域间路由系统安全关键技术研究
|
摘要
基于BGP(Border Gateway Protocol)的域间路由系统作为Internet的核心基础设施,其安全对于整个互联网的安全具有重要的意义。从本质上提高域间路由协议的安全性,是我们应对互联网安全挑战不可回避的问题。当前已经提出多种BGP协议安全扩展机制,然而都未能得到有效的部署,显示出这一领域研究的艰巨性。域间路由系统是一个复杂巨系统,有着很多不同于其他网络的本质特征。
一些传统的方法在这一领域内面临着很强的不适应性,有必要引入新的观点和技术途径。
对域间路由系统问题根源的认识,直接影响域间路由系统的设计、实现、运行和管理。现有研究没有很好利用域间路由系统的基本规律和特性。
论文基于域间路由系统自组织特性,利用复杂系统理论和ISP之间交互的自组织规律,提出改善域间路由系统安全性能的新方法和新机制,为构造安全、可信、可控、可管的新一代互联网,促进新一代网络的持续健康发展提出了新途径。研究工作主要从以下四个方面进行了探讨:
基于自组织理论的AS联盟机制
域间路由系统是一个复杂巨系统,具有很强的自组织特性。论文在深入分析域间路由自组织形态的基础上提出AS联盟的概念,定义了联盟的关键节点和普通节点。设计AS联盟的生成、合并、分解等演化算法,给出AS联盟在BGP协议中的实现机理,并阐述了AS联盟的组织形态。
简单来看,AS联盟是存在共同目标的一组AS,充分利用了ISP之间互联关系的地缘特性、商业利益的集团化以及政治利益的分化联合关系。从某种程度上讲,AS联盟是整个Internet与AS之间的一种逻辑结构。AS联盟具有自主生成、自主演化的能力,能参与可信路由保证、监测和维护,提高整个Internet的路由安全能力。AS联盟的引入还有两个重要意义:第一,定义了一种组织结构,为网络通过局部管理增强全网的性能提供了一种可靠的技术途径;第二,AS联盟的关键节点作为网络中少数的节点,具有特殊的应用价值。
面向AS联盟的域间路由安全扩展机制
AS联盟的提出为增强域间路由协议的安全性提供了新的思路和平台。论文面向AS联盟提出4种安全扩展机制:①面向AS联盟的分布式资源认证机制(DRCM);②面向AS联盟的转换者信任模型(TTM);③面向AS联盟的前缀冲突检测与消解框架,核心机制包括基于使用空间的前缀冲突检测规则(UPCDR)和三阶段前缀冲突消解算法(T-PCRA);④基于联盟关系表的路由稳定算法(ARL-RSA)。
DRCM机制利用AS联盟的组织结构,实现了资源证书的分布式、注册式管理。
TTM模型是层次信任模型与网状信任模型的一种中间形态,避免了集中控制的僵化和网状模型的无结构性和无组织性,简化了联盟内的信任关系,通过关键节点带内传递联盟间的信任关系,增强了系统的可扩展能力。
面向AS联盟的前缀冲突检测与消解框架用于发现并消解DRCM机制中地址前缀注册冲突的问题。UPCDR规则通过扩展RPSL语言,对地址空间的使用策略进行建模描述,并定义冲突检测规则,有效的发现前缀注册冲突。T-PCRA算法分为冲突定位、冲突协商和自主决策三个阶段,为冲突消解提供一套完整的协商和决策机制,并基于信誉度的方法,抑制不负责任的节点。
ARL-RSA算法在路由层面上,通过利用联盟关系表和代价函数,在一定时间内抑制WITHDRAW报文的转发,有效地抑制网络局部链路临时失效引发的路由抖动,提高域间路由系统的稳定性。
面向AS联盟的BGP安全扩展协议
为了AS联盟和上述安全扩展机制的实现,论文提出一个面向AS联盟的BGP安全扩展协议(SE-BGP)。SE-BGP同样利用路由认证确保路由发布信息的可信性。其证书结构采用DRCM机制,并利用TTM模型,通过关键节点的两次签名转换实现信任关系的带内传递。SE-BGP对BGP属性、路由算法和路由配置进行了扩展。
SE-BGP在一个合理假设的基础上,其安全能力与S-BGP相当。与传统域间路由协议相比,SE-BGP能自适应网络结构的演化,具有良好的规模可扩展性。SE-BGP实现技术
论文基于Linux操作系统,通过扩展MRT软件路由系统,最终实现SE-BGP。SE-BGP的系统基本架构与S-BGP相类似。AS联盟、证书等配置具有自动加载和手动加载两种模式。AS联盟内的关键节点和普通节点分别具有不同的认证和签名算法。协议测试结果表明,SE-BGP可以有效的实现源认证和安全路径转发,SE-BGP具有良好的性能可扩展性。
As the core infrastructure of the Internet, the inter-domain routing system consists of a large number of interconnected autonomous systems (ASes), which exchange their routes using Border Gateway Protocol (BGP). Inter-domain routing security has become a significant issue for the future Internet and promoting the BGP nature security is an unavoidable problem. Most security mechanisms based on public key cryptography are far from deployment due to performance, trust model and other issues. As a complex large system, the inter-domain routing system has many essential properties different with other networks. Some novel research methods and technological approaches should be introduced.
The understanding of the root of the problem has a direct impact on the inter-domain routing system design, implementation, operation and management. The existing researches have not grasped the basic law and the evolutionary trend in the inter-domain system comprehensively.
In this dissertation, we provide some new techniques and mechanisms to improve the security performance of the inter-domain routing system using the complex system theory and the self-organized rules in ISPs based on the self-organization property of the inter-domain routing system itself. Our goal is to do some contribution to the continuance and healthy development of the new generation network and the process of constructing a more reliable, more faithful, more controllable and more manageable Internet.
Our work expands the research in four aspects as follows:
Self-organization theory based AS Alliance mechanism
Self-organization is a promising mechanism to control the complexity in large-scale and dynamic networks. On the basis of in-depth analysis in inter-domain routing self-organized patterns, the notion of AS Alliance is proposed. Some evolutionary algorithms (Including generation, merging, and decomposition) for AS Alliance are designed. We also present the mechanism of how to realize AS Alliance in BGP and describe the organization pattern of AS Alliance.
An AS Alliance is a local group of clustered ASes, in which only a small number of ASes can transmit routing information to other ASes outside the group. The AS Alliance makes full use of geography characteristic of ISPs, collectivization of business benefits and union of political interests. From some view, The AS Alliance is the logical structure between Internet and AS. The AS Alliance has the ability of self-evolution and can improve the whole Internet route security through encouraging other AS to join the Alliance. Moreover, the introduction of AS Alliance has two important significances. First, an organization pattern is provided, which could be a reliable technical approach for promoting global performance through local management. Second, act as very small number of nodes in inter-domain routing system, the key nodes in AS Alliance have some special application values.
The AS Alliance provides valuable technical approach for our study.
AS Alliance-oriented security extended mechanism AS Alliance provides new ideas and platforms to enhance the security of inter-domain routing system. Four AS Alliance-oriented security enhanced mechanisms are proposed: 1) AS Alliance-oriented DRCM (Distributed Resource Certificate Mechanism); 2) AS Alliance-oriented TTM (Translator Trust Model); 3) AS Alliance-oriented PCDARF (Prefix Collision Detection and Resolution Framework), including UPCDR (Usedspace-based Prefix Collision Detection Rules) and T-PCRA (Three-Phase Prefix Collision Resolution Algorithm); 4) ARL-RSA (Alliance-Relation -List based Route Stabilization Algorithm).
DRCM realizes distributed and registered management with resource certificate through AS Alliance structure.
