MarketNet: market-based protection of network systems and services-an application to SNMP protection

摘要

This paper describes novel protection technologies, developed by the MarketNet project at Columbia University, that shifts power from attackers to defenders, giving the defenders control over the exposure to attacks and over detectability and accountability of attackers. MarketNet uses market-based techniques to regulate access to resources. Access to a resource must be paid-for with currency issued by its domain. Domains can control the power of attackers by limiting the budgets allocated to them, and control the exposure of resources by setting their prices, effectively providing a quantifiable access control mechanism. Domains can monitor currency flows and use uniform resource-independent statistical algorithms to correlate and detect access anomalies indicating potential attacks. Currency is marked with unique identifiers that permit domains to establish verifiable accountability in accessing their resources. Domains control and fine tune their exposure to attacks; adjust this exposure in response to emerging risks; detect intrusion attacks through automated, uniform statistical analysis of currency flows; and establish coordinated response to attacks. MarketNet mechanisms unify and kernelize global information systems protection by containing all protection logic in a small core of software components. The paper presents the architecture and operation of MarketNet along with the design and implementation of the main architectural components. The paper illustrates the application of MarketNet to the protection of the simple network management protocol (SNMP) and compares it with the security features offered by SNMPv3.