Ioannis C. Avramopoulos

Highly secure and efficient routing

In this paper, we consider the problem of routing in an adversarial environment, where a sophisticated adversary has penetrated arbitrary parts of the routing infrastructure and attempts to disrupt routing. We present protocols that are able to route packets as long as at least one nonfaulty path exists between the source and the destination. These protocols have low communication overhead, low processing requirements, low incremental cost, and fast fault detection. We also present extensions to the protocols that penalize adversarial routers by blocking their traffic.

Design for configurability: rethinking interdomain routing policies from the ground up

Giving ISPs more fine-grain control over interdomain routing policies would help them better manage their networks and offer value-added services to their customers. Unfortunately, the current BGP route-selection process imposes inherent restrictions on the policies an ISP can configure, making many useful policies infeasible. In this paper, we present Morpheus, a routing control platform that is designed for configurability. Morpheus enables a single ISP to safely realize a much broader range of routing policies without requiring changes to the underlying routers or the BGP protocol itself. Morpheus allows network operators to: (1) make flexible trade-offs between policy objectives through a weighted-sum based decision process, (2) realize customer-specific policies by supporting multiple route-selection processes in parallel, and allowing customers to influence the decision processes, and (3) configure the decision processes through a simple and intuitive configuration interface based on the Analytic Hierarchy Process, a decision-theoretic technique for balancing conflicting objectives. We also present the design, implementation, and evaluation of Morpheus as an extension to the XORP software router.

Morpheus: making routing programmable

This paper presents Morpheus, a modular, open routing platform that supports flexible control of routing policies of a network. With Morpheus, network operators can realize many useful policies that are infeasible today through composition of multiple policy modules and programming the route-selection algorithms. Morpheus can be readily deployed without requiring changes in other domains.

Securing BGP incrementally

Despite the pressing need to secure routing, none of the existing secure variants of BGP has been widely deployed. Due to the size and decentralized nature of the Internet, it became clear that any viable secure routing protocol must offer benefits also in its early stages of deployment. In order to determine when the protocols are not adoptable, we quantify the benefits offered by a partial deployment of an Idealized Secure BGP which is able to detect malicious routes with perfect accuracy. We also quantify the benefits of an imperfect version of the protocol. Subsequently, we conclude that even the best protocols which simply detect and avoid bogus routes do not offer good security performance except in limited scenarios. We offer alternative designs, and hope that our insights will result in a new secure routing protocol that will be more attractive to early adopters.

Optimal component configuration and component routing

Code mobility and mobile agents have received a lot of attention as a paradigm based on which distributed applications can be built. There has been little work however on the mathematical modeling of component mobility. In this direction, we present and analyze three optimization models for component mobility. We are seeking the optimal allocation of components to network nodes and the optimal component routes that will minimize the network traffic that is incurred in the course of component communication. Optimal solutions are found either through a mixed binary integer programming formulation or by employing max flow computations. Complexity results are also reported.

Protecting the DNS from Routing Attacks: Two Alternative Anycast Implementations

The domain name system is a critical piece of the Internet and supports most Internet applications. Because its organized in a hierarchy, its correct operation depends on the availability of just a few servers at the hierarchys upper levels. These backbone servers are vulnerable to routing attacks in which adversaries controlling part of the routing system try to hijack the server address space. Using routing attacks in this way, an adversary can compromise the Internets availability and integrity at a global scale. In this article, the authors evaluate the relative resilience to routing attacks of two alternative anycast DNS implementations. The first operates at the network layer and the second at the application layer. The evaluation informs fundamental DNS design decisions and an important debate on the routing architecture of the Internet.

Protecting DNS from Routing Attacks: A Comparison of Two Alternative Anycast Implementations

DNS is a critical piece of the Internet supporting the majority of Internet applications. Because it is organized in a hierarchy, its correct operation is dependent on the availability of a small number of servers at the upper levels of the hierarchy. These \emph{backbone} servers are vulnerable to routing attacks in which adversaries controlling part of the routing system try to hijack the server address space. Using routing attacks in this way, an adversary can compromise the Internets availability and integrity at a global scale. In this article, we evaluate the relative resilience to routing attacks of two alternative anycast implementations of DNS, the first operating at the network layer and the second operating at the application layer. Our evaluation informs fundamental DNS design decisions and an important debate on the routing architecture of the Internet.