Article

Structure preserving anonymization of router configuration data

Authors:

Jennifer RexfordAuthors Info & Claims

IMC '04: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement

Pages 239 - 244

https://doi.org/10.1145/1028788.1028819

Published: 25 October 2004 Publication History

Get Access

Abstract

A repository of router configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, configuration files have been largely unobtainable precisely because they provide detailed information that could be exploited by competitors and attackers. This paper describes a method for anonymizing router configuration files by removing all information that connects the data to the identity of the originating network, while still preserving the structure of information that makes the data valuable to networking researchers. Anonymizing configuration files has unusual requirements, including preserving relationships between elements of data, anonymizing regular expressions, and robustly coping with more than 200 versions of the configuration language, that mean conventional tools and techniques are poorly suited to the problem. Our anonymization method has been validated with a major carrier, earning unprivileged researchers access to the configuration files of more than 7600 routers in 31 networks. Through example analysis, we demonstrate that the anonymized data retains the key properties of the network design. We believe that applying our single-blind methodology to a large number of production networks from different sources would be of tremendous value to both the research and operations communities.

References

[1]

D. A. Maltz, G. Xie, J. Zhan, H. Zhang, G. Hjalmtysson, and A. Greenberg, "Routing design in operational networks: A look from the inside," in Proc. ACM SIGCOMM, August 2004.]]

Digital Library

Google Scholar

[2]

D. Eastlake, 3rd and P. Jones, RFC 3174 - US Secure Hash Algorithm 1 (SHA1), 2001. Available from http://www.ietf.org/.]]

Digital Library

Google Scholar

[3]

D. A. Maltz, J. Zhan, G. Xie, H. Zhang, G. Hjalmtysson, A. Greenberg, and J. Rexford, "Structure preserving anonymization of router configuration data," Tech. Rep. CMU-CS-04-149, Carnegie Mellon University, 2004.]]

Digital Library

Google Scholar

[4]

J. Xu, J. Fan, M. Ammar, and S. B. Moon, "Prefix preserving IP address anonymization: Measurement-based security evaluation and a new cryptography-based scheme," in Proc. International Conference on Network Protocols, October 2002.]]

Digital Library

Google Scholar

[5]

G. Minshall, "tcpdpriv - remove private information from a tcpdump -w file." Software distribution available from http://ita.ee.lbl.gov/-html/contrib/tcpdpriv.html, 1997.]]

Google Scholar

[6]

J. C. Martin, Introduction to Languages and the Theory of Computation. McGraw-Hill, 1991.]]

Digital Library

Google Scholar

[7]

T. Ylonen, "Thoughts on how to mount an attack on tcpdpriv's "-a50" option...." Web White Paper available from http://ita.ee.lbl.gov/-html/contrib/-attack50/attack50.html.]]

Google Scholar

[8]

N. Spring, R. Mahajan, and D. Wetherall, "Measuring ISP topologies with RocketFuel," in Proc. ACM SIGCOMM, August 2002.]]

Digital Library

Google Scholar

Cited By

View all

Wang YMen QXiao YChen YLiu GSekar VYu MSeneviratne AVeitch D(2024)ConfMask: Enabling Privacy-Preserving Configuration Sharing via AnonymizationProceedings of the ACM SIGCOMM 2024 Conference10.1145/3651890.3672217(465-483)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3651890.3672217
Xu LXu KShen MRen KFan JGuan CChen WLui JWang XWolf ALiu YHu C(2017)MINOSProceedings of the ACM Turing 50th Celebration Conference - China10.1145/3063955.3063996(1-10)Online publication date: 12-May-2017
https://dl.acm.org/doi/10.1145/3063955.3063996
Bremler-Barr AHarchol YHay DBarcellos MCrowcroft JVahdat AKatti S(2016)OpenBoxProceedings of the 2016 ACM SIGCOMM Conference10.1145/2934872.2934875(511-524)Online publication date: 22-Aug-2016
https://dl.acm.org/doi/10.1145/2934872.2934875
Show More Cited By

Index Terms

Structure preserving anonymization of router configuration data
1. Networks
  1. Network architectures

Recommendations

Structure preserving anonymization of router configuration data
Special issue on network infrastructure configuration

