Architectural support for copy and tamper resistant software
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
Trajectory sampling for direct traffic observation
IEEE/ACM Transactions on Networking (TON)
IEEE/ACM Transactions on Networking (TON)
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
FRTR: A Scalable Mechanism for Global Routing Table Consistency
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Architecture for Protecting Critical Secrets in Microprocessors
Proceedings of the 32nd annual international symposium on Computer Architecture
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions
Proceedings of the 32nd annual international symposium on Computer Architecture
Nooks: an architecture for reliable device drivers
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
How to lease the internet in your spare time
ACM SIGCOMM Computer Communication Review
Design and implementation of a routing control platform
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Stealth probing: efficient data-plane security for IP routing
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
Accurate and efficient SLA compliance monitoring
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
PeerReview: practical accountability for distributed systems
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Hardware-rooted trust for secure key management and transient trust
Proceedings of the 14th ACM conference on Computer and communications security
Flicker: an execution infrastructure for tcb minimization
Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
OpenFlow: enabling innovation in campus networks
ACM SIGCOMM Computer Communication Review
Path-quality monitoring in the presence of adversaries
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
A survey of network virtualization
Computer Networks: The International Journal of Computer and Telecommunications Networking
Dynamic bandwidth allocation for preventing congestion in data center networks
ISNN'11 Proceedings of the 8th international conference on Advances in neural networks - Volume Part III
NetQuery: a knowledge plane for reasoning about network properties
Proceedings of the ACM SIGCOMM 2011 conference
Monitoring, aggregation and filtering for efficient management of virtual networks
Proceedings of the 7th International Conference on Network and Services Management
Verifiable network function outsourcing: requirements, challenges, and roadmap
Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization
Minimum disclosure routing for network virtualization and its experimental evaluation
IEEE/ACM Transactions on Networking (TON)
| Hi-index | 0.00 |
Virtualization enables multiple networks, each customized for a particular purpose, to run concurrently over a shared substrate. One such model for managing these virtual networks is to create a hosting platform where companies can deploy services by leasing a portion of several physical routers. While lowering the barrier for innovation in the network, this model introduces new security concerns. In this paper we examine the issue of accountability in this setting of hosted virtual networks. That is, how a service provider can know its software is running without modification and that the infrastructure provider's physical router is forwarding packets as instructed with the quality of service promised. Rather than presenting a single specification of what every router on the Internet must look like, in this paper we examine two possible approaches: one that detects violations by monitoring the service and one that prevents violations from occurring in the first place. For each, we provide a description of an architecture that can be achieved with technology available today, the limitations of that architecture, and then propose an extension which overcomes the limitations.