating more complex faults. At all of the above stages, the researcher will cross-fertilize my research and education activities as described in the proposal. The researcher will bring his research into the classroom to enliven lectures, and bring students, their projects, and overlapping infrastructure such as the proposed animations back into his research. If successful, this work will deepen the understanding of dependable network communication and how routing protocols can efficiently contain faults. This in turn will lay a foundation for research and education on dependable distributed systems that rely on the composition of routing protocols with other components such as transport protocols and name resolution.

研究人员在未来十年的议程是提高网络通信服务的鲁棒性，使其适用于依赖于有保证的连接的应用程序。在这项提案中，研究人员的重点是控制路由器错误配置的影响，路由协议中的实现错误，以及其他内部故障，如果不加以检查，可能会导致广泛的连接丢失的关键目标。 随着航空、医疗服务、紧急服务、公用事业和国防等领域的关键应用与互联网的集成，依赖性通信具有明显的重要性。然而，今天的互联网不能依赖，因为提供连接的路由协议本身就很脆弱。它们采用了一种双峰式的安全方法：成熟的加密技术被用来验证可信实体并保护协议免受不可信攻击者的攻击，但一旦实体被验证，就不会对它提供的信息进行进一步的检查。 其结果是，一旦无意的错误或攻击者溜进来，错误的范围可能是无限的。作为一个众所周知的重大故障的例子，1997年4月，设在尼日利亚的一家ISP的配置错误导致大多数因特网主干网流量被错误定向长达两个小时。一项关于互联网故障的研究数据表明，内部故障造成的故障单比恶意攻击（如拒绝服务）多出大约五倍。 研究人员建议努力设计的路由协议，能够有效地容忍上述内部故障。检测和包含这些故障是一个具有挑战性的问题，因为传统的安全技术往往是无效的。例如，身份验证可以验证哪个实体发送了哪个消息，但不能验证该实体的行为是否正确。他的方法的关键是扩展路由协议的信息，可用于参与者的一致性检查彼此的行为。这是一种新的策略，不同于大多数以前的工作，这是专注于增加现有的路由协议的上下文中的安全性。研究人员通过描述他对一个鲁棒的拥塞信令协议的研究来说明这个建议中的方法，在这个协议中，它在相关领域中被应用到实质性的优势。 为了开始这项工作，研究人员将进行BGP配置错误的测量研究，BGP是互联网主干上使用的路由协议。我已经开始这项工作，并在建议中包括一些初步结果。这样的研究很重要，因为几乎没有数据可以量化内部人员错误的种类、普遍性或影响。有了这些结果，研究人员将设计路由协议，限制常见故障造成的连接丢失。研究人员的理念是，首先将部署考虑放在一边，专注于通过全新设计可以实现的更基本的结果，然后将设计映射到现有路由协议的上下文中。具体而言，他将推理处理不同类型故障所需的最小机制，并通过使用实现，模拟和文献中替代方案的比较来评估该机制的成本。研究人员的方法也是首先解决最简单的，非恶意的内部故障，并逐步走向更复杂的故障类别，而不是从设计拜占庭式的鲁棒开始。议定书这样做的好处是既可以将已知的难题分解成多个部分，又可以暴露出容忍更复杂故障所增加的计算成本。 在上述所有阶段，研究人员将交叉施肥我的研究和教育活动中所描述的建议。 研究人员将把他的研究带入课堂，使讲座生动起来，并把学生、他们的项目和重叠的基础设施（如拟议的动画）带回他的研究中。如果成功，这项工作将加深对可靠网络通信以及路由协议如何有效地包含故障的理解。这反过来又将为可靠分布式系统的研究和教育奠定基础，这些系统依赖于路由协议与传输协议和名称解析等其他组件的组合。