EAGER: USBRCCR: Collaborative: Securing Networks in the Programmable Data Plane Era
EAGER:USBRCCR:协作:确保可编程数据平面时代的网络安全
基本信息
- 批准号:1740791
- 负责人:
- 金额:$ 10万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Standard Grant
- 财政年份:2017
- 资助国家:美国
- 起止时间:2017-09-01 至 2020-08-31
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
Recent advances in software-defined networking (SDN) and programmable data planes allow datacenter and enterprise network operators to quickly deploy new protocols, customize network behavior, and develop innovative services. These advances promise to improve and streamline network operations, improving the quality of service provided to end users. However programmable data planes also introduce new complexities to network management, notably, ensuring that the network satisfies critical security properties. Current network verification and analysis tools cannot handle these complex new networks. This work aims to address three important problems at the intersection of networking and computer security: First, the work proposes to develop new techniques that allow operators to verify that their network satisfies security properties like tenant isolation in a cloud hosting environment. Second, this work proposes to use the data plane to implement a security mechanism to enforce security properties, an approach that complements verification as a way to ensure correct network behavior. Finally, the work proposes to develop new security services that leverage the capabilities of a programmable data plane. Results of the proposed work will promote the adoption of more secure and flexible next-generation networks by providing operators the tools necessary to verify and enforce critical network security properties. As programmable data planes are poised to transform modern the architecture of modern networks, the proposed work will advance the current state of the art in networking by extending verification and enforcement techniques to programmable data plane networks, for which neither network verification nor security policy mechanisms currently exist. To do so, investigators will transform data plane programs, expressed in P4, into assertions suitable for analysis using existing network verification tools based on SMT solvers. Investigators will also develop a security kernel implemented as a P4 data plane program to enforce network-wide security properties at run time. Finally, this work will also develop new data plane services that will enable a new class of security functions to be deployed in the network in order to improve the overall security of computer networks.
