research-article

A declarative approach for secure and robust routing

Authors:

Palanivel A. Kodeswaran,

Timothy W. Finin,

Filip PerichAuthors Info & Claims

SafeConfig '10: Proceedings of the 3rd ACM workshop on Assurable and usable security configuration

Pages 45 - 52

https://doi.org/10.1145/1866898.1866906

Published: 04 October 2010 Publication History

Abstract

Many Internet failures are caused by misconfigurations of the BGP routers that manage routing of traffic between domains. The problems are usually due to a combination of human errors and the lack of a high-level language for specifying routing policies that can be used to generate router configurations. We describe an implemented approach that uses a declarative language for specifying network-wide routing policies to automatically configure routers and show how it can also be used by software agents to diagnose and correct some networking problems. The language is grounded in an ontology defined in OWL and polices expressed in it are automatically compiled into low-level router configurations. A distributed collection of software agents use the high-level policies and a custom argumentation protocol to share and reason over information about routing failures, diagnose probable causes, and correct them by reconfiguring routers and/or recommending actions to human operators. We have evaluated the framework in both a simulator and on a small physical network. Our results show that the framework performs well in identifying failure causes and automatically correcting them by reconfiguring routers when permitted by the policies.

References

[1]

}}C. Alaettinoglu, C. Villamizar, E. Gerich, D. Kessens, D. Meyer, T. Bates, D. Karrenberg, and M. Terpstra. Routing policy specification language (RPSL), 1999.

[2]

}}S. Bechhofer, F. Harmelen, J. Hendler, I. Horrocks, D. McGuinness, P. Patel-Schneider, and L.Stein. OWL Web Ontology Language Reference W3C Recommendation. Technical report, W3C, February 2004.

[3]

}}Cisco. Cisco Router Guide. Cisco Systems, Inc Website, 2007.

[4]

}}A. Dhamdhere, R. Teixeira, C. Dovrolis, and C. Diot. NetDiagnoser: Troubleshooting network unreachabilities using end-to-end probes and routing data. In Proceedings of the 3rd ACM International Conference on emerging Networking EXperiments and Technologies, pages 1--12. ACM, 2007.

Digital Library

[5]

}}A. Eriksson and A. L. Johansson. Neat explanation of proof trees. In Proceedings of the 9th international joint conference on artificial intelligence, pages 379--381. Morgan Kaufmann Publishers Inc., 1985.

Digital Library

[6]

}}N. Feamster, H. Balakrishnan, and J. Rexford. Some foundational problems in Interdomain routing. In In HotNets, 2004. (Cited on, pages 41--46, 2004.

[7]

}}E. Friedman-Hill. JESS in Action. Manning, 2003.

[8]

}}L. Gao. On inferring autonomous system relationships in the internet. IEEE/ACM Transactions on Networking (TON), 9(6), 2001.

Digital Library

[9]

}}T. L. Hinrichs, N. S. Gude, M. Casado, J. C. Mitchell, and S. Shenker. Practical declarative network management. In Proceedings of the 1st ACM workshop on Research on enterprise networking - WREN '09, page 1, New York, New York, USA, 2009. ACM Press.

Digital Library

[10]

}}A. Horn. On sentences which are true of direct unions of algebras. Journal of Symbolic Logic, 16(1):14--21, 1951.

[11]

}}Y. Huang, N. Feamster, and R. Teixeira. Practical Issues with Using Network Tomography for Fault Diagnosis.

[12]

}}P. Hunter. Pakistan YouTube block exposes fundamental Internet security weakness:: Concern that Pakistani action affected YouTube access elsewhere in world. Computer Fraud & Security, 2008(4):10--11, 2008.

[13]

}}P. Kodeswaran, S. B. Kodeswaran, A. Joshi, and F. Perich. Utilizing semantic policies for managing BGP route dissemination. In IEEE INFOCOM 2008 - IEEE Conference on Computer Communications Workshops, pages 1--4. IEEE, 2008.

[14]

}}O. Lassila and R. Swick. Resource description framework (RDF) model and syntax. Technical report, W3C, February 1999.

[15]

}}R. Mahajan, N. Spring, D. Wetherall, and T. Anderson. User-level internet path diagnosis. Operating systems review, 37(5):106--119, 2003.

Digital Library

[16]

}}R. Mahajan, D. Wetherall, and T. Anderson. Understanding BGP misconfiguration. In Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, pages 3--16. ACM, 2002.

