TAILIEUCHUNG - A Security Enforcement Kernel for OpenFlow Networks

An organization must provide individuals with an opportunity to choose (opt out) if and how the personal information they provide is used or disclosed to third parties, if such use is not compatible with the original purpose for which the information was collected. Individuals must be provided with clear, readily available, and affordable mechanisms to exercise this option. When information is sensitive, such as medical and health information, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information concerning the sexual behavior of the individual, the individual must be given the opportunity to specifically affirm (opt in) that the information. | A Security Enforcement Kernel for OpenFlow Networks Phillip Porrast Seungwon Shin Vinod Yegneswarant Martin Fongt Mabry Tysont Guofei Gu 1 SRI International Texas A M University porras vinod mwfong @ swshin guofei @ @ ABSTRACT Software-defined networks facilitate rapid and open innovation at the network control layer by providing a programmable network infrastructure for computing flow policies on demand. However the dynamism of programmable networks also introduces new security challenges that demand innovative solutions. A critical challenge is efficient detection and reconciliation of potentially conflicting flow rules imposed by dynamic OpenFlow OF applications. To that end we introduce FortNOX a software extension that provides role-based authorization and security constraint enforcement for the NOX OpenFlow controller. FortNOX enables NoX to check flow rule contradictions in real time and implements a novel analysis algorithm that is robust even in cases where an adversarial OF application attempts to strategically insert flow rules that would otherwise circumvent flow rules imposed by OF security applications. We demonstrate the utility of FortNOX through a prototype implementation and use it to examine performance and efficiency aspects of the proposed framework. Categories and Subject Descriptors COMPUTER-COMMUNICATION NETWORKS Internetworking General Terms Software-Defined Networking Security Keywords OpenFlow Security Policy Enforcement 1. INTRODUCTION Dynamic network orchestration driven by the benefits for elasticity of server and desktop virtualization delivers computing resources and network services on demand spawned and recycled in reaction to network service requests. Frameworks such as OpenFlow OF which embrace the paradigm of highly programmable switch infrastructures 14 compute optimal flow routing rules Permission to make digital or hard copies of all or part of this work for personal or .

TỪ KHÓA LIÊN QUAN
TAILIEUCHUNG - Chia sẻ tài liệu không giới hạn
Địa chỉ : 444 Hoang Hoa Tham, Hanoi, Viet Nam
Website : tailieuchung.com
Email : tailieuchung20@gmail.com
Tailieuchung.com là thư viện tài liệu trực tuyến, nơi chia sẽ trao đổi hàng triệu tài liệu như luận văn đồ án, sách, giáo trình, đề thi.
Chúng tôi không chịu trách nhiệm liên quan đến các vấn đề bản quyền nội dung tài liệu được thành viên tự nguyện đăng tải lên, nếu phát hiện thấy tài liệu xấu hoặc tài liệu có bản quyền xin hãy email cho chúng tôi.
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.