Friday, July 27, 2012

Networking: theory and practice

I came across two nice papers recently with some interesting synergy.

First, on the theory side, BBN's Craig Partridge offers his suggestions for Forty Data Communications Research Questions. Each question is briefly summarized, with lots of pointers to further research for the curious. The one that interested me the most was:

22. Are there cooperative protocols above the physical layer? There’s a substantial body of work showing that wireless networks can perform better if nodes help each other[51] – e.g. a node off to the side echoes what it hears from a sender in order to improve reception at the receiver. For the most part, these are physical layer improvements (perhaps coordinated with the media access layer). Is there a role for similar cooperation at higher layers? At first this may seem impractical, as most higher layer communications is point-to-point. Yet many servers often work together to deliver a web page and many servers work together to deliver an email. The step from collaboration to cooperation would seem small.

Secondly, on the practical side, Adam Langley has posted his notes from his HOPE9 talk: Living with HTTPS. I wasn't familiar with the H.O.P.E. conferences, but it seems like HOPE9 was a very interesting conference -- just browse through some of the abstracts and shake your head in wonder at the range of topics and viewpoints!

Langley's talk, meanwhile, is interesting from start to finish, with plenty of practical advice about how to secure your site, pointers to tools to help you assess where you may still have problems, as well as ideas about how we can continue to improve our security protocols and techniques in the future.

Security is a never-ending struggle, and you have to be constantly considering it. For example, Langley notes the risks involved in mixed-mode sub-resources:

When you load sub-resources over HTTP, an attacker can replace them with content of their choosing. The attacker also gets to choose any page on your HTTPS site with the problem. That includes pages that you don't expect to be served over HTTPS, but happen to be mapped. If you have this problem anywhere, on any HTTPS page, the attacker wins.

Read more, learn more, be smarter. Good ideas for the weekend!

No comments:

Post a Comment