[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gzz-commits] gzz/Documentation/misc/hemppah-progradu prograd...
From: |
Hermanni Hyytiälä |
Subject: |
[Gzz-commits] gzz/Documentation/misc/hemppah-progradu prograd... |
Date: |
Mon, 10 Feb 2003 08:20:10 -0500 |
CVSROOT: /cvsroot/gzz
Module name: gzz
Changes by: Hermanni Hyytiälä <address@hidden> 03/02/10 08:20:09
Modified files:
Documentation/misc/hemppah-progradu: progradu.bib
research_problems
Log message:
More security problems (table)
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/progradu.bib.diff?tr1=1.68&tr2=1.69&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/gzz/gzz/Documentation/misc/hemppah-progradu/research_problems.diff?tr1=1.49&tr2=1.50&r1=text&r2=text
Patches:
Index: gzz/Documentation/misc/hemppah-progradu/progradu.bib
diff -u gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.68
gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.69
--- gzz/Documentation/misc/hemppah-progradu/progradu.bib:1.68 Fri Feb 7
04:27:04 2003
+++ gzz/Documentation/misc/hemppah-progradu/progradu.bib Mon Feb 10
08:20:08 2003
@@ -1796,3 +1796,13 @@
year = {2001},
url = {http://www.ida.liu.se/~rosgr/p2psecurity.html}
}
+
address@hidden,
+ author = " Frank Dabek, Ben Zhao, Peter Druschel, Ion Stoica",
+ title = "A Common API for Structured Peer to Peer Overlays",
+ howpublished = "Talk at OceanStore/ROC/Sahara Winter Retreat",
+ month = jan,
+ year = 2003,
+ url =
{\url{http://www.cs.berkeley.edu/~ravenben/tapestry/apis-1-03.pdf}},
+}
+
Index: gzz/Documentation/misc/hemppah-progradu/research_problems
diff -u gzz/Documentation/misc/hemppah-progradu/research_problems:1.49
gzz/Documentation/misc/hemppah-progradu/research_problems:1.50
--- gzz/Documentation/misc/hemppah-progradu/research_problems:1.49 Thu Feb
6 07:44:09 2003
+++ gzz/Documentation/misc/hemppah-progradu/research_problems Mon Feb 10
08:20:08 2003
@@ -214,22 +214,24 @@
Problem description
Solutions Comments/Status
Routing: Incorrect forwarding (hostile),
Query monitoring, cross check
- incorrect routing (hostile)
routing tables, verify routing tables
+ incorrect routing (hostile)
routing tables, verify routing tables,
+
invariants
DoS attack Distributed, controlled burden againts
Client puzzles, load balancing, traffic
specific computer(s)
measurements, traffic models
-Sybil attack: Single hostile entity present multiple
Resource demanding mechanisms for Not practically
realizable,
- entities
validating identities research focused on
persistence,
-
not on distincn
+Sybil attack: Single hostile entity present multiple
Identify all nodes simultaneously Not practically
realizable,
+ entities
across the system, collect pool of nodes research focused on
persistence,
+
which are validated, distributed not on distinction
+
node ID creation
Spam attack: Hostile entity creates false versions
Do not trust to single entity,
of data
get information from multiple entities,
-
trust on majority
+
trust on majority's opinion
Resource spoofing: Hostile entity gives wrong information
Do not trust to single entity,
about the data which entity is
responsible get information from multiple entities,
- for/knows about
trusy on majority
+ for/knows about
trust on majority's opinion
Sudden network partition: Sub network is isolated from other
network Self-tuning, environment observatorion,
because of network disconnection
backup connections
@@ -238,34 +240,35 @@
of previous queries
Efficient data discovery: Find resources efficiently, if resource
Super nodes, node clusters,
- exists (broadcasting)
caching
+ exists (broadcasting)
caching techiques
Entity identification: Identify participating entities
reliably Digital signatures Research
focused on persistence,
- and efficiently
not on disti
+ and efficiently
not on distiinction of
identity
-Fail Stop: A specific faulty nodes is
deleted/isolated
- from the system
+Fail Stop: A faulty node stops working
Environment observatorion, informing
+
protocols
-Byzantine faults: Faulty nodes may behave arbitrarily
+Byzantine faults: Faulty nodes may behave arbitrarily
Byzantine agreement protocols,
+
trust on majority's opinion
-Richness of queries: Query languages should be more powerful
+Richness of queries: Query languages should be more powerful
SQL-like queries
-Robustness: How well system performs under hostile
Form of connectivity graph,
- attacks/in the case of severe failure ?