TTM is an intermediate state between hierarchy trust and web of trust. It simplifies the trust relation within the same Alliance and realizes the trust relation in-band transfer among different Alliances through key nodes.
PCDARF can be used for prefix collision detection in DRCM and collision resolution. UPCDR builds a class model for used prefix space and collision detection rules through extended RPSL (Routing Policies Specification Language). The validity of UPCDR is verified. T-PCRA has three phases: collision orientation, collision negotiation and self-decision. It provides a complete mechanism for negotiation and decision and restrains the irresponsible nodes by reputation degree.
ARL-RSA uses the Alliance relation list and cost function to restrain the WITHDRAW message during a period of time. It effectually reduces the route flapping caused by link temporary failure and significantly improves the stability in inter-domain routing system.
AS Alliance-oriented security extended BGP
In order to implement AS Alliance and above-mentioned security extended mechanism, we design SE-BGP as a novel AS Alliance-oriented security extended BGP. The SE-BGP uses ROC (route of certificate) to protect the route credibility and the DRCM is used as the certificate architecture. The trust transfer between different Alliance is in-band by the using of TTM-based two signatures translation mechanism in key nodes. The routing property, algorithm and configuration are extended in SE-BGP.
It is demonstrated that SE-BGP has the same security performance with S-BGP under a rational assumption. Compared with the traditional inter-domain routing protocols, SE-BGP can adapte to the evolution of network structure and has good scalability.
Implementation of SE-BGP
Based on Linux operating system and MRT (Multi-Threaded Routing Toolkit), a notable soft router, we finally implement SE-BGP. The SE-BGP has similar software architecture with S-BGP. Configuration, such as AS Alliance, certificates, can be loaded by automatic or manual mode. The authentication and signature algorithm in the key node is different from normal node. The testing results show that SE-BGP protects the credibility of the route and the security capability is almost equal to S-BGP. Besides, SE-BGP has good performance scalability.
一些传统的方法在这一领域内面临着很强的不适应性,有必要引入新的观点和技术途径。
对域间路由系统问题根源的认识,直接影响域间路由系统的设计、实现、运行和管理。现有研究没有很好利用域间路由系统的基本规律和特性。
论文基于域间路由系统自组织特性,利用复杂系统理论和ISP之间交互的自组织规律,提出改善域间路由系统安全性能的新方法和新机制,为构造安全、可信、可控、可管的新一代互联网,促进新一代网络的持续健康发展提出了新途径。研究工作主要从以下四个方面进行了探讨:
基于自组织理论的AS联盟机制
域间路由系统是一个复杂巨系统,具有很强的自组织特性。论文在深入分析域间路由自组织形态的基础上提出AS联盟的概念,定义了联盟的关键节点和普通节点。设计AS联盟的生成、合并、分解等演化算法,给出AS联盟在BGP协议中的实现机理,并阐述了AS联盟的组织形态。
简单来看,AS联盟是存在共同目标的一组AS,充分利用了ISP之间互联关系的地缘特性、商业利益的集团化以及政治利益的分化联合关系。从某种程度上讲,AS联盟是整个Internet与AS之间的一种逻辑结构。AS联盟具有自主生成、自主演化的能力,能参与可信路由保证、监测和维护,提高整个Internet的路由安全能力。AS联盟的引入还有两个重要意义:第一,定义了一种组织结构,为网络通过局部管理增强全网的性能提供了一种可靠的技术途径;第二,AS联盟的关键节点作为网络中少数的节点,具有特殊的应用价值。
面向AS联盟的域间路由安全扩展机制
AS联盟的提出为增强域间路由协议的安全性提供了新的思路和平台。论文面向AS联盟提出4种安全扩展机制:①面向AS联盟的分布式资源认证机制(DRCM);②面向AS联盟的转换者信任模型(TTM);③面向AS联盟的前缀冲突检测与消解框架,核心机制包括基于使用空间的前缀冲突检测规则(UPCDR)和三阶段前缀冲突消解算法(T-PCRA);④基于联盟关系表的路由稳定算法(ARL-RSA)。
DRCM机制利用AS联盟的组织结构,实现了资源证书的分布式、注册式管理。
TTM模型是层次信任模型与网状信任模型的一种中间形态,避免了集中控制的僵化和网状模型的无结构性和无组织性,简化了联盟内的信任关系,通过关键节点带内传递联盟间的信任关系,增强了系统的可扩展能力。
面向AS联盟的前缀冲突检测与消解框架用于发现并消解DRCM机制中地址前缀注册冲突的问题。UPCDR规则通过扩展RPSL语言,对地址空间的使用策略进行建模描述,并定义冲突检测规则,有效的发现前缀注册冲突。T-PCRA算法分为冲突定位、冲突协商和自主决策三个阶段,为冲突消解提供一套完整的协商和决策机制,并基于信誉度的方法,抑制不负责任的节点。
ARL-RSA算法在路由层面上,通过利用联盟关系表和代价函数,在一定时间内抑制WITHDRAW报文的转发,有效地抑制网络局部链路临时失效引发的路由抖动,提高域间路由系统的稳定性。
面向AS联盟的BGP安全扩展协议
为了AS联盟和上述安全扩展机制的实现,论文提出一个面向AS联盟的BGP安全扩展协议(SE-BGP)。SE-BGP同样利用路由认证确保路由发布信息的可信性。其证书结构采用DRCM机制,并利用TTM模型,通过关键节点的两次签名转换实现信任关系的带内传递。SE-BGP对BGP属性、路由算法和路由配置进行了扩展。
SE-BGP在一个合理假设的基础上,其安全能力与S-BGP相当。与传统域间路由协议相比,SE-BGP能自适应网络结构的演化,具有良好的规模可扩展性。SE-BGP实现技术
论文基于Linux操作系统,通过扩展MRT软件路由系统,最终实现SE-BGP。SE-BGP的系统基本架构与S-BGP相类似。AS联盟、证书等配置具有自动加载和手动加载两种模式。AS联盟内的关键节点和普通节点分别具有不同的认证和签名算法。协议测试结果表明,SE-BGP可以有效的实现源认证和安全路径转发,SE-BGP具有良好的性能可扩展性。
As the core infrastructure of the Internet, the inter-domain routing system consists of a large number of interconnected autonomous systems (ASes), which exchange their routes using Border Gateway Protocol (BGP). Inter-domain routing security has become a significant issue for the future Internet and promoting the BGP nature security is an unavoidable problem. Most security mechanisms based on public key cryptography are far from deployment due to performance, trust model and other issues. As a complex large system, the inter-domain routing system has many essential properties different with other networks. Some novel research methods and technological approaches should be introduced.
The understanding of the root of the problem has a direct impact on the inter-domain routing system design, implementation, operation and management. The existing researches have not grasped the basic law and the evolutionary trend in the inter-domain system comprehensively.
In this dissertation, we provide some new techniques and mechanisms to improve the security performance of the inter-domain routing system using the complex system theory and the self-organized rules in ISPs based on the self-organization property of the inter-domain routing system itself. Our goal is to do some contribution to the continuance and healthy development of the new generation network and the process of constructing a more reliable, more faithful, more controllable and more manageable Internet.
Our work expands the research in four aspects as follows:
Self-organization theory based AS Alliance mechanism
Self-organization is a promising mechanism to control the complexity in large-scale and dynamic networks. On the basis of in-depth analysis in inter-domain routing self-organized patterns, the notion of AS Alliance is proposed. Some evolutionary algorithms (Including generation, merging, and decomposition) for AS Alliance are designed. We also present the mechanism of how to realize AS Alliance in BGP and describe the organization pattern of AS Alliance.
