Here's an idea: Verification for computer networks as well as chips and code In 1984, artificial intelligence was having a moment. There was enough optimism around it to inspire me to explore the role of AI in chip design for my undergraduate thesis, but there were also early signs that the optimism was unjustified. The term “AI winter” was coined the same year and came to pass a few years later. But …
Just wondering.
*
Just wondering what the STASI think about this:
- "....Among the many benefits of SDN is the fact that you can specify the desired state of the network through a central API, and the control plane is responsible for bringing about the changes..."
"central API" -- STASI Manager: "Oh good, a central place to hack the network!"
"central API" -- Bad actor: "Oh good.....another Solar Winds opportunity!"
Then there's me wondering if the average CIO thinks about this, say for example the CIO at Equifax: "Oh f**k: we've already had enough problems with hacking!"
Others can enlighten me!!!!
SDN requires low level protocols working end-to-end, at the lowest level these are near enough cast in stone because everything has to work together. All the routing protocols were created when bandwidth1, cpu & memory availability was low, expensive and mostly using dedicated circuits to allow QOS & security.
Now that streaming multiple hi-def video feeds using inline encryption on public circuits doesn't squeeze hardware capabilities SDN2 can easily build flexible networks on the fly by automating VPN and routing protocol connections without worrying too much about bringing anything down.
From a security standpoint, there are fewer points of entry for any network offset by the far worse level of compromise achieved should one be breached. Good CIOs these days should be expecting a breach and looking to achieve the shortest elapsed time possible from problem isolation to fix.
1 leased line with just POTS dialup, 2B1D-ISDN very nice, full T1/E1 utter luxury!
2Single vendor unless you really want to learn how many assumptions are being made by different systems (give it a decade or so).
“ From a security standpoint, there are fewer points of entry for any network offset by the far worse level of compromise achieved should one be breached. Good CIOs these days should be expecting a breach and looking to achieve the shortest elapsed time possible from problem isolation to fix.”
Most people use SDN to increase the number of points of entry, instead of private circuits (mpls, ipvpn etc) many are turning to cheap dsl circuits and wanting SDN to overlay on top. Many SDN systems will encapsulate and encrypt over the top but you’ve not got multiple sites plumbed directly to the internet instead of centralised internet breakout.
Once your SDN is found to be compromised you’ve got a big task on your hands update your SDN infrastructure.
Among the many benefits of SDN is the fact that you can specify the desired state of the network through a central API, and the control plane is responsible for bringing about the changes to realize that desired state. Thus it becomes much more feasible to verify that a network meets the intent of its operator.
Such a benefit of SDN .... the fact that you can specify the desired state of the network through a central API, and the control plane is responsible for bringing about the changes to realize that desired state ..... is much more a fundamental future elemental for guaranteed successful applications/deployments/infiltrations/executions with SMARTR Refining, Derivatively Defining, IntelAIgently Designed Networks.
Imagine early SCADA Command and Control Systems Networks as if venturing forth towards goals and destinations clearly unknown in a cart before horses configuration. Now consider the SMARTR Quantum Leap Network with Virtually Advanced IntelAIgent Operating Systems venturing forth back to current presents and troubled pasts from successfully constituted forward operating bases in future spaces/ethereal places.
Early crushing problems are then immediately eliminated for future knowledge in how they were dismissed to successfully achieve diabolical aims and arrive at heavenly destinations/future staging posts can surely be shared in repeat demonstrations of Legendary Revolutionary AIMaster Pilot ReBoot Routes ....... safe and secure successfully completed paths long well travelled and rightly honoured and justly worshipped.
And regarding ... "The ability to master complexity is not the ability to extract simplicity " ..... there is sweet comfort in pondering and realising the similarity/parallel/singularity that proves the ability to master complexity is akin to the ability to employ and exploit and expand and exhaust simplicity.
Thanks for the info and intel, El Reg/Bruce Davie. Sublimely instructional. The Register, Biting the hand that feeds IT with Gifts that Just Keeps on Giving.
:-) Take care whenever venturing far along those COSMIC lines, El Regers, for it attracts desperate cut the power plug pullers and red letter day/D Notice type wonks alike, although it would certainly be a catastrophically huge colossal mistake for them to declare that war on themselves, for there is no defence against that which is arraigned and ready for action before them.
However, notwithstanding that clear advisory, one needs to be prepared for such monumental errors to be made, for as Albert Einstein advises ......... Only two things are infinite, the universe and human stupidity, and I'm not sure about the former. ....... whilst also carrying that flame of hope for them that shines on the oft proclaimed exhortation ....... Lessons will be learned
What are the odds on Albert being the certain favourite there if that was a bet being made?
>Among the many benefits of SDN is the fact that you can specify the desired state of the network through a central API, and the control plane is responsible for bringing about the changes to realize that desired state. Thus it becomes much more feasible to verify that a network meets the intent of its operator.
Disagree with the fundamental assumption being made here, namely that the control panel will always create and maintain the "desired state", because this is based on assumptions about the underlying dynamic networks implementation and interpretation of the directives of the central API.
Fundamentally the network has a dynamic configuration, whereas chip architecture (as defined by HDLs) is static.
https://en.wikipedia.org/wiki/Overlay_network
Overlaying your connectivity on an encrypted transport over a dynamic underlay is the best route to success if you want to “verify” your connectivity.
I actually thought this article would be about each device on the network verifying traffic was legit checking certs or hashes and not just l3 & l4, blocking if required.
An overlay abstracts your connectivity from the underlying infrastructure, who then Cares if it’s a private circuit or internet if it’s encrypted and the underlay provides the reliability. You also won’t care if the ip should logically be in 1 dc or another across a geography as the overlay transparently ensures it’s reachable regardless of the underlay addressing.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
