After the InternetMy Background in CIPCritical Infrastructure Rapidly Expanding Web of DependencyTangled InterdependenciesMultiple ConcernsMost serious issue?Concrete Examples of Threats?Vendor Perspective?Security: Often mistaken for the whole storyLet’s get technicalScalability: Achilles Heel of a Networked World?Technologies need to keep paceScalable Publish SubscribePowerPoint PresentationLarge-scale applications with similar technical requirementsPoor ScalabilityDo current technologies scale?Stock Exchange Problem: Vsync. multicast is too “fragile”With 32 processes….The problem gets worse as the system scales upWhy doesn’t anything scale?Serious issue for our scalable publish-subscribe technologyFight fire with fire!Cornell Scalability ResearchAstrolabeAstrolabe in a single domainBuild a hierarchy using a P2P protocol that “assembles the puzzle” without any servers(1) Query goes out… (2) Compute locally… (3) results flow to top level of the hierarchyHierarchy is virtual… data is replicatedSlide 30Examples?Astrolabe summaryContrast with most P2P schemesBimodal MulticastReminder: Multicast scaling issueSlide 36Slide 37Bimodal Multicast uses gossipSlide 39Slide 40Unlimited scalability!Slide 42Slide 43Good things?Bad things?The Internet “policy”Internet itself: Main weak pointThe Internet got stuck in 1985Lagging public interestBest hope?ConclusionsAfter the InternetKen BirmanProfessor, Dept. of Computer ScienceCornell UniversityMy Background in CIPProfessor at Cornell since 1982: 19 years of research on reliable, secure communications software. Author of 150 papers, 2 books… founder and CEO of two companiesMy software is used by New York and Swiss Stock Exchanges, French air traffic control system, AEGIS warshipLead 1995 DARPA ISAT study of Critical Infrastructure Assurance, recommendations used to retarget DARPA ITO programsCritical InfrastructureRapidly Expanding Web of DependencyMassive rollout underwayControl of restructured power gridNew medical information systems link hospital to other providers, reach right into the homeTelephony infrastructureFinancial systems: eMoney replaces cash!Disaster response and coordinationFuture military will be extremely dependent on information resources and solutionsTangled InterdependenciesPower GridInternetTelephonyBankingInternet Software, COTS Technology BaseMultiple ConcernsInfrastructure industries have been dangerously naïve about challenges of using Internet and computing technologies in critical ways Nationally critical information systems poorly protected, fragile, easily disruptedStems from pervasive use of COTS componentsVendors poorly motivated to address the issueYet academic research is having little impactNo sense of “excitement” or importanceFew significant technology transition successesMost serious issue?Loss of public interest and enthusiasmGovernment shares this view“It’s just software; we buy it from Microsoft”Academic researchers often seen as freeloading at taxpayer’s expenseCritical infrastructure components often look “less critical” considered in isolationTen thousand networked medical care systems would worry us, but not individual instancesConcrete Examples of Threats?Power system requires new generation of technology for preventing cascaded failures, implementing load-following power contractsIndustry requires solutions but has no idea how to build them. Technical concern “masked” by politicsDOE effort is completely inadequateThree branches of military are separately developing real-time information support tools.Scale will be orders of magnitude beyond anything ever done with Internet technologiesGoals recall the FAA’s AAS fiasco (lost $6B!)Vendor Perspective?Little interest in better security“You have zero privacy anyway. Get over it.” Scott McNealy, CEO Sun Microsystems; 1/99Gates recently suggested that perhaps MSFT needs to improve, but doesn’t have critical infrastructure in mind and didn’t point to Internet issues.Internet technology is adequate for the most commercially lucrative Web functionsBut inadequate reliability, security for other emerging needs, including CIP requirementsIssue is that market is the main driver for product evolution, and market for critical solutions is smallSecurity: Often mistaken for the whole storyEven today, most CIP work emphasizes security and denial of service attacksBut critical applications must also workCorrectlyWhen and where requiredEven when components fail or are overloadedEven when the network size grows or the application itself is used on a large scaleEven when the network is disrupted by failuresLet’s get technicalA digression to illustrate both the potential for progress but also the obstacles we confront!Scalability: Achilles Heel of a Networked World?1980’s: Client-server architectures.1 server, 10’s of simultaneous clients1990’s: Web serversSmall server cluster in a data center or farm1000’s of simultaneous clientsFirst decade of 2000?Server “geoplex”: large farms in a WAN setting10’s of 1000’s of simultaneous clientsEmergence of peer-to-peer applications: “live” collaboration and sharing of objectsWireless clients could add another factor of 10 client loadTechnologies need to keep paceWe want predictable, stable performance, reliability, security… despiteLarge numbers of usersLarge physical extent of networkIncreasing rates of infrastructure disruption (purely because of growing span of network)Wide range of performance profilesGrowth in actual volume of work applications are being asked to doScalable Publish SubscribeA popular paradigm; we’ll use it to illustrate our pointsUsed to link large numbers of information sources in commercial or military settings to even larger numbers of consumersTrack down the right serversUpdates in real-time as data changesHappens to be a top military priority, so one could imagine the government tackling it…Server clusterSubscriber must identify the best servers. Subjects are partitioned among servers hence one subscriber may need multiple connectionsPublisher offers new events to a proxy server. Subjects are partitioned among the server sets. In this example there are four partitions: blue, green, yellow and red. Server set and partition
View Full Document