TWC: Small: Managing User-Level Compromises in Enterprise Networks

TWC：小型：管理企业网络中的用户级妥协

• 批准号: 1422180
• 负责人: Craig Shue
• 金额: $ 45.37万
• 依托单位: Worcester Polytechnic Institute
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2014
• 资助国家: 美国
• 起止时间: 2014-07-15 至 2020-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1422180&HistoricalAwards=false
• 关键词: TWC; Small; Managing; User; Level

Organizations need to protect their computer systems from attackers. They often group their own computers into risk pools to reduce threat propagation and monitor the communication between these groups. Unfortunately, this boundary monitoring is unable to see traffic within groups and, since each monitor is segmented, they cannot form a holistic picture of the entire network. Finally, modern approaches must examine network traffic in isolation, without the ability to know what action on the originating computer caused it.This project addresses these limitations in network control and understanding by creating a centralized access control system for all network traffic. With monitoring software on each computer, the access controller learns about the originating host's operating context and the application that initiated the network traffic. This empowers the access controller to make informed decisions.To achieve these goals, the project investigates three directions: 1) it monitors computer requests to translate human-readable host names into computer-routable addresses, 2) it forces all traffic, even within a risk pool, to receive approval from a router and access controller, and 3) it instruments each computer with software that monitors each application's network traffic and interactions with the human operator to provide a context to the access controller. This project will increase the security of computer systems and networks, which will have a direct impact on government, military, educational, and industrial organizations. The project will improve educational experiments at both the graduate and undergraduate levels while also supporting extracurricular educational activities, such as cyber security competitions.

组织需要保护其计算机系统免受攻击者的攻击。他们经常将自己的计算机分组到风险池中，以减少威胁传播并监控这些组之间的通信。不幸的是，这种边界监控无法看到组内的流量，并且由于每个监控器都是分段的，因此它们无法形成整个网络的整体画面。最后，现代方法必须孤立地检查网络流量，而不能知道在源计算机上的什么操作导致了它。本项目通过为所有网络流量创建一个集中式访问控制系统来解决网络控制和理解方面的这些限制。通过每台计算机上的监控软件，访问控制器可以了解源主机的操作上下文和发起网络流量的应用程序。这使得访问控制器能够做出明智的决策。为了实现这些目标，该项目研究了三个方向：1）它监视计算机请求以将人类可读的主机名转换成计算机可路由的地址，2）它强制所有业务（甚至在风险池内）从路由器和访问控制器接收批准，以及3）它为每个计算机配备软件，该软件监视每个应用的网络业务以及与操作人员的交互，以向访问控制器提供上下文。该项目将提高计算机系统和网络的安全性，这将对政府、军事、教育和工业组织产生直接影响。该项目将改善研究生和本科生的教育实验，同时支持课外教育活动，如网络安全竞赛。

项目成果

Validating security protocols with cloud-based middleboxes

• DOI: 10.1109/cns.2016.7860493
• 发表时间: 2016-10
• 期刊: 2016 IEEE Conference on Communications and Network Security (CNS)
• 作者: Curtis R. Taylor;Craig A. Shue

On the feasibility of cloud-based SDN controllers for residential networks

浅谈基于云的住宅网络SDN控制器的可行性

• DOI: 10.1109/nfv-sdn.2017.8169827
• 发表时间: 2017
• 期刊: IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN
• 作者: Taylor, Curtis R.;Guo, Tian;Shue, Craig A.;Najd, Mohamed E.
• 通讯作者: Najd, Mohamed E.

DeepContext: An OpenFlow-Compatible, Host-Based SDN for Enterprise Networks

DeepContext：适用于企业网络的兼容 OpenFlow、基于主机的 SDN

• DOI: 10.1109/lcn.2017.12
• 发表时间: 2017
• 期刊: IEEE Conference on Local Computer Networks (LCN
• 作者: Najd, Mohamed E.;Shue, Craig A.
• 通讯作者: Shue, Craig A.

Can Host-Based SDNs Rival the Traffic Engineering Abilities of Switch-Based SDNs?

• DOI: 10.1109/nof50125.2020.9249110
• 发表时间: 2020-10
• 期刊: 2020 11th International Conference on Network of the Future (NoF)
• 作者: Yu Lei;Julian P. Lanson;Remy M. Kaldawy;J. Estrada;Craig A. Shue

Contextual, flow-based access control with scalable host-based SDN techniques

• DOI: 10.1109/infocom.2016.7524498
• 发表时间: 2016-04
• 期刊: IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications
• 作者: Curtis R. Taylor;D. C. MacFarland;Doran R. Smestad;Craig A. Shue