Presentation on theme: "Brief-out: Isolation Working Group Topic discussion leader: Ken Birman."— Presentation transcript:
Brief-out: Isolation Working Group Topic discussion leader: Ken Birman
Isolation Right now we have firewalls, VPNs, networks that are physically disjoint Question: Could we invent some new architectural abstraction to make it easier to isolate a subnet and yet have it also be part of the larger Internet? Success enables a federation of subnets: a heirarchy of domains operated using distinct policies and perhaps even incompatible technologies
Basic Understanding Isolation has boundary, physical and even application-level ramifications This recognition leads us to a multi-edged goal – Even in current networks, we need new and more flexible options for isolating systems and resources from undesired influences – We are also seeing emerging needs to isolate subnets for purposes such as security, QoS, sensitive data, special AUPs, etc. Existing options (like firewalls) are inadequate In the limit, a kind of multiverse with multiple side- by-side networks connected by controlled tunnels
Value proposition Fault-containment seen as an irresistible draw for many potential enterprise users – Such users would also benefit from improvement options for specifying desired management policy – Value may be measurable by enumerating cases where lack of isolation technology resulted in costly failures. Potentially huge new opportunity for QoS and multimedia-enabled applications frustrated by current IP networks, which have poor isolation – Microsoft has invested billions on such applications…
Research Challenges 1. How to express, store and implement properties of networks and applications, specify desired policy, verify that policy is being adhered to 2. Composition and tunneling between otherwise isolated subnets 3. Network admission control policies for isolated subsystems, with the usual issues of authentication, authorization, enforcement… 4. Are there unimplementable forms of isolation? 5. Are there forms of isolation that can only be supported on bare-bones hardware (as opposed to overlays on existing IP networks)?
Research Challenges 6. What sorts of client-side or O/S mechanisms are required in support of a new generation of networks offering isolation for network traffic? 7. What are ramifications of isolation in hosts, infrastructure components? Network is not just wires 8. Could we improve the behavior of wireless networks to improve isolation (in the sense of fair sharing, security, non- interference)? 9. Isolation evokes a future world of hierarchical administration, provisioning, administration tools… how to build these?
Research Challenges (cont) 11. How to strike appropriate balance between need for trust, authorization, resource control and management, enforcement of scoped AUPs 12. Isolation could be a powerful architecture tool for those who design and manage networks today. But we lack the needed architectural abstractions and need to invent them 13. Can a system offering interesting isolation properties scale as well as the Internet does? (Would it need to? Perhaps isolated subnetworks are usually more limited in scope and more homogeneous…)
Research Challenges (cont) 14. Are there automated ways to discover and assemble policy information in a decentralized world where each scope might define its own policies? 15. How would one implement exception handling in a hierarchical world where isolated subnetworks might view the same event in different ways (your exception is my bread- and-butter) 16. Theory of isolation: Formally characterize conditions under which isolation is compatible with sharing resources (Recall that isolation is trivial if we dont share anything…)
Can it be done? Question is too broad: depends what it means. We concluded that at least some of these goals can definitely be achieved Even an architectural building block would represent a valuable step forward Need to separate concept of isolation from question of what those isolated subnets might be doing – one can imagine many behaviors subnets could possibly implement
Enablers for Progress, Partnering Two technical enablers: – Need a standard way to partition traffic and route relevant traffic (only) into appropriate subset – Possible O/S requirement: Might VMMs be required for an O/S to enable isolation in multi-homed setups? NSF GENI initiative seen as very promising, could bring a community together with a focus on this issue (if this issue emerges as a key priority) Industry/academic partnership: could try to articulate value proposition in ways that will motivate government to act….
Conclusions Our breakout group believes this topic is quite promising It would be hard to do, but seems feasible Has ramifications in many dimensions Impact of success could be very significant