An AS Alliance is a local group of clustered ASes, in which only a small number of ASes can transmit routing information to other ASes outside the group. The AS Alliance makes full use of geography characteristic of ISPs, collectivization of business benefits and union of political interests. From some view, The AS Alliance is the logical structure between Internet and AS. The AS Alliance has the ability of self-evolution and can improve the whole Internet route security through encouraging other AS to join the Alliance. Moreover, the introduction of AS Alliance has two important significances. First, an organization pattern is provided, which could be a reliable technical approach for promoting global performance through local management. Second, act as very small number of nodes in inter-domain routing system, the key nodes in AS Alliance have some special application values.
The AS Alliance provides valuable technical approach for our study.
AS Alliance-oriented security extended mechanism AS Alliance provides new ideas and platforms to enhance the security of inter-domain routing system. Four AS Alliance-oriented security enhanced mechanisms are proposed: 1) AS Alliance-oriented DRCM (Distributed Resource Certificate Mechanism); 2) AS Alliance-oriented TTM (Translator Trust Model); 3) AS Alliance-oriented PCDARF (Prefix Collision Detection and Resolution Framework), including UPCDR (Usedspace-based Prefix Collision Detection Rules) and T-PCRA (Three-Phase Prefix Collision Resolution Algorithm); 4) ARL-RSA (Alliance-Relation -List based Route Stabilization Algorithm).
DRCM realizes distributed and registered management with resource certificate through AS Alliance structure.
TTM is an intermediate state between hierarchy trust and web of trust. It simplifies the trust relation within the same Alliance and realizes the trust relation in-band transfer among different Alliances through key nodes.
PCDARF can be used for prefix collision detection in DRCM and collision resolution. UPCDR builds a class model for used prefix space and collision detection rules through extended RPSL (Routing Policies Specification Language). The validity of UPCDR is verified. T-PCRA has three phases: collision orientation, collision negotiation and self-decision. It provides a complete mechanism for negotiation and decision and restrains the irresponsible nodes by reputation degree.
ARL-RSA uses the Alliance relation list and cost function to restrain the WITHDRAW message during a period of time. It effectually reduces the route flapping caused by link temporary failure and significantly improves the stability in inter-domain routing system.
AS Alliance-oriented security extended BGP
In order to implement AS Alliance and above-mentioned security extended mechanism, we design SE-BGP as a novel AS Alliance-oriented security extended BGP. The SE-BGP uses ROC (route of certificate) to protect the route credibility and the DRCM is used as the certificate architecture. The trust transfer between different Alliance is in-band by the using of TTM-based two signatures translation mechanism in key nodes. The routing property, algorithm and configuration are extended in SE-BGP.
It is demonstrated that SE-BGP has the same security performance with S-BGP under a rational assumption. Compared with the traditional inter-domain routing protocols, SE-BGP can adapte to the evolution of network structure and has good scalability.
Implementation of SE-BGP
Based on Linux operating system and MRT (Multi-Threaded Routing Toolkit), a notable soft router, we finally implement SE-BGP. The SE-BGP has similar software architecture with S-BGP. Configuration, such as AS Alliance, certificates, can be loaded by automatic or manual mode. The authentication and signature algorithm in the key node is different from normal node. The testing results show that SE-BGP protects the credibility of the route and the security capability is almost equal to S-BGP. Besides, SE-BGP has good performance scalability.
引文
[1] Rekhter Y, Li T, Hares S, et al. A Border Gateway Protocol 4 (BGP-4) [EB/OL]. RFC 4271, January 2006.
[2] http://en.wikipedia.org/wiki/AS_7007_incident.
[3] Bono VJ. 7007 Explanation and Apology. http://www.merit.edu/mail.archives/ nanog/1997-04/msg00444.html. 1997.
[4] http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml.
[5] Tao W. Analysis of BGP Prefix Origins During Google's May 2005 Outage[Z]. 2005.
[6] http:// www.nanog.org.
[7] RPSEC Working Group. http://www.ietf.org/html.charters/rpsec- charter.html.
[8] SIDR Working Group. http://www.ietf.org/html.charters/sidr- charter.html.
[9] S. Murphy, BGP Security Vulnerabilities Analysis, RFC 4272[EB/OL], 2006.
[10] Kent, S., Lynn, C., and Seo, K. Secure Border Gateway Protocol (S-BGP) [J]. IEEE Journal on Selected Areas in Communications 18, 4 (Apr.) , 2000.
[11] KRIOUKOV D, FALL K, YANG X. Compact routing on Internet-like graphs[A]. Proceedings of IEEE INFOCOM 2004[C]. Hong Kong,China, 2004
[12] NSF 04-540. Toward mathematically rigorous next-generation routing protocols for realistic network topologies[EB/OL]. http://www.caida.org/projects/ nets-nr/, 2005
[13] Huston G. Interconnection, Peering, and Settlements [J]. Internet protocol journal, 1999, vol. 45(3): 136-152
[14]汪小帆,陈关荣.复杂网络理论及其应用[M].清华大学出版社, 2006.
[15]张宇,方滨兴,张宏莉.中国AS级拓扑测量与分析[J].计算机学报. 2008, 31(4):611-619
[16] Dorogovtsev SN. Clustering of correlated networks[J]. Physical Review E, 2004,vol.69, no.027104
[17]张国强,张国清.Internet网络的关联性研究[J].软件学报.2006,17(3): 490-497.
[18] Watts, D.J. Small World: The Dynamic of Networks between Order and Randomness [J]. Nature, 1999, vol. 393-440.
[19] http://bgp.potaroo.net/as1221/bgp-active.html.
[20] Faloutsos M, Faloutsos P, Faloutsos C. On power-law relationships of the Internet topology[J]. ACM SIGCOMM Computer Communication Review, 1999, 29(4):251-262.
[21] Claffy K. Internet Measurement and Data Analysis:Topology, Workload,Performance and Routing Statistics[EB/OL]. http://www.caida.org/outreach/papers/ 1999/Nae.
[22] Newman MEJ. Assortative mixing in networks. Physical Review Letter[J]. 2002,vol.89, no.208701.
[23] Zhou S, Mondragon RJ. The rich-club phenomenon in the Intemet topology[J]. IEEE Communications Letters,2004,8(3):180-182.
[24] Zhou S, Mondragon, R J. Accurately modeling the Internet topology[J]. Physical Review E[J]. 2004, 70: 066108.
[25] Clauset A, Newman M E J, Moore C. Finding community structure in very large networks[J]. Physical Review E, 2004, 70(6) : 66111.
[26]张国强,张国清.互联网AS级拓扑的局部聚团现象研究[J].复杂系统与复杂性科学. 2006,3(3):34-41.
[27]袁韶谦,赵海,张昕,李超.Internet拓扑的社团结构分析[J].复杂系统与复杂性科学,2007,4(3):17-27.
[28] Zhou, S.; Zhang, G.-Q., Chinese Internet AS-level topology[J], Communi- cations, IET , vol.1, no.2, pp.209-214, April 2007.
[29]张国强,张国清,范晶,中国大陆AS级拓扑的测量与分析[J],通信学报. 2007, 28(10).
[30] Eriksen KA, Simonsen I, Maslov S, et al. Modularity and extreme edges of the internet[ J ]. Physical Review Letters, 2003, 90(14) : 148701 - 148704
[31] Kevin Butler, Toni Farley, Jennifer Rexford, A Survey of BGP Security[EB/OL], http://www.patrickmcdaniel.org/pubs/td-5ugj33.pdf , 2005.
[32] R. Perlman. Network Layer Protocols with Byzantine Robustness[D]. PhD thesis, Massachusetts Institute of Technology, August 1988.
[33] Stephen T. Kent,Charles W. Lynn and Karen S. Seo, Transitioning Secure Border Gateway Protocol (S-BGP) into the Internet[EB/OL], AFRL-IF-RS–TR -2004-63 Final Technical Report, 2004.
