This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: A Clean-Slate Design for the Next-Generation Secure Internet Steven M. Bellovin David D. Clark Adrian Perrig Dawn Song Columbia University MIT CMU CMU 1 Introduction This is the report on a workshop held at CMU on July 12–14, 2005. The workshop is part of the planning process initiated by NSF to explore potential architectures for a next generation secure network designed to meet the needs of the 21st century. In considering future architectures, we ignore issues of backward compatibility with the current Internet but seek to benefit from the experience gained by analyzing both the strengths and weaknesses of the current design. Specifically, this workshop looks at the fundamental interplay between security and underlying network architecture and seeks to chart a preliminary course for future work in this crucial research area. This workshop focused on initiating a productive dialog between experts from the network security and network architecture communities. The agenda was arranged to stimulate initial consideration of the security goals for a new Internet, the design space of possible solutions, how research in security and network architecture could be integrated so that security is included as a first-tier objective in future architectures, and to explore methods for identifying and considering the social consequences of these architecture and security design choices. 1.1 Why do we need a clean-slate design for the next-generation secure Internet? Today’s Internet is a clear success. However, some aspects of the current Internet fall short of both current expectations for a reliable communication infrastructure and future demands that we would like to be able to put on such a network. Perhaps the attributes most critically lacking are those relating to security, including highly resilient and dependable availability, and a trustworthy environment for people (and their computers) to communicate. The NSF initiative is fundamentally based on the premise that to achieve a substantive improvement in what the Internet can offer its users, the research community must accept a challenge—not to make the Inter- net a little better through incremental changes—but instead, to envision an end goal – what communication infrastructure we want in 10 years – and take bold steps toward creating and evaluating potential designs. The process of incremental change, without an overall vision for where we are going, runs the risk of giving an appearance of progress without actually moving us any closer to our specific long-term objective of a This work was supported by NSF Grant CNS-0540274, “Collaborative Research: Planning Grant: A Clean-Slate Design for the Next-Generation Secure Internet” 1 secure yet ﬂexible network architecture. As Yogi Berra said, “You’ve got to be very careful if you don’t know where you’re going, because you might not get there.” Despite the Internet’s critical importance, portions of the its architecture are surprisingly fragile and...
View Full Document
This note was uploaded on 04/03/2009 for the course ECE 18731 taught by Professor Perrig during the Spring '08 term at Carnegie Mellon.
- Spring '08