file.pdf (151.31 kB)
Holding the Internet Accountable
journal contributionposted on 2010-08-01, 00:00 authored by David G. Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyong Moon, Scott Shenker
Today’s IP network layer provides little to no protection against misconfiguration or malice. Despite some progress in improving the robustness and security of the IP layer, misconfigurations and attacks still occur frequently. We show how a network layer that provides accountability, i.e., the ability to associate each action with the responsible entity, provides a firm foundation for defenses against misconfiguration and malice. We present the design of a network layer that incorporates accountability called AIP (Accountable Internet Protocol) and show how its features—notably, its use of self-certifying addresses— can improve both source accountability (the ability to trace actions to a particular end host and stop that host from misbehaving) and control-plane accountability (the ability to pinpoint and prevent attacks on routing).