[34] Meyer, C. and Partan, A. BGP security, availability, and operator needs[EB/OL]. NANOG 28,2003.
[35] White, R. 2002. Deployment considerations for secure origin BGP (So-BGP) [EB/OL]. Internet Draft.
[36] Lonvick, C. RADIUS attributes for So-BGP support[EB/OL]. Internet Draft, 2003.
[37] Goodell, G., Aiello,W., Griffin, T., Ioannidis, J., McDaniel, P., and Rubin, A. Working around BGP: An incremental approach to improving security and accuracy of interdomain routing[C]. ISOC NDSS’03, San Diego, CA, USA, 75–85, 2003.
[38] Hu, Y.-C., Perrig, A., and Sirbu, M. SPV: Secure Path Vector Routing for Securing BGP[C]. In ACM SIGCOMM. 2004.
[39] Aiello, W., Ioannidis, J., and McDaniel, P. Origin authentication in interdomain routing[C]. ACM CCS’03, Washington, DC, USA, 2003.
[40] Wan, T., Kranakis, E., and van Oorschot, P. C. Pretty Secure BGP (psBGP) [C]. In Proc. Network and Distributed Systems Security 2005. Internet Society (ISOC), San Diego, CA ,2005.
[41] Lakshminarayanan Subramanian, Volker Roth, Ion Stoica, Scott Shenker and Randy H. Katz. Listen and Whisper: Security Mechanisms for BGP[C] , First Symposium on Networked Systems Design and Implementation (NSDI'04), March, 2004.
[42] Mahajan,Understanding BGP Misconfiguration[C],ACM SIGCOMM,2002.
[43] Kruegel, C. Mutz, D., Robertson, W., and Valeur, Topology-based detection of anomalous BGP messages[EB/OL]. In Proceedings of the 6th Symposium on Recent Advances in Intrusion Detection (RAID). 17–35, 2003.
[44] Evangelos Kranakis, P.C. van Oorschot, Tao Wan,Security Issues in the Border Gateway Protocol (BGP)[C], http://www.scs.carleton.ca/~kranakis/Papers/ TR-05-07.pdf, 2005.
[45] Josh Karlin, Stephanie Forrest, and Jennifer Rexford, Autonomous security for Autonomous Systems[J], Computer Networks, special issue on Complex Computer and Communications Networks, October 2008.
[46] Internet Routing Registry, http://www.irr.net/.
[47] A. Alaettinoglu, C. Villamizar, E. Gerich, D. Kessens, D. Meyer, T. Bates, D. Karrenberg, and M. Terpstra. Routing Policy Specification Language (RPSL), RFC 2622, 1999.
[48] D. Meyer, J. Schmitz, C. Orange, M. Prior, and C. Alaettinoglu, Using RPSL in Practice, RFC 2650. 1999.
[49] R. Bush. Validation of Received Routes[EB/OL]. NANOG, 2000.
[50] Haowen Chan, Debabrata Dash, Adrian Perrig, Hui Zhang. Modeling adoptability of secure BGP protocol[C]. In SIGCOMM '06: Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications (2006), pp. 279-290.
[51] Jennifer Rexford, Joan Feigenbaum, Incrementally-Deployable Security for Interdomain Routing[J], catch, Cybersecurity Applications & Technology Conference for Homeland Security, 2009 :130-134,
[52] I. Avramopoulos, M. Suchara, and J. Rexford. How small groups can secure interdomain routing. http://www.cs.prinston.edu/research/techreps/TR-808-07.
[53]关振胜,公钥基础设施PKI及其应用[M],电子工业出版社, 2009.
[54] PGP Corporation , http://www.pgp.com/.
[55] Wang L, Zhao X, Pei D, et al. Observation and Analysis of BGP Behaviorunder Stress [C]. the 2nd ACM SIGCOMM Workshop on Internet measurment. Marseille, France: 183– 195.
[56] Rexford J, Wang J, Xiao Z, et al. BGP Routing Stability of Popular Destinations[C]. Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment Marseille, France, November 06-08, 2002.
[57] Govindan R, Reddy A. An Analysis of Internet Inter-Domain Topology and Route Stability [C].Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies Driving the Information Revolution, April,1997: 850.
[58] Chinoy B. Dynamics of Internet Routing Information [C]. Conference proceedings on Communications architectures, protocols and applications. San Francisco, California, United States, September 13-17, 1993: 45-52.
[59]王洪君, Internet域间路由稳定性研究,东北大学博士论文, 2006.
[60] Routing Arbiter Project. http://www.merit.edu/networkresearch/projecthistory/ routingartiber/.
[61] Gao L, Rexford J. Stable Interent Routing without Global Coordination [J]. IEEE/ACM Trans. on Networking, 2001, vol. 9(6): 681-692.
[62] Villamizar C, Chandra R, Govindan R. BGP Route Flap Damping. RFC 2439, 1998.
[63] Labovitz C, Malan R, Jahanian F. Internet Routing Instability [C]. INFOCOM New York: IEEE, 1999: 218-226.
[64]胡宁,邹鹏,朱培栋.基于信誉机制的域间路由安全协同管理方法[J]. 2009. http://www.jos.org.cn/ch/reader/view_abstract.aspx?file_no=3479.
[65]张宏科,董平,杨冬.新互联网体系理论及关键技术[J].中兴通讯技术.2008 14(1).
[66]郭云飞,朱宣勇,王娜.对新型网络路由机制的思考[J].中兴通讯技术, 2008,14(1):21-26.
[67]吴建平,毕军.可信任的下一代互联网及其发展[J].通信世界网. 2008
[68]林闯,王元卓,田立勤.可信网络的发展及其面对的技术挑战[J].中兴技术通信, 2008.
[69] Kleinrock L, Kamoun F. Hierarchical Routing for Large Networks: Performance Evaluation and Optimization [J]. Computer Networks, 1977, vol. 1: 155-174.
[70] Albert R, Barabási A. Topology of Evolving Networks: Local Events and Universality [J]. Physical Review Letters, 2000, vol. 85(24): 5234-5241.
[71]王娜,马海龙,程东年,汪斌强. Hidra:一个分级域间路由架构[J].计算机学报. 2009,32(3).
[72] G.Huston. 2005 - A BGP Year in Review[EB/OL]. APNIC 21. March, 2006.
[73] M. Lad, X. Zhao, B. Zhang, D. Massey and L. Zhang. Analysis of BGP Update Surge during Slammer Worm Attack[J]. Distributed Computing - IWDC 2003: 833-835.
[74] R. V. Oliveira, R. Lzhak-Ratzin, B. Zhang and L. Zhang. Measurement of Highly Active Prefixes in BGP[J], IEEE GLOBECOM, 2005:5-9.
[75] W. Lan, Z. Xiaoliang, P. Dan, B. Randy, M. Daniel, M. Allison, S. F. Wu and Z. Lixia. Observation and analysis of BGP behavior under stress[C]. Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, Marseille, France, 2002:183-195.
[76] M. O'Dell. GSE - An Alternate Addressing Architecture for IPv6. draft -ietf- ipngwg-gseaddr-00.txt. February 1997.
[77] Ahlgren, Bengt Arkko, Jari Eggert, Lars Rajahalme, Jarno,A Node Identity Internetworking Architecture[C], INFOCOM 2006 , April 2006,On page(s): 1-6
[78] D. Farinacci, Locator/ID Separation Protocol (LISP), draft-farinacci-lisp-07.txt, 2008.
[79] F. Templin. The IPvLX Architecture. draft-templin-ipvlx-08.txt. 2007.
[80] R. Whittle. Ivip (Internet Vastly Improved Plumbing Architecture). draft- whittle-ivip-arch-01.txt. 2008.
[81] Ahlgren, Bengt Arkko, Jari Eggert, Lars Rajahalme, Jarno,A Node Identity Internetworking Architecture[C] ,INFOCOM 2006 , April 2006,On page(s): 1-6.
[82] X. Zhang, P. Francis, J. Wang and K. Yoshida. Scaling IP Routing with the Core Router-Integrated Overlay[C]. the 2006 IEEE International Conference on Network Protocols, 2006:147-156.
[83] J. J. Adan. Tunneled Inter-domain Routing (TIDR). draft-adan-idr-tidr-01.txt. 2006.
[84] Tunneling Route Reduction Protocol (TRRP). http://bill.herrin.us/network/ trrp.html.
[85] C. Vogt. Six/One: a solution for routing and addressing in IPv6. draft-vogt- rrg-six-one-01.txt. 2007.
[86] Xiaohu XU, D.Guo, Hierarchical Routing Architecture (HRA) , draft-xu-rrg- hra-00.txt ,February 18, 2008.
[87] M. O'Dell. GSE - An Alternate Addressing Architecture for IPv6. draft-ietf- pngwg-gseaddr-00.txt. February 1997.
[88] Shenker, S., and Stoica, I.HLP:A next generation interdomain routing protocol [C], Proceedings of Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM2005), 2005:13-24.
[89] Yang Xiaowei, Clark David, Berger Arthur W. NIRA: A New Inter-Domain Routing Architecture. IEEE/ACM Transactions on Networking, 2007, 15(4):775-788.
[90] http://www.caida.org/analysis/routing/astypes/.
[91] Bu T, Gao L, Towsley D. On Routing Table Growth. in Globle Internet, 2002.
[92] Traina P. Autonomous System Confederation for BGP. RFC 1965, 1996.
[93] Bates T, Chandra R, Chen E. BGP Route Reflection. RFC 2796, 2000.
[94] RCC: Routing Configuration Checker. http://nms.csail.mit.edu/bgp/rcc/.
[95] Internet Routing Registry, http://www.irr.net/.
[96] G. Griffin, A. D. Jaggard, and V. Ramachandran. Design Principles of Policy Languages for Path-Vector Protocols[C]. In Proc. ACM SIGCOMM’03, pp. 61–72, Aug. 2003.
[97] Jaggard, A.D., Ramachandran, V., Proceedings of the 12th IEEE International Conference on Volume Network Protocols. Page(s): 84 - 93, Oct,2004.
[98] L. Gao and J. Rexford. Stable Internet Routing Without Global Coordination. ACM/IEEE Trans. on Networking, 9(6): 681–692, 2001.
[99] http://www.cnbeta.com/articles/36918.htm.
[100] Dan Wendlandt, Ioannis Avramopoulos, David G. Andersen, and Jennifer Rexford, Don't secure routing protocols, secure data delivery, in Proc. HotNets, November 2006.
[101] J. Karlin, S. Forrest, J. Rexford, Protecting BGP from Invalid Paths[EB/OL], University of New Mexico TR-CS-2007-12, 2007.
[102] Global Environment for Network Innovations.http://www.geni.net/
[103] Kihong Park. The Internet as a Complex system[EB/OL], http://www.cs. purdue.edu/ nsl/complex.pdf , 2005-04.
[104] Yuichiro Hei, Akihiro Nakao, Toru Hasegawa, Tomohiko Ogishi, Shu Yamamoto, AS alliance: cooperatively improving resilience of intra-alliance communi cation [C]. CoNEXT 2008: 76.
[105] K. Kumar and G. Saraph. End-to-End QoS ininterdomain routing[C]. In Proc. of IEEE ICNS, 2006:82.
[106]赵金晶.域间路由系统自组织特性及关键问题研究[D].国防科技大学博士论文, 2007.
[107] Alderson D, Willinger W. A contrasting look at self-organization in the Internet and next-generation communication networks. IEEE Communications Magazine, 2005,43(7): 94-100.
[108] S. Santesson, S. Farrell, S. Boeyen, R. Housley, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, May 2008.
[109] G. Huston, G. Michaelson, R. Loomans. A Profile for X.509 PKIX Resource Certificates. draft-ietf-sidr-res-certs-16. 2009. http://www.ietf.org/internet-drafts/ draft- ietf-sidr-res-certs-16.txt.
[110] Adi Shamir, Identity-Based Cryptosystems and Signature Schemes[C]. Advances in Cryptology: Proceedings of CRYPTO 84, Lecture Notes in ComputerScience, 7:47--53, 1984.
[111] X. Boyen, L. Martin, Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems, RFC 5091. 2007.
[112] ZHAO Xiao-liang,Daniel Massey,S.Felix Wu and Lixia Zhang, Validation of Multiple Origin ASes Conflicts through BGP Community Attribute [S],IETF Internet draft,2003.
[113] X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang, Detection of Invalid Routing Announcement in the Internet, presented at Proceedings of the International Conference on Dependable Systems and Networks (DSN), 2002.
[114] PResnick P, Zeckhauser R, Friedman E, Kuwabara K. Reputation systems: Facilitating trust in Internet interactions. Communications of the ACM, 2000, 43(12):45-48.
[115] Hu, Yin-Chun, David McGrew, Adrian Perrig, Brian Weis, and Dan Wendlandt. Evolutionary Bootstrapping of a Global PKI for Secure BGP, In the Workshop on Hot Topics in Networks (HotNets'06), Irvine, CA November 29 - 30, 2006.
[116]李琦,吴建平,徐明伟,徐恪,张新文.自治系统间的安全路由协议:GesBGP[J].计算机学报. 2009 32(3).
[117] Dorogovtsev S N. Clustering of correlated networks[J]. Physical Review E, 2004(69): 027104.
[118] Chen Q, Chang H, Govindan R, et al. The Origin of Power Laws in Internet Topologies Revisited [C]. in INFOCOM New York: IEEE 2002: 608~617.
[119] Siganos G, Faloutsos M, Faloutsos P, et al. Power-laws and the AS-level Internet topology [J]. IEEE/ACM Trans. on Networking, 2003, vol. 11(4): 514-524.
[120] Vzquez AV. Degree correlations and clustering hierarchy in networks: Measures, origin and consequences[Ph.D.Thesis].Scuola Internazionale Superiore di Studi Avanzati Int School for Advanced Studies, 2002.
[121] Secure BGP Project (S-BGP) [EB/OL]. http://www.ir.bbn.com/sbgp/.
[122] http://etutorials.org/Networking/Integrated+cisco+and+unix+network+archite ctures/Chapter+2.+User-Space+Routing+Software/MRT+Multithreaded+Routing+Toolkit/.
[123] MRT Project Web pages[EB/OL]. http://www.mrtd.net/.
[124] Parallelism in MRT[EB/OL], http://www.mrtd.net/papers/mrt_parallelism_ 9611.ps, November 1996.
[125]刘欣,朱培栋,彭宇行.防范前缀劫持的互联网注册机制[J].软件学报. 2009,20(3):620-629.
[126] Harlan Yu, Jennifer Rexford, and Edward Felten. A distributed reputationapproach to cooperative Internet routing protection. Proc. Workshop on Secure Network Protocols, November 2005.
[127] L. Gao, On inferring autonomous system relationships in the Internet[J], IEEE/ACM Trans. on Networking, 2000, 9(6 ):733-745.
[128] W. Lou and Y. Fang, A Multipath Routing Approach for Secure Data Delivery, Proc. MILCOM 2001, vol. 2, pp. 1467–1473, Oct. 2001.
[129] K. Lakshminarayanan, M. Caesar, M. Rangan, T. Anderson, S. Shenker, I. Stoica, "Achieving Convergence-Free Routing using Failure-Carrying Packets," Proc. ACM SIGCOMM, Aug 2007.
