Visible to the public Biblio

Filters: Author is Pisharody, Sandeep  [Clear All Filters]
2022-04-26
Pisharody, Sandeep, Bernays, Jonathan, Gadepally, Vijay, Jones, Michael, Kepner, Jeremy, Meiners, Chad, Michaleas, Peter, Tse, Adam, Stetson, Doug.  2021.  Realizing Forward Defense in the Cyber Domain. 2021 IEEE High Performance Extreme Computing Conference (HPEC). :1–7.

With the recognition of cyberspace as an operating domain, concerted effort is now being placed on addressing it in the whole-of-domain manner found in land, sea, undersea, air, and space domains. Among the first steps in this effort is applying the standard supporting concepts of security, defense, and deterrence to the cyber domain. This paper presents an architecture that helps realize forward defense in cyberspace, wherein adversarial actions are repulsed as close to the origin as possible. However, substantial work remains in making the architecture an operational reality including furthering fundamental research cyber science, conducting design trade-off analysis, and developing appropriate public policy frameworks.

2018-09-05
Chowdhary, Ankur, Pisharody, Sandeep, Alshamrani, Adel, Huang, Dijiang.  2017.  Dynamic Game Based Security Framework in SDN-enabled Cloud Networking Environments. Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization. :53–58.
SDN provides a way to manage complex networks by introducing programmability and abstraction of the control plane. All networks suffer from attacks to critical infrastructure and services such as DDoS attacks. We make use of the programmability provided by the SDN environment to provide a game theoretic attack analysis and countermeasure selection model in this research work. The model is based on reward and punishment in a dynamic game with multiple players. The network bandwidth of attackers is downgraded for a certain period of time, and restored to normal when the player resumes cooperation. The presented solution is based on Nash Folk Theorem, which is used to implement a punishment mechanism for attackers who are part of DDoS traffic, and reward for players who cooperate, in effect enforcing desired outcome for the network administrator.
2017-05-22
Chowdhary, Ankur, Pisharody, Sandeep, Huang, Dijiang.  2016.  SDN Based Scalable MTD Solution in Cloud Network. Proceedings of the 2016 ACM Workshop on Moving Target Defense. :27–36.

Software-Defined Networking (SDN) has emerged as a framework for centralized command and control in cloud data centric environments. SDN separates data and control plane, which provides network administrator better visibility and policy enforcement capability compared to traditional networks. The SDN controller can assess reachability information of all the hosts in a network. There are many critical assets in a network which can be compromised by a malicious attacker through a multistage attack. Thus we make use of centralized controller to assess the security state of the entire network and pro-actively perform attack analysis and countermeasure selection. This approach is also known as Moving Target Defense (MTD). We use the SDN controller to assess the attack scenarios through scalable Attack Graphs (AG) and select necessary countermeasures to perform network reconfiguration to counter network attacks. Moreover, our framework has a comprehensive conflict detection and resolution module that ensures that no two flow rules in a distributed SDN-based cloud environment have conflicts at any layer; thereby assuring consistent conflict-free policy implementation and preventing information leakage.