Digital Library

[17]

}}R. Mahajan, D. Wetherall, and T. Anderson. Negotiation-based routing between neighboring ISPs. In Proceedings of the 2nd Symposium on Networked Systems Design & Implementation - Volume 2, 2005.

Digital Library

[18]

}}P. McBurney and S. Parsons. Locutions for Argumentation in Agent Interaction Protocols. In International Conference on Autonomous Agents, 2004.

Digital Library

[19]

}}M. OConnor, H. Knublauch, S. Tu, B. Grosof, M. Dean, W. Grosso, and M. Musen. Supporting rule system interoperability on the semantic web with SWRL. In Proceedings of the 4th International Semantic Web Conference, pages 974--986. Springer, 2005.

Digital Library

[20]

}}B. Quoitin and S. Uhlig. Modeling the Routing of an Autonomous System with C-BGP, 2005.

[21]

}}A. Voellmy and P. Hudak. Nettle: A language for configuring routing networks. In DSL '09: Proceedings of the IFIP TC 2 Working Conference on Domain-Specific Languages, pages 211--235, Berlin, Heidelberg, 2009. Springer-Verlag.

Digital Library

[22]

}}Y. Zhang, Z. M. Mao, and M. Zhang. Effective diagnosis of routing disruptions from end systems. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, 2008.

Digital Library

[23]

}}D. Zhu, M. Gritter, and D. R. Cheriton. Feedback based routing. SIGCOMM Computing Communication Revue, 33(1):71--76, 2003.

Digital Library

Cited By

Magazzeni DMcBurney PNash W(2017)Validation and Verification of Smart Contracts: A Research AgendaComputer10.1109/MC.2017.357104550:9(50-57)Online publication date: 22-Sep-2017
https://dl.acm.org/doi/10.1109/MC.2017.3571045
Kodeswaran PLi WJoshi AFinin TPerich F(2010)Enforcing secure and robust routing with declarative policies2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE10.1109/MILCOM.2010.5680362(44-49)Online publication date: Oct-2010
https://doi.org/10.1109/MILCOM.2010.5680362

Index Terms

A declarative approach for secure and robust routing
1. Networks
  1. Network services
    1. Network management

Recommendations

Implications of autonomy for the expressiveness of policy routing
Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications

Thousands of competing autonomous systems must cooperate with each other to provide global Internet connectivity. Each autonomous system (AS) encodes various economic, business, and performance decisions in its routing policy. The current interdomain ...
Implications of autonomy for the expressiveness of policy routing
SIGCOMM '05: Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications

Thousands of competing autonomous systems must cooperate with each other to provide global Internet connectivity. Each autonomous system (AS) encodes various economic, business, and performance decisions in its routing policy. The current interdomain ...
Implications of autonomy for the expressiveness of policy routing

Thousands of competing autonomous systems must cooperate with each other to provide global Internet connectivity. Each autonomous system (AS) encodes various economic, business, and performance decisions in its routing policy. The current interdomain ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SafeConfig '10: Proceedings of the 3rd ACM workshop on Assurable and usable security configuration

October 2010

98 pages

ISBN:9781450300933

DOI:10.1145/1866898

General Chair:
Tony Sager
National Security Agency, USA
,
Program Chairs:
Gail-Joon Ahn
Arizona State University, USA
,
Krishna Kant
Intel Corp./ National Science Foundation, USA
,
Heather Richter Lipford
University of North Carolina at Charlotte, USA

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 October 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '10

Sponsor:

SIGSAC

CCS '10: 17th ACM Conference on Computer and Communications Security 2010

October 4, 2010

Illinois, Chicago, USA

Acceptance Rates

Overall Acceptance Rate 22 of 61 submissions, 36%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
124
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Reflects downloads up to 29 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Magazzeni DMcBurney PNash W(2017)Validation and Verification of Smart Contracts: A Research AgendaComputer10.1109/MC.2017.357104550:9(50-57)Online publication date: 22-Sep-2017
https://dl.acm.org/doi/10.1109/MC.2017.3571045
Kodeswaran PLi WJoshi AFinin TPerich F(2010)Enforcing secure and robust routing with declarative policies2010 - MILCOM 2010 MILITARY COMMUNICATIONS CONFERENCE10.1109/MILCOM.2010.5680362(44-49)Online publication date: Oct-2010
https://doi.org/10.1109/MILCOM.2010.5680362

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents