Visible to the public Biblio

Filters: Author is Russell, Craig  [Clear All Filters]
2018-05-09
Kumar, Himal, Mercian, Anu, Banerjee, Sujata, Russell, Craig, Sivaraman, Vijay.  2017.  Implementing Geo-Blocking and Spoofing Protection in Multi-Domain Software Defined Interconnects. Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures. :1:1–1:6.

Motivated by recent attacks like the Australian census website meltdown in 2016, this paper proposes a system for high-level specification and synthesis of intents for Geo-Blocking and IP Spoofing protection at a Software Defined Interconnect. In contrast to todays methods that use expensive custom hardware and/or manual configuration, our solution allows the operator to specify high-level intents, which are automatically compiled to flow-level rules and pushed into the interconnect fabric. We define a grammar for specifying the security policies, and a compiler for converting these to connectivity rules. We prototype our system on the open-source ONOS Controller platform, demonstrate its functionality in a multi-domain SDN fabric interconnecting legacy border routers, and evaluate its performance and scalability in blocking DDoS attacks.