Rogue Platform Attacks on the Bionet

1
Rogue Platform Attacks on the Bionet

• When Good Platforms Go Bad
• By Andrew Crispen

2
The Problem

• Platforms have near-absolute power over entites
  running on them
• All platforms are peers - no oversight
• Entities must trust their platform
• Platforms must trust other platforms
• What if one platform isnt trustworthy?

3
Absolute Power

• Entities rely on platforms for computing
  resources
• Platforms keep track of energy
• If a platform cheats, the entity can do nothing
• Since platforms trust each other, inaccurate data
  will follow the entity if it migrates

4
Types of Attacks

• Attacks may directly target only the entities
  running on the rogue platform
• Attacks may be intended to spread and interfere
  with the operation of other platforms and their
  entities
• Since entities on different platforms may rely on
  each other for services, the effects of both
  types of attack may spread beyond the rogue
  platform itself

5
Denial of Service

• A platform may refuse to provide resources to a
  particular process (entity)
• The entity can do nothing about this, since it is
  not allowed to run
• Difficult to prevent, since the owner of the
  computer that the platform runs on has absolute
  authority over the computers resources
• Entities on other platforms may be affected, if
  they rely on a service provided by the victim
  entity

6
Bait and Switch

• The rogue platform advertises low resource costs
• Entities migrate to the rogue platform in search
  of lower resource costs
• Rogue platform then charges entities more, or
  denies service entirely
• May be used to disable entities that compete with
  some entity favored by the platform owner
• If the architecture is changed so that platforms
  store and use energy, the platform itself
  benefits from false advertising and overcharging

7
Massive Energy Infusion

• Entities with enough energy reproduce, possibly
  repeatedly
• An entity with a huge amount of energy will spawn
  many offspring
• These offspring will migrate out to other
  platforms and possibly overwhelm them
• Entity does not need to be specially built for
  attack - any entity running on the rogue platform
  can be hijacked by arbitrarily giving it huge
  amounts of energy
• An entity specifically designed to consume
  resources may make attack more effective

8
Possible Solution

• Platforms are not all equal in reality
• Each platform is directly connected to one or
  more others uplinks - all its communications
  must go through one of these uplinks
• Uplinks have de facto authority over their
  downlinked platforms - can disconnect or restrict
  traffic
• Leaf nodes (those with only one uplink) can be
  easily pruned if they misbehave
• Problem How do we define misbehavior? What if
  different uplinks have different rules, and a
  node is pruned for legitimate behavior?
• Bigger problem What if the rogue platform is not
  a leaf - cooperation needed among all its uplinks
  to remove it
• What if the rogue platform finds a new uplink and
  gets back on the network?

9
Major Issues

• Simulator capabilities how much will simulator
  need to be rewritten to simulate rogue platforms?
• Performance metrics to measure the impact of
  various attacks on network performance, we must
  define how performance is measured
• Defining and detecting rogue behavior how do
  we decide when a node has crossed over into rogue
  behavior and needs to be sanctioned?
• Sanctions if weve found a rogue node, what do
  we do about it?