Title: What do we want in a future information infrastructure?
1What do we want in a future information
infrastructure?
- David Alderson
- Engineering and Applied Science, Caltech
- alderd_at_cds.caltech.edu
- MSE 91SI
- November 18, 2004
2Acknowledgements
- Caltech John Doyle, Lun Li
- ATT Walter Willinger
- CISAC Kevin Soo Hoo, Mike May, David Elliott,
William Perry - MSE 91SI Dan, Martin, Keith
3The Internet has become a critical information
infrastructure.
- Individuals
- Private corporations
- Governments
- Other national infrastructures
4The Internet has become a critical information
infrastructure.
- Personal communication
- email, IM, IP telephony, file sharing
- Business communication
- Customers, suppliers, partners
- Transaction processing
- Businesses, consumers, government
- Information access and dissemination
- web, blog
5The Internet has become a critical information
infrastructure.
- Our dependence on the Internet is only going to
increase. - This will be amplified by a fundamental change in
the way that we use the network.
6What do we want in a future information
infrastructure?
- How will we use the network?
7Communications and computing
Store
Communicate
Compute
Communicate
Communicate
Courtesy John Doyle
8Store
Communicate
Compute
Communicate
Communicate
Act
Sense
Environment
Courtesy John Doyle
9Computation
Communication
Communication
Devices
Devices
Dynamical Systems
Courtesy John Doyle
10- From
- Software to/from human
- Human in the loop
- To
- Software to Software
- Full automation
- Integrated control, comms, computing
- Closer to physical substrate
Computation
- New capabilities robustness
- New fragilities vulnerabilities
Communication
Communication
Devices
Devices
Control
Dynamical Systems
Courtesy John Doyle
11Are we ready?
- This represents an enormous change, the impact of
which is not fully appreciated - Few, if any, promising methods for addressing
this full problem - Even very special cases have had limited
theoretical support
Computation
- New capabilities robustness
- New fragilities vulnerabilities
Communication
Communication
Devices
Devices
Control
Dynamical Systems
Courtesy John Doyle
12The Internet has become a critical information
infrastructure.
- The Internet has become a type of public utility
(like electricity or phone service) that
underlies many important public and private
services. - Internet disruptions have a ripple effect
across the economy.
- The Internet is a control system for monitoring
and controlling our physical environment. - Hijacking the Internet can be even more
devastating than interrupting it.
13What do we want in a future information
infrastructure?
- What features or attributes would we like it to
have?
14Is the Internet robust?
15working definition
- robustness the persistence of some
feature/attribute in the presence of some
disturbance. - must specify the feature/attribute
- must specify the disturbance
16Is the Internet robust?
- What can we say based on its architecture?
17Routers
Hosts
18Routers
Links
Sources
Hosts
19Links
Sources
20Network protocols.
HTTP
TCP
IP
Links
Sources
21Files
HTTP
Hidden from the user
Sources
22Network protocols.
Files
Files
HTTP
TCP
IP
packets
packets
packets
packets
packets
packets
Links
Sources
23Network protocols.
- Each layer can evolve independently provided
- Follow the rules
- Everyone else does good enough with their layer
HTTP
TCP
Vertical decomposition Protocol Stack
IP
Links
Sources
24Network protocols.
HTTP
Individual components can fail (provided that
they fail off) without disrupting the network.