[130] Azer Bestavros, Towards Trusted Adaptation Dynamics in Computing Systems and Networks, http://www.cs.columbia.edu/~smb/ngsi-whitepapers/Bestavros Azer.pdf.
[131] Matt Caesar and Jennifer Rexford, BGP policies in ISP networks[J], IEEE Network Magazine, special issue on interdomain routing, November/December 2005.
[132] Eva Tardos and Tim Roughgarden. Selfish Routing and the Price of Anarchy[J], the symposium of Game Theoretic Aspects of Internet Computation, Denver,USA,Feb. 2003.
[133] T. Roughgarden and . Tardos. How Bad is Selfish Routing?[J]. Journal of the ACM, 49(2):236--259, March 2002.
[133] Feigenbaum, R. Sami and S. Shenker. Mechanism Design for Policy Routing[C]. Proc. of ACM PODC'04, 2004.
[134] Franck Le, Sihyung Lee,et al.Using Data Mining to Detect Router Misconfigurations[C]. ACM SIGCOMM , September 2006.
[135] Prehofer C, Bettstetter C. Self-Organization in Communication Networks: Principles and Design Paradigms [J]. IEEE Communications Magazine, July, 2005, vol. 43(7).
[136] Dan Wendlandt, Ioannis Avramopoulos, David G. Andersen, and Jennifer Rexford, Don't secure routing protocols, secure data delivery[C], in Proc. HotNets, November 2006.
[137] http://www.irtf.org/charter?gtype=rg&group=rrg.
[2] http://en.wikipedia.org/wiki/AS_7007_incident.
[3] Bono VJ. 7007 Explanation and Apology. http://www.merit.edu/mail.archives/ nanog/1997-04/msg00444.html. 1997.
[4] http://www.renesys.com/blog/2008/02/pakistan_hijacks_youtube_1.shtml.
[5] Tao W. Analysis of BGP Prefix Origins During Google's May 2005 Outage[Z]. 2005.
[6] http:// www.nanog.org.
[7] RPSEC Working Group. http://www.ietf.org/html.charters/rpsec- charter.html.
[8] SIDR Working Group. http://www.ietf.org/html.charters/sidr- charter.html.
[9] S. Murphy, BGP Security Vulnerabilities Analysis, RFC 4272[EB/OL], 2006.
[10] Kent, S., Lynn, C., and Seo, K. Secure Border Gateway Protocol (S-BGP) [J]. IEEE Journal on Selected Areas in Communications 18, 4 (Apr.) , 2000.
[11] KRIOUKOV D, FALL K, YANG X. Compact routing on Internet-like graphs[A]. Proceedings of IEEE INFOCOM 2004[C]. Hong Kong,China, 2004
[12] NSF 04-540. Toward mathematically rigorous next-generation routing protocols for realistic network topologies[EB/OL]. http://www.caida.org/projects/ nets-nr/, 2005
[13] Huston G. Interconnection, Peering, and Settlements [J]. Internet protocol journal, 1999, vol. 45(3): 136-152
[14]汪小帆,陈关荣.复杂网络理论及其应用[M].清华大学出版社, 2006.
[15]张宇,方滨兴,张宏莉.中国AS级拓扑测量与分析[J].计算机学报. 2008, 31(4):611-619
[16] Dorogovtsev SN. Clustering of correlated networks[J]. Physical Review E, 2004,vol.69, no.027104
[17]张国强,张国清.Internet网络的关联性研究[J].软件学报.2006,17(3): 490-497.
[18] Watts, D.J. Small World: The Dynamic of Networks between Order and Randomness [J]. Nature, 1999, vol. 393-440.
[19] http://bgp.potaroo.net/as1221/bgp-active.html.
[20] Faloutsos M, Faloutsos P, Faloutsos C. On power-law relationships of the Internet topology[J]. ACM SIGCOMM Computer Communication Review, 1999, 29(4):251-262.
[21] Claffy K. Internet Measurement and Data Analysis:Topology, Workload,Performance and Routing Statistics[EB/OL]. http://www.caida.org/outreach/papers/ 1999/Nae.
[22] Newman MEJ. Assortative mixing in networks. Physical Review Letter[J]. 2002,vol.89, no.208701.
[23] Zhou S, Mondragon RJ. The rich-club phenomenon in the Intemet topology[J]. IEEE Communications Letters,2004,8(3):180-182.
[24] Zhou S, Mondragon, R J. Accurately modeling the Internet topology[J]. Physical Review E[J]. 2004, 70: 066108.
[25] Clauset A, Newman M E J, Moore C. Finding community structure in very large networks[J]. Physical Review E, 2004, 70(6) : 66111.
[26]张国强,张国清.互联网AS级拓扑的局部聚团现象研究[J].复杂系统与复杂性科学. 2006,3(3):34-41.
[27]袁韶谦,赵海,张昕,李超.Internet拓扑的社团结构分析[J].复杂系统与复杂性科学,2007,4(3):17-27.
[28] Zhou, S.; Zhang, G.-Q., Chinese Internet AS-level topology[J], Communi- cations, IET , vol.1, no.2, pp.209-214, April 2007.
[29]张国强,张国清,范晶,中国大陆AS级拓扑的测量与分析[J],通信学报. 2007, 28(10).
[30] Eriksen KA, Simonsen I, Maslov S, et al. Modularity and extreme edges of the internet[ J ]. Physical Review Letters, 2003, 90(14) : 148701 - 148704
[31] Kevin Butler, Toni Farley, Jennifer Rexford, A Survey of BGP Security[EB/OL], http://www.patrickmcdaniel.org/pubs/td-5ugj33.pdf , 2005.
[32] R. Perlman. Network Layer Protocols with Byzantine Robustness[D]. PhD thesis, Massachusetts Institute of Technology, August 1988.
[33] Stephen T. Kent,Charles W. Lynn and Karen S. Seo, Transitioning Secure Border Gateway Protocol (S-BGP) into the Internet[EB/OL], AFRL-IF-RS–TR -2004-63 Final Technical Report, 2004.
[34] Meyer, C. and Partan, A. BGP security, availability, and operator needs[EB/OL]. NANOG 28,2003.
[35] White, R. 2002. Deployment considerations for secure origin BGP (So-BGP) [EB/OL]. Internet Draft.
[36] Lonvick, C. RADIUS attributes for So-BGP support[EB/OL]. Internet Draft, 2003.
[37] Goodell, G., Aiello,W., Griffin, T., Ioannidis, J., McDaniel, P., and Rubin, A. Working around BGP: An incremental approach to improving security and accuracy of interdomain routing[C]. ISOC NDSS’03, San Diego, CA, USA, 75–85, 2003.
[38] Hu, Y.-C., Perrig, A., and Sirbu, M. SPV: Secure Path Vector Routing for Securing BGP[C]. In ACM SIGCOMM. 2004.
[39] Aiello, W., Ioannidis, J., and McDaniel, P. Origin authentication in interdomain routing[C]. ACM CCS’03, Washington, DC, USA, 2003.
[40] Wan, T., Kranakis, E., and van Oorschot, P. C. Pretty Secure BGP (psBGP) [C]. In Proc. Network and Distributed Systems Security 2005. Internet Society (ISOC), San Diego, CA ,2005.
[41] Lakshminarayanan Subramanian, Volker Roth, Ion Stoica, Scott Shenker and Randy H. Katz. Listen and Whisper: Security Mechanisms for BGP[C] , First Symposium on Networked Systems Design and Implementation (NSDI'04), March, 2004.
[42] Mahajan,Understanding BGP Misconfiguration[C],ACM SIGCOMM,2002.
[43] Kruegel, C. Mutz, D., Robertson, W., and Valeur, Topology-based detection of anomalous BGP messages[EB/OL]. In Proceedings of the 6th Symposium on Recent Advances in Intrusion Detection (RAID). 17–35, 2003.
[44] Evangelos Kranakis, P.C. van Oorschot, Tao Wan,Security Issues in the Border Gateway Protocol (BGP)[C], http://www.scs.carleton.ca/~kranakis/Papers/ TR-05-07.pdf, 2005.
[45] Josh Karlin, Stephanie Forrest, and Jennifer Rexford, Autonomous security for Autonomous Systems[J], Computer Networks, special issue on Complex Computer and Communications Networks, October 2008.
[46] Internet Routing Registry, http://www.irr.net/.
[47] A. Alaettinoglu, C. Villamizar, E. Gerich, D. Kessens, D. Meyer, T. Bates, D. Karrenberg, and M. Terpstra. Routing Policy Specification Language (RPSL), RFC 2622, 1999.
[48] D. Meyer, J. Schmitz, C. Orange, M. Prior, and C. Alaettinoglu, Using RPSL in Practice, RFC 2650. 1999.
[49] R. Bush. Validation of Received Routes[EB/OL]. NANOG, 2000.
[50] Haowen Chan, Debabrata Dash, Adrian Perrig, Hui Zhang. Modeling adoptability of secure BGP protocol[C]. In SIGCOMM '06: Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications (2006), pp. 279-290.
[51] Jennifer Rexford, Joan Feigenbaum, Incrementally-Deployable Security for Interdomain Routing[J], catch, Cybersecurity Applications & Technology Conference for Homeland Security, 2009 :130-134,
[52] I. Avramopoulos, M. Suchara, and J. Rexford. How small groups can secure interdomain routing. http://www.cs.prinston.edu/research/techreps/TR-808-07.
[53]关振胜,公钥基础设施PKI及其应用[M],电子工业出版社, 2009.
[54] PGP Corporation , http://www.pgp.com/.
[55] Wang L, Zhao X, Pei D, et al. Observation and Analysis of BGP Behaviorunder Stress [C]. the 2nd ACM SIGCOMM Workshop on Internet measurment. Marseille, France: 183– 195.
[56] Rexford J, Wang J, Xiao Z, et al. BGP Routing Stability of Popular Destinations[C]. Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment Marseille, France, November 06-08, 2002.
[57] Govindan R, Reddy A. An Analysis of Internet Inter-Domain Topology and Route Stability [C].Sixteenth Annual Joint Conference of the IEEE Computer and Communications Societies Driving the Information Revolution, April,1997: 850.
[58] Chinoy B. Dynamics of Internet Routing Information [C]. Conference proceedings on Communications architectures, protocols and applications. San Francisco, California, United States, September 13-17, 1993: 45-52.
[59]王洪君, Internet域间路由稳定性研究,东北大学博士论文, 2006.
[60] Routing Arbiter Project. http://www.merit.edu/networkresearch/projecthistory/ routingartiber/.
[61] Gao L, Rexford J. Stable Interent Routing without Global Coordination [J]. IEEE/ACM Trans. on Networking, 2001, vol. 9(6): 681-692.
[62] Villamizar C, Chandra R, Govindan R. BGP Route Flap Damping. RFC 2439, 1998.
[63] Labovitz C, Malan R, Jahanian F. Internet Routing Instability [C]. INFOCOM New York: IEEE, 1999: 218-226.
[64]胡宁,邹鹏,朱培栋.基于信誉机制的域间路由安全协同管理方法[J]. 2009. http://www.jos.org.cn/ch/reader/view_abstract.aspx?file_no=3479.
[65]张宏科,董平,杨冬.新互联网体系理论及关键技术[J].中兴通讯技术.2008 14(1).
[66]郭云飞,朱宣勇,王娜.对新型网络路由机制的思考[J].中兴通讯技术, 2008,14(1):21-26.
[67]吴建平,毕军.可信任的下一代互联网及其发展[J].通信世界网. 2008
[68]林闯,王元卓,田立勤.可信网络的发展及其面对的技术挑战[J].中兴技术通信, 2008.
[69] Kleinrock L, Kamoun F. Hierarchical Routing for Large Networks: Performance Evaluation and Optimization [J]. Computer Networks, 1977, vol. 1: 155-174.
[70] Albert R, Barabási A. Topology of Evolving Networks: Local Events and Universality [J]. Physical Review Letters, 2000, vol. 85(24): 5234-5241.
[71]王娜,马海龙,程东年,汪斌强. Hidra:一个分级域间路由架构[J].计算机学报. 2009,32(3).
[72] G.Huston. 2005 - A BGP Year in Review[EB/OL]. APNIC 21. March, 2006.
[73] M. Lad, X. Zhao, B. Zhang, D. Massey and L. Zhang. Analysis of BGP Update Surge during Slammer Worm Attack[J]. Distributed Computing - IWDC 2003: 833-835.
[74] R. V. Oliveira, R. Lzhak-Ratzin, B. Zhang and L. Zhang. Measurement of Highly Active Prefixes in BGP[J], IEEE GLOBECOM, 2005:5-9.
[75] W. Lan, Z. Xiaoliang, P. Dan, B. Randy, M. Daniel, M. Allison, S. F. Wu and Z. Lixia. Observation and analysis of BGP behavior under stress[C]. Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, Marseille, France, 2002:183-195.
[76] M. O'Dell. GSE - An Alternate Addressing Architecture for IPv6. draft -ietf- ipngwg-gseaddr-00.txt. February 1997.
[77] Ahlgren, Bengt Arkko, Jari Eggert, Lars Rajahalme, Jarno,A Node Identity Internetworking Architecture[C], INFOCOM 2006 , April 2006,On page(s): 1-6
[78] D. Farinacci, Locator/ID Separation Protocol (LISP), draft-farinacci-lisp-07.txt, 2008.
[79] F. Templin. The IPvLX Architecture. draft-templin-ipvlx-08.txt. 2007.
[80] R. Whittle. Ivip (Internet Vastly Improved Plumbing Architecture). draft- whittle-ivip-arch-01.txt. 2008.
[81] Ahlgren, Bengt Arkko, Jari Eggert, Lars Rajahalme, Jarno,A Node Identity Internetworking Architecture[C] ,INFOCOM 2006 , April 2006,On page(s): 1-6.
[82] X. Zhang, P. Francis, J. Wang and K. Yoshida. Scaling IP Routing with the Core Router-Integrated Overlay[C]. the 2006 IEEE International Conference on Network Protocols, 2006:147-156.
[83] J. J. Adan. Tunneled Inter-domain Routing (TIDR). draft-adan-idr-tidr-01.txt. 2006.
[84] Tunneling Route Reduction Protocol (TRRP). http://bill.herrin.us/network/ trrp.html.
[85] C. Vogt. Six/One: a solution for routing and addressing in IPv6. draft-vogt- rrg-six-one-01.txt. 2007.
[86] Xiaohu XU, D.Guo, Hierarchical Routing Architecture (HRA) , draft-xu-rrg- hra-00.txt ,February 18, 2008.
[87] M. O'Dell. GSE - An Alternate Addressing Architecture for IPv6. draft-ietf- pngwg-gseaddr-00.txt. February 1997.
[88] Shenker, S., and Stoica, I.HLP:A next generation interdomain routing protocol [C], Proceedings of Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications (SIGCOMM2005), 2005:13-24.
[89] Yang Xiaowei, Clark David, Berger Arthur W. NIRA: A New Inter-Domain Routing Architecture. IEEE/ACM Transactions on Networking, 2007, 15(4):775-788.
[90] http://www.caida.org/analysis/routing/astypes/.
[91] Bu T, Gao L, Towsley D. On Routing Table Growth. in Globle Internet, 2002.
