SCION: Scalability, Control, and Isolation On Next-Generation Networks (CMU-CyLab-10-020)
نویسندگان
چکیده
We present the first Internet architecture designed to provide route control, failure isolation, and explicit trust information for end-to-end communications. SCION separates ASes into groups of independent routing sub-planes, called trust domains, which then interconnect to form complete routes. Trust domains provide natural isolation of routing failures and human misconfiguration, give endpoints strong control for both inbound and outbound traffic, provide meaningful and enforceable trust, and enable scalable routing updates with high path freshness. As a result, our architecture provides strong resilience and security properties as an intrinsic consequence of good design principles, avoiding piecemeal add-on protocols as security patches. Meanwhile, SCION only assumes that a few top-tier ISPs in the trust domain are trusted for providing reliable end-to-end communications, thus achieving a small Trusted Computing Base. Both our security analysis and evaluation results show that SCION naturally prevents numerous attacks and provides a high level of resilience, scalability, control, and isolation.
منابع مشابه
SCION Five Years Later: Revisiting Scalability, Control, and Isolation on Next-Generation Networks
The Internet has been successful beyond even the most optimistic expectations. It permeates and intertwines with almost all aspects of our society and economy. The success of the Internet has created a dependency on communication as many of the processes underpinning the foundations of modern society would grind to a halt should communication become unavailable. However, much to our dismay, the...
متن کاملBUZZ: Testing Context-Dependent Policies in Stateful Data Planes (CMU-CyLab-14-013)
Network operators spend significant effort in ensuring that the network meets their intended policies. While recent work on checking reachability and isolation policies have taken giant strides in this regard, they do not handle context-dependent policies that operators implement via stateful data plane elements. To address this challenge, we present the design and implementation of BUZZ, a tes...
متن کاملDesigning Large-Scale ASTN-Based Optical Mesh Networks
Automatically Switched Transport Network (ASTN) has many capabilities, such as dynamic connection/routing, that make it attractive for traffic engineering and optimization of next generation large scale optical mesh backbones. With increasing traffic demand spanning large geographic areas, optical mesh networks need to grow rapidly in terms of degree of meshing, bandwidth, and number of nodes. ...
متن کاملThe SCION Internet Architecture An Internet Architecture for the 21st Century
The Internet has been successful beyond even the most optimistic expectations. It permeates and intertwines with almost all aspects of our society and economy. The success of the Internet has created a dependency on communication as many of the processes underpinning the foundations of modern society would grind to a halt should communication become unavailable. However, much to our dismay, the...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011