backup links
+Robustness: How well system performs under hostile
Self-tuning, backup links, use
+ attacks/in the case of severe failure ?
diverse routing paths
-Quality of Service, QoS: The system cannot promise the quality
of
+Quality of Service, QoS: The system cannot promise the quality
of
service in all cases
-Data availability: Data might be temporary unavailable, or
lost
+Data availability: Data might be temporary unavailable, or
lost Data caching, data replication
permanently
-Data integrity/authenticity: Integrity/originality of data is unknown
+Data integrity/authenticity: Integrity/originality of data is
unknown Cryptographic content hashes
-Anonymity: Anonymity cannot be provided in all
+Anonymity: Anonymity cannot be provided in all
Remailers
cases
-Malicious nodes: There are malicious nodes in the system.
- How we are able to discover them ?
+Malicious nodes: There are malicious nodes in the
system, Detect
+ how we are able to discover them ?
Mutual distrust: Nobody trust anybody, this is a problem
@@ -273,33 +276,34 @@
like they should be, instead they go
for
own profit
-Heterogeneity: There are different kind of nodes
+Heterogeneity: There are different kind of nodes
in the system, in light of bandwidth
and computing power
-Network proximity: Can we take account the underlying
- network's properties better when forming
+Network proximity: Can we take account the underlying
Global Network Positioning, Lighthouse
+ network's properties better when
forming technique, trianqulated heuristics
overlay network (network-awareness for
performance) ?
-Locality: In the case on DHTs, can we take account
- locality ?
+Locality: In the case on DHTs, can we take
account Constrained Load Balancing, using
+ locality ?
network proximity for nearest
+
neighbor selection
-Hotspots: What will happen if some resource
+Hotspots: What will happen if some resource
Caching, multisource downloads
is extremely popular and only
one node is hosting it ?
-Scalability: Broadcasting doesn't scale when
performing
- searches
+Scalability: Broadcasting doesn't scale when
performing Super peers, peer clusters, mutual
+ searches
index caching
-Programming guidelines: Set of programming
guidelines/frameworks
+Programming guidelines: Set of programming
guidelines/frameworks Common frameworks and APIs
is needed for better interoperability
between
different systems
Access Control: Can we define access control
levels
in peer-to-peer network ?
-System in flux: Nodes join and leave system
constantly:
+System in flux: Nodes join and leave system
constantly: Half-life phenomenon
load balancing, efficiency ?
Inconsistent behaviour: Hostile node could act
correctly with
@@ -310,7 +314,7 @@
External threats: Viruses, troijans, sniffers
-Overlay construction: Hostile node controls the construction
Cryptography
+Overlay construction: Hostile node controls the construction
Cryptography
of the network
at each hop, querier knows that the lookup is supposed to get "closer". The
querier should check this so that
@@ -1234,6 +1238,13 @@
-computational puzzles for preventing DDOS attacks (force attacker perform
more work than victim)
-puzzles can be used for accountability (Dingeline, in Peer-to-Peer:
Harnessing...), but can dangerous
-some research has been done on on-line identities for humans. However, they
often has a direct relation to phychical world
+
+
+Udi Wieder's important statement:
+"By the way, as I think I stated in the paper, I believe that when it
+comes to security and byzantine faults in p2p there should be a
+distinction between attacks on the protocols assuming the construction
+is correct, and attacks on the construction itself"
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu prograd..., Hermanni Hyytiälä, 2003/02/05
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu prograd..., Hermanni Hyytiälä, 2003/02/05
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu prograd..., Hermanni Hyytiälä, 2003/02/06
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu prograd..., Hermanni Hyytiälä, 2003/02/06
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu prograd..., Hermanni Hyytiälä, 2003/02/07
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu prograd...,
Hermanni Hyytiälä <=
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu prograd..., Hermanni Hyytiälä, 2003/02/14
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu prograd..., Hermanni Hyytiälä, 2003/02/17
- [Gzz-commits] gzz/Documentation/misc/hemppah-progradu prograd..., Hermanni Hyytiälä, 2003/02/19