Implementing Geo-Blocking and Spoofing Protection in Multi-Domain Software Defined Interconnects
| Title | Implementing Geo-Blocking and Spoofing Protection in Multi-Domain Software Defined Interconnects |
| Publication Type | Conference Paper |
| Year of Publication | 2017 |
| Authors | Kumar, Himal, Mercian, Anu, Banerjee, Sujata, Russell, Craig, Sivaraman, Vijay |
| Conference Name | Proceedings of the 1st International Workshop on Security and Dependability of Multi-Domain Infrastructures |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-4937-6 |
| Keywords | Geo-Blocking, Internet Exchange Point, Metrics, pubcrawl, resilience, Resiliency, Router Systems, Router Systems Security, security, Security Intents, software defined networking |
| Abstract | Motivated by recent attacks like the Australian census website meltdown in 2016, this paper proposes a system for high-level specification and synthesis of intents for Geo-Blocking and IP Spoofing protection at a Software Defined Interconnect. In contrast to todays methods that use expensive custom hardware and/or manual configuration, our solution allows the operator to specify high-level intents, which are automatically compiled to flow-level rules and pushed into the interconnect fabric. We define a grammar for specifying the security policies, and a compiler for converting these to connectivity rules. We prototype our system on the open-source ONOS Controller platform, demonstrate its functionality in a multi-domain SDN fabric interconnecting legacy border routers, and evaluate its performance and scalability in blocking DDoS attacks. |
| URL | https://dl.acm.org/citation.cfm?doid=3071064.3071065 |
| DOI | 10.1145/3071064.3071065 |
| Citation Key | kumar_implementing_2017 |