Skip to Content
[CAIDA - Center for Applied Internet Data Analysis logo]
Center for Applied Internet Data Analysis
Archipelago (Ark) Site Acceptable Use Policy (AUP)
CAIDA seeks sites interested in becoming a part of our next generation measurement infrastructure named Archipelago (Ark), a software upgrade to the skitter infrastructure. CAIDA has more than nine years of experience in collection, curation, and distribution of active topology data. Over these last nine years, we have vetted and approved requests from over 350 researchers for access to this data resulting in citations in over one hundred publications.

As of 2010, this AUP is no longer being used for new agreements, and has been replaced by the Archipelago Memorandum of Cooperation (MOC) Between Hosting Sites and CAIDA. This page remains as reference to those who accepted the AUP before 2010.

|   Archipelago Home Page    Site Information    Archipelago MOC    Active Probe Info   |

Archipelago Acceptable Use Policy (AUP)

In the design of the Archipelago software, we primarily sought to achieve greater scalability and flexibility for our existing hardware infrastructure and to take steps toward a community-oriented measurement infrastructure that allows vetted collaborators to run their measurement tasks on a security-hardened platform. To differentiate ourselves from other distributed experimental platforms such as PlanetLab, we tailored Archipelago specifically for network measurement, allowing for increased control over which processes run on the machines and a cleaner environment for measurement experiments.

The remainder of this text describes the anticipated requirements and uses of measurement nodes under Archipelago, as well as some safeguards that we put in place to prevent abuse. Please send a message to ark-info@caida.org if you are interested in participating and whether you approve of the broader usage under Archipelago. Also, please let us know if you find certain specific usages to be unacceptable (for example, because of the AUP you yourself must work under) but are otherwise willing to participate. In most cases, we can work with you to define a narrower set of acceptable activities for your particular node.

Some anticipated requirements and uses of Archipelago nodes are as follows:

  • Support open-ended set of active measurements, including traceroute, ping, one-way loss, jitter, bandwidth estimation, DNS latency measurements, DNS open resolver surveys, router interface alias resolution, RTT triangulation studies, OS fingerprinting, and future research topics.
  • Allow CAIDA collaborators to use the infrastructure for vetted active measurement experiments.
  • Support publicly-accessible traceroute server and/or other carefully controlled (and rate-limited) public measurement services.
  • Allow highly-restricted public access to measurement infrastructure in the manner of Scriptroute (that is, provide a secure and resource-restricted environment that allows the public to only execute safe measurment operations). [See http://www.cs.washington.edu/research/networking/scriptroute/]
  • Allow a changing set of ports to be open on the measurement node, which requires liberal firewall rules, or disabling of the firewall on the node entirely. At a minimum, the node must allow SSH and a few well-defined ports used by the Archipelago system components. Other open ports may be needed by deployed measurement tools, such as bandwidth estimation tools, that open their own server port.

Archipelago is designed from the ground up with security in mind, and provides the following safeguards against misuse:

  • System communication between nodes is protected with SSL and client and server certificates.
  • Authorization for privileged measurement operations can be checked.
  • Measurement operations can be forced to run in a secure execution environment (built upon FreeBSD jails), in which gaining even root access doesn't compromise a measurement node as a whole.
  • Measurements can be rate limited.
  • A filter can be used to prevent the sending of certain types of packets (for example, packets with spoofed source addresses, or TCP SYN packets).
  • A filter can be used to prevent the sending of packets to hosts, servers, and routers in the hosting organization's network (the network to which a measurement node is attached). This prevents a measurement node from being used as a launching point for attacks or for reconnaissance.
  • End users who receive measurement traffic can opt out of future measurements by request, and a system-wide list of "no probe" addresses is maintained to respect these requests. We have maintained a "no probe" list over the last 9 years for our skitter measurements.

  Last Modified: Mon Aug-25-2014 10:55:54 PDT
  Page URL: http://www.caida.org/projects/ark/aup/index.xml