Visible to the public Redundancy for Network Intrusion Prevention Systems (NIPS) - January 2016Conflict Detection Enabled

Submitted by drwright on Tue, 12/01/2015 - 2:13pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Mike Reiter

Researchers: Victor Heorhiadi, Jun Jiang

HARD PROBLEM(S) ADDRESSED

Primary:  Resilient Architectures

This work is developing an architecture for the scalable enforcement of network security policies that is resilient to traffic changes and traffic rerouting in response to failures.

PUBLICATIONS

ACCOMPLISHMENT HIGHLIGHTS

  • We continued to mature the SOL prototype to effectively demonstrate the generality of the SOL programming framework for SDN optimization applications.  The  key insight in SOL to achieve  generality is that many network  optimization problems can be expressed as path-based formulations.  Paths are a natural abstraction for application developers to reason about intended network behaviors and to express policy requirements.  For example, we can use paths to specify service chaining requirements (e.g., each path includes a firewall and intrusion-detection system (IDS), in that order) or redundancy (e.g., each includes two intrusion-prevention systems (IPS), in case one fails open).  Finally, it is easy to model device  (e.g.,  TCAM space, middlebox CPU) and link resource consumption based on the volume of traffic flowing through paths that traverse that device or link.

  • The lead student on this work (V. Heorhiadi) passed his dissertation proposal this quarter, which builds on the research conducted in this project so far.  In particular, the work on SOL will form a chapter of his planned Ph.D. dissertation.  Passing his dissertation proposal included mapping out the most promising research agendas illuminated by our research to date.
Groups: