TY - GEN
T1 - Accountability in hosted virtual networks
AU - Keller, Eric
AU - Lee, Ruby Bei-Loh
AU - Rexford, Jennifer L.
N1 - Publisher Copyright:
Copyright 2009 ACM.
PY - 2009/8/17
Y1 - 2009/8/17
N2 - Virtualization enables multiple networks, each customized for a particular purpose, to run concurrently over a shared substrate. One such model for managing these virtual net-works is to create a hosting platform where companies can deploy services by leasing a portion of several physical routers. While lowering the barrier for innovation in the network, this model introduces new security concerns. In this paper we examine the issue of accountability in this setting of hosted virtual networks. That is, how a service provider can know its software is running without modification and that the in-frastructure provider's physical router is forwarding packets as instructed with the quality of service promised. Rather than presenting a single specification of what every router on the Internet must look like, in this paper we examine two possible approaches: one that detects violations by monitor-ing the service and one that prevents violations from occur-ring in the first place. For each, we provide a description of an architecture that can be achieved with technology avail-Able today, the limitations of that architecture, and then propose an extension which overcomes the limitations.
AB - Virtualization enables multiple networks, each customized for a particular purpose, to run concurrently over a shared substrate. One such model for managing these virtual net-works is to create a hosting platform where companies can deploy services by leasing a portion of several physical routers. While lowering the barrier for innovation in the network, this model introduces new security concerns. In this paper we examine the issue of accountability in this setting of hosted virtual networks. That is, how a service provider can know its software is running without modification and that the in-frastructure provider's physical router is forwarding packets as instructed with the quality of service promised. Rather than presenting a single specification of what every router on the Internet must look like, in this paper we examine two possible approaches: one that detects violations by monitor-ing the service and one that prevents violations from occur-ring in the first place. For each, we provide a description of an architecture that can be achieved with technology avail-Able today, the limitations of that architecture, and then propose an extension which overcomes the limitations.
KW - Accountability
KW - Router architecture
KW - Security
KW - Virtualization
UR - http://www.scopus.com/inward/record.url?scp=85014857125&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85014857125&partnerID=8YFLogxK
U2 - 10.1145/1592648.1592654
DO - 10.1145/1592648.1592654
M3 - Conference contribution
AN - SCOPUS:85014857125
T3 - SIGCOMM 2009 - Proceedings of the 2009 SIGCOMM Conference and Co-Located Workshops, VISA 2009
SP - 29
EP - 35
BT - SIGCOMM 2009 - Proceedings of the 2009 SIGCOMM Conference and Co-Located Workshops, VISA 2009
PB - Association for Computing Machinery, Inc
T2 - 1st Workshop on Virtualized Infrastructure Systems and Architectures, VISA 2009
Y2 - 17 August 2009
ER -