TCP
IP
Horizontal decomposition Each level is
decentralized and asynchronous
Links
Sources
25The Internet hourglass
Applications
Web
FTP
Mail
News
Video
Audio
ping
kazaa
Transport protocols
TCP
SCTP
UDP
ICMP
IP
Ethernet
802.11
Satellite
Optical
Power lines
Bluetooth
ATM
Link technologies
26The Internet hourglass
Applications
Web
FTP
Mail
News
Video
Audio
ping
kazaa
TCP
IP
Ethernet
802.11
Satellite
Optical
Power lines
Bluetooth
ATM
Link technologies
27The Internet hourglass
Applications
Everything on IP
Web
FTP
Mail
News
Video
Audio
ping
kazaa
TCP
IP
Ethernet
802.11
Satellite
Optical
Power lines
Bluetooth
ATM
Link technologies
28The Internet hourglass
Applications
Web
FTP
Mail
News
Video
Audio
ping
napster
TCP
robust to changes
fragile to changes
IP
Ethernet
802.11
Satellite
Optical
Power lines
Bluetooth
ATM
Link technologies
29Internet Vulnerabilities
- On short time scales
- Robust to loss of components (fail off)
- Fragile to misbehaving components
- On long time scales
- Robust to changes in application or physical
layer technologies - Fragile to changes in hourglass waist (IP)
Is there a practical way of thinking about all of
this in the context of cybersecurity? (i.e., a
taxonomy for disruptions?)
30A Simplified Taxonomy
Network Services (the end-to-end services that
provide basic user functionality to the network)
Network Infrastructure (the hardware/software
required to enable the movement of data across
the network)
31A Simplified Taxonomy
Network Services (the end-to-end services that
provide basic user functionality to the network)
Network Infrastructure
Fundamental Protocols
Vertical decomposition
Operating Systems
Physical Hardware
32A Simplified Taxonomy
Network Services (the end-to-end services that
provide basic user functionality to the network)
Network Infrastructure
Fundamental Protocols
Fundamental Protocols
Operating Systems
Operating Systems
Physical Hardware
Physical Hardware
Network Core
Network Edge
Horizontal decomposition
33Infrastructure in Network Core
Network Services (the end-to-end services that
provide basic user functionality to the network)
Fundamental Protocols
Operating Systems
Physical Hardware
Network Core
34Infrastructure in Network Core
Network Services (the end-to-end services that
provide basic user functionality to the network)
Disruptions
Stakeholders
- Standards Orgs
- (e.g. IETF)
- ISPs
- IP spoofing
- BGP misconfigs
- Vendors
- (e.g. Cisco)
- ISPs
Network Core
35Infrastructure at Network Edge
Network Services (the end-to-end services that
provide basic user functionality to the network)
Fundamental Protocols
Operating Systems
Physical Hardware
Network Edge
36Infrastructure at Network Edge
Network Services (the end-to-end services that
provide basic user functionality to the network)
Disruptions
Stakeholders
- Standards Orgs
- (e.g. IETF)
- Users
Fundamental Protocols
(TCP, IP, DNS)
Operating Systems
- Vendors
- (e.g. Microsoft, Dell)
- Users (Corporate, Individual, Government)
(Microsoft, Linux, MacOS)
Physical Hardware
(desktops, laptops, servers)
Network Edge
37Network Services
Network Services (the end-to-end services that
provide basic user functionality to the network)
Fundamental Protocols
Fundamental Protocols
Operating Systems
Operating Systems
Physical Hardware
Physical Hardware
Network Core
Network Edge
38Types of Network Services
Public Services (specification and use is freely
available)
Private Services (specification and/or use is
restricted or proprietary)
Fundamental Protocols
Fundamental Protocols
Operating Systems
Operating Systems
Physical Hardware
Physical Hardware
Network Core
Network Edge
39Types of Network Services
Public Services (specification and use is freely
available)
Private Services (specification and/or use is
restricted or proprietary)
Fundamental Protocols
Fundamental Protocols
Operating Systems
Operating Systems
Physical Hardware
Physical Hardware
Network Core
Network Edge
40 S E R V I C E S
Financial Networks (FedWire)
Other Infra- structures
Remote Access (Telnet)
File Transfer (FTP, P2P)
SCADA Systems
E-Mail (SMTP)
WWW (HTTP)
Fundamental Protocols
Fundamental Protocols
Operating Systems
Operating Systems
Physical Hardware
Physical Hardware
Network Core
Network Edge
41A S S E T S (Information, Money)
S E R V I C E S
Financial Networks (FedWire)
Other Infra- structures
File Transfer (FTP, P2P)
Remote Access (Telnet)
SCADA Systems
E-Mail (SMTP)
WWW (HTTP)
Technology Dependence
Disruptions
Fundamental Protocols (TCP, IP, DNS)
Fundamental Protocols (TCP, IP, BGP)
Operating Systems (Cisco OS)
Operating Systems (Windows, Linux, MacOS)
Network CORE
Network EDGE
Physical Hardware (cables, routers, switches)
Physical Hardware (desktops, laptops, servers)
E L E C T R I C I T Y O T H E R P H Y S I
C A L I N F R A S T R U C T U R E S
42Open Questions
- Is an Internet monoculture a significant threat
to the security of cyberspace? - Insight into the patch/worm problem?
