Trajectory sampling for direct traffic observation
IEEE/ACM Transactions on Networking (TON)
E-Commerce Trust Metrics and Models
IEEE Internet Computing
Computer
A knowledge plane for the internet
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Efficient Memory Integrity Verification and Encryption for Secure Processors
Proceedings of the 36th annual IEEE/ACM International Symposium on Microarchitecture
The IBM PCIXCC: a new cryptographic coprocessor for the IBM eServer
IBM Journal of Research and Development
Attestation-based policy enforcement for remote access
Proceedings of the 11th ACM conference on Computer and communications security
Achieving sub-second IGP convergence in large IP networks
ACM SIGCOMM Computer Communication Review
Nexus: a new operating system for trustworthy computing
Proceedings of the twentieth ACM symposium on Operating systems principles
Secure bootstrap is not enough: shoring up the trusted computing base
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Efficient and secure source authentication with packet passports
SRUTI'06 Proceedings of the 2nd conference on Steps to Reducing Unwanted Traffic on the Internet - Volume 2
Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
iPlane: an information plane for distributed services
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Stealth probing: efficient data-plane security for IP routing
ATEC '06 Proceedings of the annual conference on USENIX '06 Annual Technical Conference
SRUTI'07 Proceedings of the 3rd USENIX workshop on Steps to reducing unwanted traffic on the internet
NOX: towards an operating system for networks
ACM SIGCOMM Computer Communication Review
CSAMP: a system for network-wide flow monitoring
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Network exception handlers: host-network control in enterprise networks
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Rationality and traffic attraction: incentives for honest path announcements in bgp
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Accountable internet protocol (aip)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Lest we remember: cold boot attacks on encryption keys
SS'08 Proceedings of the 17th conference on Security symposium
MINT: a Market for INternet Transit
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Unified Declarative Platform for Secure Netwoked Information Systems
ICDE '09 Proceedings of the 2009 IEEE International Conference on Data Engineering
Wifi-reports: improving wireless network selection with collaboration
Proceedings of the 7th international conference on Mobile systems, applications, and services
Not-a-Bot: improving service availability in the face of botnet attacks
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
NetReview: detecting when interdomain routing goes wrong
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Accountability in hosted virtual networks
Proceedings of the 1st ACM workshop on Virtualized infrastructure systems and architectures
Delegating network security with more information
Proceedings of the 1st ACM workshop on Research on enterprise networking
DECOR: DEClarative network management and OpeRation
ACM SIGCOMM Computer Communication Review
HotOS'09 Proceedings of the 12th conference on Hot topics in operating systems
Verifiable network-performance measurements
Proceedings of the 6th International COnference
Optimal content placement for a large-scale VoD system
Proceedings of the 6th International COnference
Nexus authorization logic (NAL): Design rationale and applications
ACM Transactions on Information and System Security (TISSEC)
Using trustworthy host-based information in the network
Proceedings of the seventh ACM workshop on Scalable trusted computing
Pasture: secure offline data access using commodity trusted hardware
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
Improving availability in distributed systems with failure informers
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Participatory networking: an API for application control of SDNs
Proceedings of the ACM SIGCOMM 2013 conference on SIGCOMM
| Hi-index | 0.00 |
This paper presents the design and implementation of NetQuery, a knowledge plane for federated networks such as the Internet. In such networks, not all administrative domains will generate information that an application can trust and many administrative domains may have restrictive policies on disclosing network information. Thus, both the trustworthiness and accessibility of network information pose obstacles to effective reasoning. NetQuery employs trustworthy computing techniques to facilitate reasoning about the trustworthiness of information contained in the knowledge plane while preserving confidentiality guarantees for operator data. By characterizing information disclosure between operators, NetQuery enables remote verification of advertised claims and contractual stipulations; this enables new applications because network guarantees can span administrative boundaries. We have implemented NetQuery, built several NetQuery-enabled devices, and deployed applications for cloud datacenters, enterprise networks, and the Internet. Simulations, testbed experiments, and a deployment on a departmental network indicate NetQuery can support hundreds of thousands of operations per second and can thus scale to large ISPs.