MarketNet: Market-Based Protection of Network Systems and Services - An Application to SNMP Protection

This research is sponsored in part by the USAF, Air Force Materiel Command, under contract F30602-97-1-0252, "MarketNet: A Survivable, Market-based Architecture for Large-scale Information Systems", and in part by the New York Science and Technology Foundation, subcontract with Polytechnic University. The views and conclusions contained in this document are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied of the Defense Advanced Research Projects Agency (DARPA), the Air Force, or the U.S. Government. Abstract Current networks allocate attack and protection powers asymmetrically. Attackers can exercise virtually unlimited power to attempt to compromise systems and evade detection and accountability, while the owners of these systems are mostly limited to developing passive protections and keeping up with new attack techniques. This paper describes novel protection technologies, developed by the MarketNet project at Columbia University, that shift power from attackers to defenders, giving the defenders control over the exposure to attacks and over detectability and accountability of attackers. MarketNet uses market-based techniques to regulate access to resources. Access to a resource must be paid-for with currency issued by its domain. Domains can control the power of attackers by limiting the budgets allocated to them, and control the exposure of resources by setting their prices, effectively providing a quantifiable access control mechanism. Domains can monitor currency flows and use uniform resource-independent statistical algorithms to correlate and detect access anomalies indicating potential attacks. Currency is marked with unique identifiers that permit domains to establish verifiable accountability in accessing their resources. Domains control and fine tune their exposure to attacks; adjust this exposure in response to emerging risks; detect intrusion attacks through automated, uniform statistical analysis of currency flows; and establish coordinated response to attacks. MarketNet mechanisms unify and kernelize global information systems protection by containing all protection logic in a small core of software components. The paper presents the architecture and operation of MarketNet along with the design and implementation of main architectural components. The paper illustrates the application of MarketNet to the protection of the Simple Network Management Protocol (SNMP) and compares it with the security features offered by SNMPv3.