A repository of router configuration files from production networks would provide the research community with a treasure trove of data about network topologies, routing designs, and security policies. However, configuration files have been largely ...
From t-closeness to differential privacy and vice versa in data anonymization

k-anonymity and ε-differential privacy are two mainstream privacy models, the former introduced to anonymize data sets and the latter to limit the knowledge gain that results from including one individual in the data set. Whereas basic k-anonymity only ...
A novel anonymization algorithm: Privacy protection and knowledge preservation

In data mining and knowledge discovery, there are two conflicting goals: privacy protection and knowledge preservation. On the one hand, we anonymize data to protect privacy; on the other hand, we allow miners to discover useful knowledge from ...

Comments

Information & Contributors

Information

Published In

IMC '04: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement

October 2004

386 pages

ISBN:1581138210

DOI:10.1145/1028788

General Chair:
Alfio Lombardo
U. Catania
,
Program Chair:
Jim Kurose
University of Massachusetts

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 October 2004

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

IMC04

Sponsor:

IMC04: Internet Measurement Conference

October 25 - 27, 2004

Taormina, Sicily, Italy

Acceptance Rates

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
273
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Wang YMen QXiao YChen YLiu GSekar VYu MSeneviratne AVeitch D(2024)ConfMask: Enabling Privacy-Preserving Configuration Sharing via AnonymizationProceedings of the ACM SIGCOMM 2024 Conference10.1145/3651890.3672217(465-483)Online publication date: 4-Aug-2024
https://dl.acm.org/doi/10.1145/3651890.3672217
Xu LXu KShen MRen KFan JGuan CChen WLui JWang XWolf ALiu YHu C(2017)MINOSProceedings of the ACM Turing 50th Celebration Conference - China10.1145/3063955.3063996(1-10)Online publication date: 12-May-2017
https://dl.acm.org/doi/10.1145/3063955.3063996
Bremler-Barr AHarchol YHay DBarcellos MCrowcroft JVahdat AKatti S(2016)OpenBoxProceedings of the 2016 ACM SIGCOMM Conference10.1145/2934872.2934875(511-524)Online publication date: 22-Aug-2016
https://dl.acm.org/doi/10.1145/2934872.2934875
Mivule KAnderson B(2015)A study of usability-aware network trace anonymization2015 Science and Information Conference (SAI)10.1109/SAI.2015.7237310(1293-1304)Online publication date: Jul-2015
https://doi.org/10.1109/SAI.2015.7237310
Stanek JKencl LKuthan J(2014)Analyzing anomalies in anonymized SIP traffic2014 IFIP Networking Conference10.1109/IFIPNetworking.2014.6857106(1-9)Online publication date: Jun-2014
https://doi.org/10.1109/IFIPNetworking.2014.6857106
Khakpour ALiu A(2012)First Step toward Cloud-Based FirewallingProceedings of the 2012 IEEE 31st Symposium on Reliable Distributed Systems10.1109/SRDS.2012.31(41-50)Online publication date: 8-Oct-2012
https://dl.acm.org/doi/10.1109/SRDS.2012.31
Cal DLee SSen SYates J(2010)Gold standard auditing for router configurations2010 17th IEEE Workshop on Local & Metropolitan Area Networks (LANMAN)10.1109/LANMAN.2010.5507163(1-6)Online publication date: May-2010
https://doi.org/10.1109/LANMAN.2010.5507163
Kencl LLoebl M(2010)SurveyComputer Science Review10.1016/j.cosrev.2010.07.0014:4(251-262)Online publication date: 1-Nov-2010
https://dl.acm.org/doi/10.1016/j.cosrev.2010.07.001
Porras PShmatikov VSinger A(2006)Large-scale collection and sanitization of network security dataProceedings of the 2006 workshop on New security paradigms10.1145/1278940.1278949(57-64)Online publication date: 19-Sep-2006
https://dl.acm.org/doi/10.1145/1278940.1278949
Harvan MSchonwalder J(2006)Prefix- and Lexicographical-order-preserving IP Address Anonymization2006 IEEE/IFIP Network Operations and Management Symposium NOMS 200610.1109/NOMS.2006.1687580(519-526)Online publication date: 2006
https://doi.org/10.1109/NOMS.2006.1687580
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations