ABSTRACT The goal of this article is to offer framing for conversations about the role of measurement in informing public policy about the Internet. We review different stakeholders' approaches to measurements and associated challenges, including the activities of U.S. government agencies. We show how taxonomies of existing harms can facilitate the search for clarity along the fraught path from identifying to measuring harms. Looking forward, we identify barriers to advancing our empirical grounding of Internet infrastructure to inform policy, societal challenges that create pressure to overcome these barriers, and steps that could facilitate measurement to support policymaking.
ABSTRACT This article describes a data-driven approach to improve the security of the Internet infrastructure. We identify the key vulnerabilities, and describe why the barriers to progress are not just technical, but embedded in a complex space of misaligned incentive, negative externalities, lack of agreement as to priority and approach, and missing leadership. We describe current trends in how applications are designed on the Internet, which leads to increasing localization of the Internet experience. Exploiting this trend, we focus on regional security rather than unachievable global security, and introduce a concept we call zones of trust.
Abstract Regulators are confronted with the fact that with the rapid pace of change and innovation on the Internet, regulatory initiatives are often rendered irrelevant almost as soon as they are proposed. How can regulators craft a durable approach that can remain relevant in this fast-changing environment? The authors propose a framework of platforms that Internet Service Providers may deploy, and discuss the regulatory implications for each type of platform. They demonstrate the utility of their approach by applying their model to the current policy problems raised by specialized services, minimum quality regulations, and structural separation.
Abstract Regulators are confronted with the fact that with the rapid pace of change and innovation on the Internet, regulatory initiatives are often rendered irrelevant almost as soon as they are proposed. How can regulators craft a durable approach that can remain relevant in this fast-changing environment? The authors propose a framework of platforms that Internet Service Providers may deploy, and discuss the regulatory implications for each type of platform. They demonstrate the utility of their approach by applying their model to the current policy problems raised by specialized services, minimum quality regulations, and structural separation.
Abstract Interconnection links connecting broadband access providers with their peers, transit providers and major content providers, are a potential point of discriminatory treatment and impairment of user experience. However, adequate data to shed light on this situation is lacking, and different actors can put forward opportunistic interpretations of data to support their points of view. In this article, we introduce a topology-aware model of interconnection to elucidate our own beliefs about how to measure interconnection links of access providers and how policymakers should interpret the results. We use six case studies that show how our conceptual model can guide a critical analysis of what is or should be measured and reported, and how to soundly interpret these measurements.
Abstract Interconnection links connecting broadband access providers with their peers, transit providers and major content providers, are a potential point of discriminatory treatment and impairment of user experience. However, adequate data to shed light on this situation is lacking, and different actors can put forward opportunistic interpretations of data to support their points of view. In this article, we introduce a topology-aware model of interconnection to elucidate our own beliefs about how to measure interconnection links of access providers and how policymakers should interpret the results. We use six case studies that show how our conceptual model can guide a critical analysis of what is or should be measured and reported, and how to soundly interpret these measurements.
The article of record may be found at: http://dx.doi.org/10.1145/2815675.2815700. ; Proceedings of the Fifteenth ACM SIGCOMM Internet Measurement (IMC 2015) Conference, Tokyo, JP, October 2015 (Awarded Best Paper). ; As part of TCP's steady evolution, recent standards have recommended mechanisms to protect against weaknesses in TCP. But adoption, configuration, and deployment of TCP improvements can be slow. In this work, we consider the resilience of deployed TCP implementations to blind in-window attacks, where an off-path adversary disrupts an established connection by sending a packet that the victim believes came from its peer, causing data corruption or connection reset. We tested operating systems (and middleboxes deployed in front) of webservers in the wild in September 2015 and found 22% of connections vulnerable to in-window SYN and re- set packets, 30% vulnerable to in-window data packets, and 38.4% vulnerable to at least one of three in-window attacks we tested. We also tested out-of-window packets and found that while few deployed systems were vulnerable to reset and SYN packets, 5.4% of connections accepted in-window data with an invalid acknowledgment number. In addition to evaluating commodity TCP stacks, we found vulnerabilities in 12 of 14 of the routers and switches we characterized – critical network infrastructure where the potential impact of any TCP vulnerabilities is particularly acute. This surprisingly high level of extant vulnerabilities in the most mature Internet transport protocol in use today is a perfect illus- tration of the Internet's fragility. Embedded in historical context, it also provides a strong case for more systematic, scientific, and longitudinal measurement and quantitative analysis of fundamental properties of critical Internet infrastructure, as well as for the importance of better mechanisms to get best security practices deployed. ; This work was supported in part by U.S. NSF grants CNS-1111449, ACI-1127506, and CNS- 1237265, and by DHS S&T Cyber Security Division BAA 11-02 and SPAWAR Systems Center Pacific via N66001- 12-C-0130 and Defence Research and Development Canada (DRDC) pursuant to an Agreement between the U.S. and Canadian governments for Cooperation in Science and Technology for Critical Infrastructure Protection and Border Security.