- Who are the stakeholders and what are their
economic incentives? - How does misalignment of economic incentives
contribute to insecurity? - To what extent are the technological, economic,
social, and legal factors in the current cyber
infrastructure to blame for the overall
(in)security of the system?
How to design policy to promote a secure cyber
infrastructure?
43What do we want in a future information
infrastructure?
- What do we have with our current information
infrastructure?
44What We Have
- Heterogeneity
- Open access
- Compatibility
- Evolvability
- Anonymity
- Diverse Functionality
- Best Effort Service
- Robustness
- Best Effort Service
- Component loss
Are these attributes important for a
critical information infrastructure?
45What We Have
What We Need
- Security
- Reliability
- Accountability
- Clear responsibility
- Auditability
- Management simplicity
- Limited functionality
- Economic self-sustainability
- Heterogeneity
- Open access
- Compatibility
- Evolvability
- Anonymity
- Diverse Functionality
- Best Effort Service
- Robustness
- Best Effort Service
- Component loss
Are there tradeoffs that we might be willing to
make?
46Remembering History
- Strategic split of ARPANet and MILNet
- Different needs of each merited a split in which
separate networks could be optimized to achieve
different objectives
47Two Distinct Needs
- A public Internet
- Embraces the ideals of the original Internet
- Open access, anonymity (but at a price)
- A critical information infrastructure
- Meets the emerging needs of society
- Secure, reliable, performance guarantees (but at
a price)
Is there any reason that they should be the same
network?
48What do we want in a future information
infrastructure?
49Vision for a Future Information Infrastructure
- A network that is an appropriate foundation for
the deployment and support of critical
infrastructure systems, thereby enhancing our
national security - A network in which there are clearly defined
roles, responsibilities, and accountability for
its owners, operators, support industries, and
users - A network that grows incrementally on top of the
existing mesh of intranets and extranets, driven
by a properly incentivized innovation community - A network that interfaces and coexists with
legacy infrastructure, providing incremental
benefits to all who choose to participate - A network that has self-sustaining economics
50Some General Beliefs
- Private networks (even excluding the military)
are a significant portion of all data networks - Most private networks tend to use public
infrastructure somewhere (virtual separation) - The ISP industry is in tough economic times
- There is a large amount of excess capacity (e.g.
dark fiber) - Most of the technology for a secure network
already exists - The government and corporations are be willing to
spend money to solve the problem
51A Crazy Idea?
Have the federal government commission a few
major ISPs to build and operate an Internet
alternative
- Semi-private, with restricted access
- Security and reliability as primary objectives
- Built from the best of existing technology
- Strict deployment standards
- Leverage existing and unused capacity
- Limited, but guaranteed functionality
- Exist alongside current best effort Internet
- Clear responsibility
- Licensed users
- Audit trails
- Mandated use by other critical infrastructure
providers - Available by application to corporations (for a
fee) - Goal long-term economic self-sustainability
52What about GovNet?
- Was it a good idea?
- Did any part of it make sense?
- Could it be implemented?
53What do we want in a future information
infrastructure?
- David Alderson
- Engineering and Applied Science, Caltech
- alderd_at_cds.caltech.edu
- MSE 91SI
- May 26, 2004