Application Architecture Internet Architecture David D. Clark MIT CSAIL September 2005.

Slides:

Advertisements

Similar presentations

The Domain Name System Continuity of Operations Apricot 2008 Taipei TAIWAN 28feb2008.

Advertisements

Network Security Highlights Nick Feamster Georgia Tech.

Rocket Software, Inc. Confidential James Storey General Manager, OSS Unit Rocket Software APNOMS 2003: Managing Pervasive Computing and Ubiquitous Communications.

Lemonade and Mobile e- mail Stéphane H. Maes – Lemonade Intermediate meeting Vancouver, BC October 2004.

Why Is DDoS Hard to Solve? 1.A simple form of attack 2.Designed to prey on the Internet’s strengths 3.Easy availability of attack machines 4.Attack can.

NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.

Information-Centric Networks02b-1 Week 2 / Paper 2 Tussle in Cyberspace: Defining Tommorow’s Internet –David D. Clark, John Wroclawski, Karen R. Sollins.

4/27/2015Slide 1 Rethinking the design of the Internet: The end to end arguments vs. the brave new world Marjory S. Blumenthal Computer Science and Telecomms.

Internet as convergence live delayed interpersonal mass telephone mail television newspaper ip telephone listservweb-cast.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Building Trust in Digital Online World Dr. Shekhar Kirani Vice President VeriSign India 5th June 2009 IBA Conference.

The State of Security Management By Jim Reavis January 2003.

Tussle in cyberspace: Defining tomorrow ’ s internet (2002) D.Clark, J. Wroclawski, K. Sollins & R. Braden Presented by: Gergely Biczok (Slides in courtesy.

NewArch: A new architecture for an Internet David D. Clark, Steve Bellovin, Bob Braden, Noel Chiappa, Ted Faber, Aaron Falk Mark Handley, Scott Shenker,

Principles of Information Security, 2nd Edition1 Firewalls and VPNs.

Introduction to Firewall Technologies. Objectives Upon completion of this course, you will be able to: Understand basic concepts of network security Master.

Chapter 12 Network Security.

Next Generation Internet CMPT 771 – Internet Architecture & Protocols Presented by: Bassam Almohammadi.

Criticisms of I3 Jack Lange. General Issues ► Design ► Performance ► Practicality.

Disrupting the Disruption: The revenge of end to end David D. Clark March 2003.

Rethink the design of the Internet CSCI 780, Fall 2005.

Tussle in cyberspace: Defining tomorrow ’ s internet D.Clark, J.Wroclawski, K.Sollins & R.Braden Presented by: Ao-Jan Su (Slides in courtesy of: Baoning.

Future Research Directions Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.

Tussle in Cyberspace: Defining Tomorrow’s Internet Offense by Amit Mondal Courtesy to Ahamed Mohammed/Rice.

Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.

TCP/IP Addressing Design. Objectives Choose an appropriate IP addressing scheme based on business and technical requirements Identify IP addressing problems.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

Plan Introduction What is Cloud Computing?

BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.

Final Exam Part 1. Internet Regulation Internet regulation according to internet society states that it is about restricting or controlling certain pieces.

Findly Leads the World in Talent Innovation with Its Enterprise-Cloud for Global Talent Acquisition COMPANY PROFILE: FINDLY Findly is a SaaS ISV founded.

What does it take to define an architecture? (Part 2) David D. Clark July, 2012.

Security David D. Clark July, Aspects of security Attacks on the network Routing, supply chain Attacks on communication Confidentiality and integrity.

Tussel in Cyberspace Based on Slides by I. Stoica.

1 An Introduction to the future of the Internet (part 1) David Clark MIT CSAIL July 2012.

FIREWALLS Prepared By: Hilal TORGAY Uğurcan SOYLU.

P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.

Tussle in Cyberspace: Defining Tomorrow’s Internet Offense by Ahamed Mohammed.

Tussle in cyberspace: Defining tomorrow’s internet D.Clark, J.Wroclawski, K.Sollins, R.Braden Presenter: Baoning Wu.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

Network Security Lecture 20 Presented by: Dr. Munam Ali Shah.

Plan  Introduction  What is Cloud Computing?  Why is it called ‘’Cloud Computing’’?  Characteristics of Cloud Computing  Advantages of Cloud Computing.

Juan Ortega 8/13/09 NTS300. “The problem with version 5 relates to an experimental TCP/IP protocol called the Internet Stream Protocol, Version 2, originally.

Network Security Chapter 11 powered by DJ 1. Chapter Objectives  Describe today's increasing network security threats and explain the need to implement.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

CS460 Final Project Service Provider Scenario David Bergman Dong Jin Richard Bae Scott Greene Suraj Nellikar Wee Hong Yeo Virtual Customer: Mark Scifres.

Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS

Next Steps P2P Infrastructure Workshop May 28, 2008.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

Enterprise Cloud Computing

Datalayer Notebook Allows Data Scientists to Play with Big Data, Build Innovative Models, and Share Results Easily on Microsoft Azure MICROSOFT AZURE ISV.

Information-Centric Networks Section # 2.2: Internet Evolution Instructor: George Xylomenos Department: Informatics.

DenyAll Delivering Next-Generation Application Security to the Microsoft Azure Platform to Secure Cloud-Based and Hybrid Application Deployments MICROSOFT.

By Steve Shenfield COSC 480.  Definition  Incidents  Damages  Defense Mechanisms Firewalls/Switches/Routers Routing Techniques (Blackholing/Sinkholing)

Chapter 11 – Cloud Application Development. Contents Motivation. Connecting clients to instances through firewalls. Cloud Computing: Theory and Practice.

Built on the Powerful Microsoft Azure Platform, HarmonyPSA Is a Cloud-Based Customer Service and Billing System for IT Solution Providers MICROSOFT AZURE.

September 2009Network Neutrality – the Norwegian ApproachPage 1 Network Neutrality – the Norwegian Approach Senior Adviser Frode Soerensen Norwegian Post.

ANONYMIZING / WEB PRIVACY. TOOLS: STAYING ANONYMOUS ON THE INTERNET Proxy Server Tor.

SOSIMPLE: A Serverless, Standards- based, P2P SIP Communication System David A. Bryan and Bruce B. Lowekamp College of William and Mary Cullen Jennings.

15-849: Hot Topics in Networking Policy and Networks Srinivasan Seshan 1.

أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)

Barracuda Web Security Flex

CONNECTING TO THE INTERNET

SECURING NETWORK TRAFFIC WITH IPSEC

Last.Backend is a Continuous Delivery Platform for Developers and Dev Teams, Allowing Them to Manage and Deploy Applications Easier and Faster MICROSOFT.

Global One Communications

Presentation transcript:

Application Architecture Internet Architecture David D. Clark MIT CSAIL September 2005

What is the problem? Internet designers provided packet carriage and a DNS, and left the rest up to the application designer. That limited function leaves a lot for the application designer to figure out. To users, the Internet is the applications. Poor application design can ruin the Internet.

Cartoon vs. reality Cartoon: the application just runs in the end- nodes, so it can do anything it wants. Reality: Applications today are sophisticated combinations of end-node function, servers, ISP mediation/interference, regulation/law and social conventions. Designers solve a rich set of problems beyond the nominal goal of the application. Can we catalog these problems? Does the Internet provide the right support?

Where to start? Servers Modern apps do not follow a simple end to end model. (End to end at application level) They are full of servers and services run by third parties. Why?

Lots of reasons Stage content close Pre-process content Specialized device Constrain actions Filter content Manage identity Centralize authentication Control release of attributes Preserve anonymity Replicate functions for robustness Make comms asynchronous Move between end-nodes Outsource functions Cope with NAT, addressing Economics

What problems are we solving? Ease of use Ease of deployment Performance Economic (industry) structure Robustness Security Functionality

Security Re-factor security. Freedom from attack: Users, end-servers,third-party infrastructure Trusting users who want privacy Untrusting users who want help Third parties that want to intervene Delegation: who picks and who trusts the servers?

Economics Should applications be designed taking into account the economic goals of the various stakeholders? User choice of server and provider. Drives competition and controls prices Prevent ISP capture Server-based services are basis for revenue generation. Akamai as source-driven example. as receiver-based example.

Ease of deployment The life cycle of an app, or how do apps grow up? In the beginning, must be end to end. No servers. If successful, lots of folks get interested, and jump in. Leads to servers. In the middle? How about peer to peer? The design of an app should take into account how it is to grow up.

Recognize the stakeholders Applications are about humans and society. Not just the users of the application. Lots of parties have a stake in what the application does. Users Governments ISPs (profit, employer, etc.) Rights-holders Large enterprise Must do stake-holder or tussle analysis

Balance of power Who can select the servers to be used? n User: delegation (ease of use), filtering (security), pre-formatting, control anonymity, replication and location, protection (applies to both ends) n ISP: filtering (value strat, usage control, agent of state), revenue generation n Third party (state or “other”): filtering (law enforcement protection of rights-holders and censorship), monitoring (law enforcement, taxation)

Extra slides…

An Internet example: ports Ports would be random, not well-known. Requires host-specific knowledge to filter. ISP filtering (value strat, traffic engineering) much harder. Firewall filtering much harder. Port scans less useful. Name server can be anywhere. Per-service name. Hard to launch location-based attack or scan on name server. But: what names show in messages? What history?

Economics of overlay networks Overlays are: A tool for sophisticated applications. A tussle tool with ISPs If the latter, who pays for them? Cannot scale for free. (Can they?) Prediction: they will be run by the ISPs. The major source of new ISP revenues. Usage based, content based, etc. Engineer them to shape this. Who routes? The alternative: Akamai (global providers).