Towards a Framework for Evaluating BGP Security
نویسندگان
چکیده
Security and performance evaluation of Internet protocols can be greatly aided by emulation in realistic deployment scenarios. We describe our implementation of such methods which uses high-level abstractions to bring simplicity into a virtualized test-lab. We argue that current test-labs have not adequately captured those challenges, partly because their design is too static. To achieve more flexibility and to allow the experimenter to easily deploy many alternative scenarios we need abstractions that allow auto-configuration and auto-deployment of real router and server code in a multi-AS infrastructure. We need to be able to generate scenarios for multi-party players in a fully isolated emulated test-lab and deploy the network using virtualized routers, switches, and servers. In this paper, our abstractions are specifically designed to evaluate the BGP security framework currently being documented by the IETF SIDR working group. We capture the relevant aspects of the SIDR security proposals, and allow experimenters to evaluate the technology in topologies of real router and server code. We believe such methods are also useful for teaching newcomers and operators, as it allows them to gain experience in a sand-box before deployment. It allows security experts to set up controlled experiments at various levels of complexity, and concentrate on discovering weaknesses, instead of having to spend time on tedious configuration tasks. Finally, it allows router vendors and implementers to test their code and to perform scalability evaluation.
منابع مشابه
Performance Evaluation of Distributed Security Protocols Using Discrete Event Simulation
The Border Gateway Protocol (BGP) that manages inter-domain routing on the Internet lacks security. Protective measures using public key cryptography introduce complexities and costs. To support authentication and other security functionality in large networks, we need public key infrastructures (PKIs). Protocols that distribute and validate certificates introduce additional complexities and co...
متن کاملAn Algebra For Basic Graph Patterns
Motivated by recent developments in the dataspaces, web, and personal information management communities, we outline research directions on query processing for SPARQL, the W3C recommendation language for querying RDF triple stores. The core of each SPARQL query is a basic graph pattern (BGP). BGP is a little logic for extracting subsets of related nodes in an RDF graph. In this paper we undert...
متن کاملA Program Logic for Verifying Secure Routing Protocols
The Internet, as it stands today, is highly vulnerable to attacks. However, little has been done to understand and verify the formal security guarantees of proposed secure inter-domain routing protocols, such as Secure BGP (S-BGP). In this paper, we develop a sound program logic for SANDLog—a declarative specification language for secure routing protocols—for verifying properties of these proto...
متن کاملA Framework for BGP Abnormal Events Detection
Detection of abnormal BGP events is of great importance to preserve the security and robustness of the Internet interdomain routing system. In this paper, we propose an anomaly detection framework based on machine learning techniques to identify the anomalous events by training a model for normal BGP-updates and measuring the extent of deviation from the normal model during the abnormal occasio...
متن کاملStatus of this Memo BGP Session Security Requirements
The document "BGP security requirements" (draft-ietf-rpsec-bgpsecrec) specifies general security requirements for BGP. However, specific security requirements for single BGP sessions, i.e., the connection between two BGP peers, are only touched on briefly in the section "transport layer protection". This document expands on this particular aspect of BGP security, defining the security requireme...
متن کامل