软件定义网络(SDN)和可编程数据平面的最新进展使数据中心和企业网络运营商能够快速部署新协议、自定义网络行为并开发创新服务。这些进步有望改善和简化网络运营,提高向最终用户提供的服务质量。然而,可编程数据平面也给网络管理带来了新的复杂性,特别是确保网络满足关键的安全属性。目前的网络验证和分析工具无法处理这些复杂的新网络。这项工作旨在解决网络和计算机安全交叉点的三个重要问题:首先,这项工作提出开发新技术,允许运营商验证其网络满足云托管环境中的租户隔离等安全属性。其次,这项工作建议使用数据平面来实现安全机制来强制执行安全属性,这种方法补充了验证,作为确保正确网络行为的一种方式。最后,这项工作建议开发新的安全服务,利用可编程数据平面的功能。拟议工作的结果将通过为运营商提供必要的工具来验证和实施关键的网络安全属性,促进采用更安全和更灵活的下一代网络。由于可编程数据平面正准备改变现代网络的体系结构,因此所提出的工作将通过将验证和实施技术扩展到可编程数据平面网络来推进当前网络技术的发展,目前既不存在网络验证也不存在安全策略机制。为此,研究人员将把P4中表示的数据平面程序转换为适合使用基于SMT求解器的现有网络验证工具进行分析的断言。调查人员还将开发一个安全内核,作为P4数据平面程序实现,以在运行时强制执行网络范围的安全属性。最后,这项工作还将开发新的数据平面服务,使一类新的安全功能能够部署在网络中,以提高计算机网络的整体安全性。
项目成果
期刊论文数量(10)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Control Plane Reflection Attacks in SDNs: New Attacks and Countermeasures
- DOI:10.1007/978-3-030-00470-5_8
- 发表时间:2018-09
- 期刊:
- 影响因子:0
- 作者:Menghao Zhang;Guanyu Li;Lei Xu;J. Bi;G. Gu;Jia-Ju Bai
- 通讯作者:Menghao Zhang;Guanyu Li;Lei Xu;J. Bi;G. Gu;Jia-Ju Bai
NETHCF: Enabling Line-rate and Adaptive Spoofed IP Traffic Filtering
- DOI:10.1109/icnp.2019.8888057
- 发表时间:2019-10
- 期刊:
- 影响因子:0
- 作者:G. Li;Menghao Zhang;Chang Liu;Xiao Kong;Ang Chen;G. Gu;Haixin Duan
- 通讯作者:G. Li;Menghao Zhang;Chang Liu;Xiao Kong;Ang Chen;G. Gu;Haixin Duan
Effective Topology Tampering Attacks and Defenses in Software-Defined Networks
- DOI:10.1109/dsn.2018.00047
- 发表时间:2018-06
- 期刊:
- 影响因子:0
- 作者:R. Skowyra;Lei Xu;G. Gu;V. Dedhia;Thomas Hobson;Hamed Okhravi;James Landry
- 通讯作者:R. Skowyra;Lei Xu;G. Gu;V. Dedhia;Thomas Hobson;Hamed Okhravi;James Landry
Unexpected Data Dependency Creation and Chaining: A New Attack to SDN
- DOI:10.1109/sp40000.2020.00017
- 发表时间:2020-05
- 期刊:
- 影响因子:0
- 作者:Feng Xiao;Jinquan Zhang;Jianwei Huang;G. Gu;Dinghao Wu;Peng Liu
- 通讯作者:Feng Xiao;Jinquan Zhang;Jianwei Huang;G. Gu;Dinghao Wu;Peng Liu
Towards Fine-grained Network Security Forensics and Diagnosis in the SDN Era
- DOI:10.1145/3243734.3243749
- 发表时间:2018-10
- 期刊:
- 影响因子:0
- 作者:Haopei Wang;Guangliang Yang;Phakpoom Chinprutthiwong;Lei Xu;Yangyong Zhang;G. Gu
- 通讯作者:Haopei Wang;Guangliang Yang;Phakpoom Chinprutthiwong;Lei Xu;Yangyong Zhang;G. Gu
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Guofei Gu其他文献
Disrupting the SDN Control Channel via Shared Links: Attacks and Countermeasures
通过共享链路破坏SDN控制通道:攻击与对策
- DOI:
10.1109/tnet.2022.3169136 - 发表时间:
2022-10 - 期刊:
- 影响因子:0
- 作者:
Renjie Xie;Jiahao Cao;Qi Li;Kun Sun;Guofei Gu;Mingwei Xu;Yuan Yang - 通讯作者:
Yuan Yang
Identify User-Input Privacy in Mobile Applications at Large Scale
大规模识别移动应用程序中的用户输入隐私
- DOI:
- 发表时间:
2017 - 期刊:
- 影响因子:6.8
- 作者:
Yuan Zhang;Guofei Gu;Xiaofeng Wang;Limin Sun - 通讯作者:
Limin Sun
Rethinking Permission Enforcement Mechanism on Mobile Systems
重新思考移动系统的权限执行机制
- DOI:
10.1109/tifs.2016.2581304 - 发表时间:
2016-06 - 期刊:
- 影响因子:6.8
- 作者:
Yuan Zhang;Min Yang;Guofei Gu;Hao Chen - 通讯作者:
Hao Chen
NetHCF: Filtering Spoofed IP Traffic With Programmable Switches
NetHCF:使用可编程交换机过滤欺骗性 IP 流量
- DOI:
10.1109/tdsc.2022.3161015 - 发表时间:
2023-03 - 期刊:
- 影响因子:0
- 作者:
Menghao Zhang;Guanyu Li;Xiao Kong;Chang Liu;Mingwei Xu;Guofei Gu;Jianping Wu - 通讯作者:
Jianping Wu
Guofei Gu的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Guofei Gu', 18)}}的其他基金
