Cristian Hesselman scite author profile

Cristian Hesselman

4Publications

71Citation Statements Received

72Citation Statements Given

How they've been cited

178

How they cite others

Affiliations

SIDN Fonds, Novay, University of Twente

Publications

Order By: Most citations

A Responsible Internet to Increase Trust in the Digital World

et al. 2020

View full text Add to dashboard Cite

Policy makers in regions such as Europe are increasingly concerned about the trustworthiness and sovereignty of the foundations of their digital economy, because it often depends on systems operated or manufactured elsewhere. To help curb this problem, we propose the novel notion of a responsible Internet, which provides higher degrees of trust and sovereignty for critical service providers (e.g., power grids) and all kinds of other users by improving the transparency, accountability, and controllability of the Internet at the network-level. A responsible Internet accomplishes this through two new distributed and decentralized systems. The first is the Network Inspection Plane (NIP), which enables users to request measurement-based descriptions of the chains of network operators (e.g., ISPs and DNS and cloud providers) that handle their data flows or could potentially handle them, including the relationships between them and the properties of these operators. The second is the Network Control Plane (NCP), which allows users to specify how they expect the Internet infrastructure to handle their data (e.g., in terms of the security attributes that they expect chains of network operators to have) based on the insights they gained from the NIP. We discuss research directions and starting points to realize a responsible Internet by combining three currently largely disjoint research areas: large-scale measurements (for the NIP), open source-based programmable networks (for the NCP), and policy making (POL) based on the NIP and driving the NCP. We believe that a responsible Internet is the next stage in the evolution of the Internet and that the concept is useful for clean slate Internet systems as well.

show abstract

ENTRADA: A high-performance network traffic data streaming warehouse

Wullink

Moura

Müller

et al. 2016

View full text Add to dashboard Cite

Anycast vs. DDoS

Moura

Schmidt

Heidemann

et al. 2016

View full text Add to dashboard Cite

Distributed Denial-of-Service (DDoS) attacks continue to be a major threat on the Internet today. DDoS attacks overwhelm target services with requests or other traffic, causing requests from legitimate users to be shut out. A common defense against DDoS is to replicate a service in multiple physical locations/sites. If all sites announce a common prefix, BGP will associate users around the Internet with a nearby site, defining the catchment of that site. Anycast defends against DDoS both by increasing aggregate capacity across many sites, and allowing each site's catchment to contain attack traffic, leaving other sites unaffected. IP anycast is widely used by commercial CDNs and for essential infrastructure such as DNS, but there is little evaluation of anycast under stress. This paper provides the first evaluation of several IP anycast services under stress with public data. Our subject is the Internet's Root Domain Name Service, made up of 13 independently designed services ("letters", 11 with IP anycast) running at more than 500 sites. Many of these services were stressed by sustained traffic at 100× normal load on Nov. 30 and Dec. 1, 2015. We use public data for most of our analysis to examine how different services respond to stress, and identify two policies: sites may absorb attack traffic, containing the damage but reducing service to some users, or they may withdraw routes to shift both good and bad traffic to other sites. We study how these deployment policies resulted in different levels of service to different users during the events. We also show evidence of collateral damage on other services located near the attacks.

show abstract

Sharing enriched multimedia experiences across heterogeneous network infrastructures

et al. 2010

View full text Add to dashboard Cite

Today's consumers have a wide variety of interactive media and services at their disposal, for instance, through IPTV networks, the Internet, and in-home and mobile networks. A major problem, however, is that media and services do not interoperate across networks because they use different user identities, metadata formats, and signaling protocols, for example. As a result, users cannot easily combine media and services from different network infrastructures and share them in an integrated manner with their family and friends. In addition to limiting people's media experience, this also hinders the introduction of new services and business models as providers cannot easily develop and operate cross-network services. The goal of our work is to overcome this problem by means of an open and intelligent service platform that allows applications to easily combine media and services from different network infrastructures, and enables consumers to easily share them in an integrated way. The platform includes support for managing multi-user sessions across networks, context-aware recommendations, and cross-network identity management. While there has been prior work on platforms for converged media, our platform is unique in that it provides open, intelligent, and interoperable facilities for sharing media and services across network infrastructures. In addition, our work involves several specific innovations, for instance, pertaining to cross-network session management and synchronization. In this article we discuss the platform, its most important enabling services, and some of the applications we have built on top of it. We also briefly consider the new kinds of business models our platform makes possible

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.