Inventing Protocol (MIT Press, 2019)

My first book, under contract with MIT Press, is an explanation of the ontological and axiomatic systems that structured the design of key Internet protocols—and continue to structure their incremental advances today. These systems are important because they impose strict limitations on both incremental and clean-slate efforts to improve the internet.

It is true that formal and technical criteria can decide aspects of protocol specifications, implementations, as well as their gradual evolution. These criteria can even appear self-evident. However, protocols are not reducible to these narrow technological criteria; physical and philosophical dependencies from the past also structure their specification and evolution.

I examine the Transmission Control Protocol (TCP), Internet Protocol (IP), Universal Datagram Protocol (UDP), Exterior Gateway Protocol (EGP), Border Gateway Protocol (BGP), the Domain Name System (DNS), Simple Mail Transfer Protocol (SMTP), and a series of end-to-end cryptographic protocols. I also analyze key predecessors of these protocols in order to make clear their ontological and axiomatic basis.

I also explain how these same ontological and axiomatic systems also influence organizations that administer and govern the Internet today. I conclude with lessons for protocol design in the 21st century.

Novel Metrics Frameworks for Security Operation Centers

This project will develop a new metrics framework that measures and validates SOC performance against enterprise network security. The specific goal is to create a framework that SOCs and parent organization personnel could use to create tailored metrics for their unique security environment. The research includes a technical study of network monitoring, as well as a qualitative approach to the study of organizational environments that analyzes people and technological artifacts as interacting components in complex systems and describes stability and change in the functioning or mis-functioning of these systems. By treating networks, security components, and operations staff as part of an interdependent system, the metrics will be able to account for factors such as outstanding security vulnerabilities, strategic and long-term planning, and constituency interests, and will provide on-the-ground SOC analysts with ways to input local knowledge into higher-up decisions.

The Domain Name System Security Extensions in the IANA Function (Google)

This study, underway for Google, is an assessment of how the Internet Assigned Numbers Authority (IANA) Function will incorporate the technical and administrative requirements imposed by the Domain Name System Security Extensions (DNSSEC).

The IANA Function administers the Internet's unique identifiers (or, name bindings): things like IP addresses, domain names, and ports, which require different kinds of uniqueness (ranging from global to local) and thus different kinds of administration. DNSSEC represents a major change to the identifiers that require management, in part because it includes cryptographic identifiers.

Given that DNSSEC is designed to serve the security needs of other protocols Internet administration practices, it is crucial that its requirements be understood in advance. This project will complete in 2019.

The Technical Administration of Internet Identifiers (Google, ICANN)

In 2016 the US Government moved to transfer to the private sector its remaining authority over the technical administration of the Internet. In response to a congressional request, the General Council of the US Government Accountability Office provided a legal opinion that the transfer “raises a series of novel, complex, and highly fact-specific issues… Because of... the incomplete record before us, and other uncertainties, our opinion with respect to the U.S. Government’s property rights [in the final transfer of IANA Function to the private sector] is necessarily limited” (Report B-327398).

This report delves into the institutional and technical details of the transfer. It does so by analyzing the intersection of law, contract, and the structure of Internet protocols: ultimately, it assessed the basis of legitimate authority in the administration of Internet names, numbers, and parameters (e.g., domain names, addresses, and protocol parameters). Because the Internet’s technical administration evolved out of the Arpanet, this report covers the period 1968-2018.

This work, supported by Google and ICANN, will culminate in a report, as well as an interactive visualization (released in 2018-19). I serve as lead author; my co-author, Russ Mundy, is former Chief Scientist of the Defense Data Network (the predecessor to NIPRNET, SIPRNET, and JWICS).

Cyberspace and National Security

My activities in this area involves two projects: i) the intersection of national security and communication standards, ii) the geopolitical significance of Internet topology, and iii) the geopolitical consequences of cyberattacks (with Dave Farber). It is underway in partnership with Keio University.

This work is underway and I plan to announce parts of it during 2018.