Proof of Concept

• DARPA and NSA are funding prototype development

  • Prototype code will be available, e.g., in GateD

• Replay some of the Merit historical data

• Deploy in the wide-area DARPA CAIRN testbed

  • PC-based routers running FreeBSD/mrtd/gated
  • Partition testbed into several ASes or a confederation
  • Peer with (import from) diverse BGP speakers in the Internet
  • Insert “missing” attestations on the fly, e.g., from local cache
  • Do nasty things to routers, links, BGP sessions (w/IPSec off :-)
  • Find performance problems and devise optimizations for them

• Have some ISPs evaluate it

  • Monitoring mode vs. enforcement mode

Previous slide

Next slide

Back to first slide

View graphic version