NSF Convergence Accelerator Track G: PETS: Programmable Zero-Trust Security for Operating Through 5G Infrastructure
NSF 融合加速器轨道 G:PETS:通过 5G 基础设施运行的可编程零信任安全
- 批准号:
2226339 - 财政年份:2022
- 资助金额:
$ 10万 - 项目类别:
Standard Grant
RINGS: NextSec: Zero-Trust, Programmable and Verifiable Security Transformation for NextG
RINGS:NextSec:NextG 的零信任、可编程和可验证安全转型
- 批准号:
2148374 - 财政年份:2022
- 资助金额:
$ 10万 - 项目类别:
Continuing Grant
Community-Building Workshop on Programmable System Security in a Software-Defined World
软件定义世界中的可编程系统安全社区建设研讨会
- 批准号:
1841099 - 财政年份:2018
- 资助金额:
$ 10万 - 项目类别:
Standard Grant
SaTC: CORE: Small: Adversarial Learning via Modeling Interpretation
SaTC:核心:小:通过建模解释进行对抗性学习
- 批准号:
1816497 - 财政年份:2018
- 资助金额:
$ 10万 - 项目类别:
Standard Grant
SDI-CSCS: Collaborative Research: S2OS: Enabling Infrastructure-Wide Programmable Security with SDI
SDI-CSCS:协作研究:S2OS:通过 SDI 实现基础设施范围内的可编程安全性
- 批准号:
1700544 - 财政年份:2017
- 资助金额:
$ 10万 - 项目类别:
Continuing Grant
Collaborative Research: CICI: Secure and Resilient Architecture: S3D: A New SDN-Based Security Framework for the Science DMZ
合作研究:CICI:安全和弹性架构:S3D:用于科学 DMZ 的新的基于 SDN 的安全框架
- 批准号:
1642129 - 财政年份:2016
- 资助金额:
$ 10万 - 项目类别:
Standard Grant
NeTS: Small: Detecting Races in SDN Control Plane
NeTS:小型:检测 SDN 控制平面中的竞争
- 批准号:
1617985 - 财政年份:2016
- 资助金额:
$ 10万 - 项目类别:
Standard Grant
TWC: Medium: Collaborative: HIMALAYAS: Hierarchical Machine Learning Stack for Fine-Grained Analysis of Malware Domain Groups
TWC:媒介:协作:HIMALAYAS:用于恶意软件域组细粒度分析的分层机器学习堆栈
- 批准号:
1314823 - 财政年份:2013
- 资助金额:
$ 10万 - 项目类别:
Standard Grant
CAREER: Coordination- and Correlation-based Botnet Defense
职业:基于协调和关联的僵尸网络防御
- 批准号:
0954096 - 财政年份:2010
- 资助金额:
$ 10万 - 项目类别:
Continuing Grant
相似海外基金
EAGER: USBRCCR: Collaborative: Lightweight Policy Enforcement of Information Flows in IoT Infrastructures
EAGER:USBRCCR:协作:物联网基础设施中信息流的轻量级策略执行
- 批准号:
1740916 - 财政年份:2017
- 资助金额:
$ 10万 - 项目类别:
Standard Grant
EAGER: USBRCCR: Collaborative: Lightweight Policy Enforcement of Information Flows in IoT Infrastructures
EAGER:USBRCCR:协作:物联网基础设施中信息流的轻量级策略执行
- 批准号:
1740897 - 财政年份:2017
- 资助金额:
$ 10万 - 项目类别:
Standard Grant
EAGER: USBRCCR: Collaborative: Securing Networks in the Programmable Data Plane Era
EAGER:USBRCCR:协作:确保可编程数据平面时代的网络安全
- 批准号:
1740911 - 财政年份:2017
- 资助金额:
$ 10万 - 项目类别:
Standard Grant
EAGER: USBRCCR: HealthSense: Assessing and Protecting Privacy in Wireless Wearable Sensor-Generated Medical Data
EAGER:USBRCCR:HealthSense:评估和保护无线可穿戴传感器生成的医疗数据中的隐私
- 批准号:
1740907 - 财政年份:2017
- 资助金额:
$ 10万 - 项目类别:
Standard Grant
EAGER: USBRCCR: Improving Network Security at the Network Edge
EAGER:USBRCCR:提高网络边缘的网络安全性
- 批准号:
1740895 - 财政年份:2017
- 资助金额:
$ 10万 - 项目类别:
Standard Grant
EAGER: USBRCCR: Researching Internet Routing Security in the Wild
EAGER:USBRCCR:野外研究互联网路由安全
- 批准号:
1740883 - 财政年份:2017
- 资助金额:
$ 10万 - 项目类别:
Standard Grant