Trust in Anarchy?Problems in the Governance of Distributed Computing Systems
Ashwin J. [email protected]
School of InformationUC Berkeley
Hosts → DNS : Decentralization?
NSFNET NICHosts file
DNSRoot
YouTube Goes to Pakistan
~ 2 hours on 24th February 2008
BGP: Inter-Domain Routing
AT&TAS7132
CENICAS2152
UC BerkeleyAS25
YouTubeAS15169
I am YouTubeThese are my IP addresses
I am AT&TI can carry your traffic to YouTube
These are YouTube's IP addresses
I am CENICAT&T told me it can get to YouTubeI can carry your traffic to YouTube
through AT&TThese are YouTube's IP addresses
● Routing Claims
● Identity Claims
● Resource Claims
● No Warrants
● ~39,000 autonomous systems
● ~380,000 prefixes
Trust Models
A BRisk, Uncertainty
Problem
Solution:AssuranceStructure
Solution:Trust
Relation
A BRisk, Uncertainty
Trust
A BRisk, Uncertainty
AssuranceStructure ConfidenceConfidence
Trust in Networks
TrustRelations:Reputation
AssuranceStructure
TrustAnchor
GeneralizedTrust
NSFNET
From NSFNET to Internet
Tier 1
Tier 1
Tier 1
Tier 2 Tier 2
StubStub Stub
RouteArbiter
“... to establish and maintain databases and routing services which may be used by attached networks to obtain routing information ...
... will provide for an unbiased routing scheme which will be available (but not mandatory) for all attached networks.”
- 1993 NSF solicitation
Trust and Distrust: BCP38
Tier 1
Tier 1
Tier 1
Tier 2 Tier 2Tier 2
StubStub Stub
StubStub
Trusted Core
Filters
Network Topologies, Network Communities
Tier 1Tier 1
Tier 1
Tier 2 Tier 2 Tier 2
StubStub
Stub Stub Stub
APRICOTRIPE
NANOG
SANOG
AfNOG MENOG Social Organization
Technical/Commercial Organization
Tier 1
Securing BGP: Trustworthy Computing?
Tier 1
Tier 1
Tier 2 Tier 2
StubStub Stub
RPKITrust Anchor(s)
RPKI
Security and Governance
DNS
?Trust vs. Assurance Structures
Host Names
BGP