Biblio

Filters: Author is Li, Hongda  [Clear All Filters]
2019-06-28
Park, Younghee, Hu, Hongxin, Yuan, Xiaohong, Li, Hongda.  2018.  Enhancing Security Education Through Designing SDN Security Labs in CloudLab. Proceedings of the 49th ACM Technical Symposium on Computer Science Education. :185-190.

Software-Defined Networking (SDN) represents a major shift from ossified hardware-based networks to programmable software-based networks. It introduces significant granularity, visibility, and flexibility into networking, but at the same time brings new security challenges. Although the research community is making progress in addressing both the opportunities in SDN and the accompanying security challenges, very few educational materials have been designed to incorporate the latest research results and engage students in learning about SDN security. In this paper, we presents our newly designed SDN security education materials, which can be used to meet the ever-increasing demand for high quality cybersecurity professionals with expertise in SDN security. The designed security education materials incorporate the latest research results in SDN security and are integrated into CloudLab, an open cloud platform, for effective hands-on learning. Through a user study, we demonstrate that students have a better understanding of SDN security after participating in these well-designed CloudLab-based security labs, and they also acquired strong research interests in SDN security.

2018-12-03
Zhang, Nuyun, Li, Hongda, Hu, Hongxin, Park, Younghee.  2017.  Towards Effective Virtualization of Intrusion Detection Systems. Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. :47–50.

Traditional Intrusion Detection Systems (IDSes) are generally implemented on vendor proprietary appliances or middleboxes, which usually lack a general programming interface, and their versatility and flexibility are also very poor. Emerging Network Function Virtualization (NFV) technology can virtualize IDSes and elastically scale them to deal with attack traffic variations. However, existing NFV solutions treat a virtualized IDS as a monolithic piece of software, which could lead to inflexibility and significant waste of resources. In this paper, we propose a novel approach to virtualize IDSes as microservices where the virtualized IDSes can be customized on demand, and the underlying microservices could be shared and scaled independently. We also conduct experiments, which demonstrate that virtualizing IDSes as microservices can gain greater flexibility and resource efficiency.