[92] Traina P. Autonomous System Confederation for BGP. RFC 1965, 1996.
[93] Bates T, Chandra R, Chen E. BGP Route Reflection. RFC 2796, 2000.
[94] RCC: Routing Configuration Checker. http://nms.csail.mit.edu/bgp/rcc/.
[95] Internet Routing Registry, http://www.irr.net/.
[96] G. Griffin, A. D. Jaggard, and V. Ramachandran. Design Principles of Policy Languages for Path-Vector Protocols[C]. In Proc. ACM SIGCOMM’03, pp. 61–72, Aug. 2003.
[97] Jaggard, A.D., Ramachandran, V., Proceedings of the 12th IEEE International Conference on Volume Network Protocols. Page(s): 84 - 93, Oct,2004.
[98] L. Gao and J. Rexford. Stable Internet Routing Without Global Coordination. ACM/IEEE Trans. on Networking, 9(6): 681–692, 2001.
[99] http://www.cnbeta.com/articles/36918.htm.
[100] Dan Wendlandt, Ioannis Avramopoulos, David G. Andersen, and Jennifer Rexford, Don't secure routing protocols, secure data delivery, in Proc. HotNets, November 2006.
[101] J. Karlin, S. Forrest, J. Rexford, Protecting BGP from Invalid Paths[EB/OL], University of New Mexico TR-CS-2007-12, 2007.
[102] Global Environment for Network Innovations.http://www.geni.net/
[103] Kihong Park. The Internet as a Complex system[EB/OL], http://www.cs. purdue.edu/ nsl/complex.pdf , 2005-04.
[104] Yuichiro Hei, Akihiro Nakao, Toru Hasegawa, Tomohiko Ogishi, Shu Yamamoto, AS alliance: cooperatively improving resilience of intra-alliance communi cation [C]. CoNEXT 2008: 76.
[105] K. Kumar and G. Saraph. End-to-End QoS ininterdomain routing[C]. In Proc. of IEEE ICNS, 2006:82.
[106]赵金晶.域间路由系统自组织特性及关键问题研究[D].国防科技大学博士论文, 2007.
[107] Alderson D, Willinger W. A contrasting look at self-organization in the Internet and next-generation communication networks. IEEE Communications Magazine, 2005,43(7): 94-100.
[108] S. Santesson, S. Farrell, S. Boeyen, R. Housley, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, May 2008.
[109] G. Huston, G. Michaelson, R. Loomans. A Profile for X.509 PKIX Resource Certificates. draft-ietf-sidr-res-certs-16. 2009. http://www.ietf.org/internet-drafts/ draft- ietf-sidr-res-certs-16.txt.
[110] Adi Shamir, Identity-Based Cryptosystems and Signature Schemes[C]. Advances in Cryptology: Proceedings of CRYPTO 84, Lecture Notes in ComputerScience, 7:47--53, 1984.
[111] X. Boyen, L. Martin, Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems, RFC 5091. 2007.
[112] ZHAO Xiao-liang,Daniel Massey,S.Felix Wu and Lixia Zhang, Validation of Multiple Origin ASes Conflicts through BGP Community Attribute [S],IETF Internet draft,2003.
[113] X. Zhao, D. Pei, L. Wang, D. Massey, A. Mankin, S. F. Wu, and L. Zhang, Detection of Invalid Routing Announcement in the Internet, presented at Proceedings of the International Conference on Dependable Systems and Networks (DSN), 2002.
[114] PResnick P, Zeckhauser R, Friedman E, Kuwabara K. Reputation systems: Facilitating trust in Internet interactions. Communications of the ACM, 2000, 43(12):45-48.
[115] Hu, Yin-Chun, David McGrew, Adrian Perrig, Brian Weis, and Dan Wendlandt. Evolutionary Bootstrapping of a Global PKI for Secure BGP, In the Workshop on Hot Topics in Networks (HotNets'06), Irvine, CA November 29 - 30, 2006.
[116]李琦,吴建平,徐明伟,徐恪,张新文.自治系统间的安全路由协议:GesBGP[J].计算机学报. 2009 32(3).
[117] Dorogovtsev S N. Clustering of correlated networks[J]. Physical Review E, 2004(69): 027104.
[118] Chen Q, Chang H, Govindan R, et al. The Origin of Power Laws in Internet Topologies Revisited [C]. in INFOCOM New York: IEEE 2002: 608~617.
[119] Siganos G, Faloutsos M, Faloutsos P, et al. Power-laws and the AS-level Internet topology [J]. IEEE/ACM Trans. on Networking, 2003, vol. 11(4): 514-524.
[120] Vzquez AV. Degree correlations and clustering hierarchy in networks: Measures, origin and consequences[Ph.D.Thesis].Scuola Internazionale Superiore di Studi Avanzati Int School for Advanced Studies, 2002.
[121] Secure BGP Project (S-BGP) [EB/OL]. http://www.ir.bbn.com/sbgp/.
[122] http://etutorials.org/Networking/Integrated+cisco+and+unix+network+archite ctures/Chapter+2.+User-Space+Routing+Software/MRT+Multithreaded+Routing+Toolkit/.
[123] MRT Project Web pages[EB/OL]. http://www.mrtd.net/.
[124] Parallelism in MRT[EB/OL], http://www.mrtd.net/papers/mrt_parallelism_ 9611.ps, November 1996.
[125]刘欣,朱培栋,彭宇行.防范前缀劫持的互联网注册机制[J].软件学报. 2009,20(3):620-629.
[126] Harlan Yu, Jennifer Rexford, and Edward Felten. A distributed reputationapproach to cooperative Internet routing protection. Proc. Workshop on Secure Network Protocols, November 2005.
[127] L. Gao, On inferring autonomous system relationships in the Internet[J], IEEE/ACM Trans. on Networking, 2000, 9(6 ):733-745.
[128] W. Lou and Y. Fang, A Multipath Routing Approach for Secure Data Delivery, Proc. MILCOM 2001, vol. 2, pp. 1467–1473, Oct. 2001.
[129] K. Lakshminarayanan, M. Caesar, M. Rangan, T. Anderson, S. Shenker, I. Stoica, "Achieving Convergence-Free Routing using Failure-Carrying Packets," Proc. ACM SIGCOMM, Aug 2007.
[130] Azer Bestavros, Towards Trusted Adaptation Dynamics in Computing Systems and Networks, http://www.cs.columbia.edu/~smb/ngsi-whitepapers/Bestavros Azer.pdf.
[131] Matt Caesar and Jennifer Rexford, BGP policies in ISP networks[J], IEEE Network Magazine, special issue on interdomain routing, November/December 2005.
[132] Eva Tardos and Tim Roughgarden. Selfish Routing and the Price of Anarchy[J], the symposium of Game Theoretic Aspects of Internet Computation, Denver,USA,Feb. 2003.
[133] T. Roughgarden and . Tardos. How Bad is Selfish Routing?[J]. Journal of the ACM, 49(2):236--259, March 2002.
[133] Feigenbaum, R. Sami and S. Shenker. Mechanism Design for Policy Routing[C]. Proc. of ACM PODC'04, 2004.
[134] Franck Le, Sihyung Lee,et al.Using Data Mining to Detect Router Misconfigurations[C]. ACM SIGCOMM , September 2006.
[135] Prehofer C, Bettstetter C. Self-Organization in Communication Networks: Principles and Design Paradigms [J]. IEEE Communications Magazine, July, 2005, vol. 43(7).
[136] Dan Wendlandt, Ioannis Avramopoulos, David G. Andersen, and Jennifer Rexford, Don't secure routing protocols, secure data delivery[C], in Proc. HotNets, November 2006.
[137] http://www.irtf.org/charter?gtype=rg&group=rrg.