Hierarchical packet fair queueing algorithms
IEEE/ACM Transactions on Networking (TON)
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
ACM Transactions on Computer Systems (TOCS)
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Internet indirection infrastructure
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
A Block-Cipher Mode of Operation for Parallelizable Message Authentication
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Secure traceroute to detect faulty or malicious routing
ACM SIGCOMM Computer Communication Review
Towards an accurate AS-level traceroute tool
Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications
Origin authentication in interdomain routing
Proceedings of the 10th ACM conference on Computer and communications security
A Survey of Secure Wireless Ad Hoc Routing
IEEE Security and Privacy
A system for authenticated policy-compliant routing
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
SPV: secure path vector routing for securing BGP
Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Steps towards a DoS-resistant internet architecture
Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
Loose source routing as a mechanism for traffic policies
Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture
A clean slate 4D approach to network control and management
ACM SIGCOMM Computer Communication Review
Source selectable path diversity via routing deflections
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
MIRO: multi-path interdomain routing
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
Proactive techniques for correct and predictable internet routing
Proactive techniques for correct and predictable internet routing
Design and implementation of a routing control platform
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Improving the reliability of internet paths with one-hop source routing
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Middleboxes no longer considered harmful
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
PHAS: a prefix hijack alert system
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
Ethane: taking control of the enterprise
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
An end-middle-end approach to connection establishment
Proceedings of the 2007 conference on Applications, technologies, architectures, and protocols for computer communications
NIRA: a new inter-domain routing architecture
IEEE/ACM Transactions on Networking (TON)
Path-quality monitoring in the presence of adversaries
SIGMETRICS '08 Proceedings of the 2008 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
NOX: towards an operating system for networks
ACM SIGCOMM Computer Communication Review
Phalanx: withstanding multimillion-node botnets
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Passport: secure and adoptable source authentication
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
To filter or to authorize: network-layer DoS defense against multimillion-node botnets
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
Accountable internet protocol (aip)
Proceedings of the ACM SIGCOMM 2008 conference on Data communication
TVA: a DoS-limiting network architecture
IEEE/ACM Transactions on Networking (TON)
Packet-dropping adversary identification for data plane security
CoNEXT '08 Proceedings of the 2008 ACM CoNEXT Conference
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
RouteBricks: exploiting parallelism to scale software routers
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
A Packet Generator on the NetFPGA Platform
FCCM '09 Proceedings of the 2009 17th IEEE Symposium on Field Programmable Custom Computing Machines
Protocols and lower bounds for failure localization in the internet
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Aggregate message authentication codes
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Building extensible networks with rule-based forwarding
OSDI'10 Proceedings of the 9th USENIX conference on Operating systems design and implementation
Bootstrapping accountability in the internet we have
Proceedings of the 8th USENIX conference on Networked systems design and implementation
Mutually controlled routing with independent ISPs
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
SCION: Scalability, Control, and Isolation on Next-Generation Networks
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
Secure Border Gateway Protocol (S-BGP)
IEEE Journal on Selected Areas in Communications
StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense
IEEE Journal on Selected Areas in Communications
A new approach to interdomain routing based on secure multi-party computation
Proceedings of the 11th ACM Workshop on Hot Topics in Networks
Increasing network resilience through edge diversity in NEBULA
ACM SIGMOBILE Mobile Computing and Communications Review
STRIDE: sanctuary trail -- refuge from internet DDoS entrapment
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Verifiable network function outsourcing: requirements, challenges, and roadmap
Proceedings of the 2013 workshop on Hot topics in middleboxes and network function virtualization
Journal of Network and Computer Applications
| Hi-index | 0.00 |
We describe a new networking primitive, called a Path Verification Mechanism (pvm). There has been much recent work about how senders and receivers express policies about the paths that their packets take. For instance, a company might want fine-grained control over which providers carry which traffic between its branch offices, or a receiver may want traffic sent to it to travel through an intrusion detection service. While the ability to express policies has been well-studied, the ability to enforce policies has not. The core challenge is: if we assume an adversarial, decentralized, and high-speed environment, then when a packet arrives at a node, how can the node be sure that the packet followed an approved path? Our solution, icing, incorporates an optimized cryptographic construction that is compact, and requires negligible configuration state and no PKI. We demonstrate icing's plausibility with a NetFPGA hardware implementation. At 93% more costly than an IP router on the same platform, its cost is significant but affordable. Indeed, our evaluation suggests that icing can scale to backbone speeds.