posted on 2010-08-01, 00:00authored byDavid G. Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyong Moon, Scott Shenker
Today’s IP network layer provides little to no protection
against misconfiguration or malice. Despite some progress
in improving the robustness and security of the IP layer,
misconfigurations and attacks still occur frequently. We
show how a network layer that provides accountability, i.e.,
the ability to associate each action with the responsible
entity, provides a firm foundation for defenses against
misconfiguration and malice. We present the design of
a network layer that incorporates accountability called
AIP (Accountable Internet Protocol) and show how its
features—notably, its use of self-certifying addresses—
can improve both source accountability (the ability to trace
actions to a particular end host and stop that host from
misbehaving) and control-plane accountability (the ability
to pinpoint and prevent attacks on routing).