EAGER: USBRCCR: Collaborative: Securing Networks in the Programmable Data Plane Era
EAGER:USBRCCR:协作:确保可编程数据平面时代的网络安全
基本信息
- 批准号:1740911
- 负责人:
- 金额:$ 20万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Standard Grant
- 财政年份:2017
- 资助国家:美国
- 起止时间:2017-09-01 至 2020-08-31
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
Recent advances in software-defined networking (SDN) and programmable data planes allow datacenter and enterprise network operators to quickly deploy new protocols, customize network behavior, and develop innovative services. These advances promise to improve and streamline network operations, improving the quality of service provided to end users. However programmable data planes also introduce new complexities to network management, notably, ensuring that the network satisfies critical security properties. Current network verification and analysis tools cannot handle these complex new networks. This work aims to address three important problems at the intersection of networking and computer security: First, the work proposes to develop new techniques that allow operators to verify that their network satisfies security properties like tenant isolation in a cloud hosting environment. Second, this work proposes to use the data plane to implement a security mechanism to enforce security properties, an approach that complements verification as a way to ensure correct network behavior. Finally, the work proposes to develop new security services that leverage the capabilities of a programmable data plane. Results of the proposed work will promote the adoption of more secure and flexible next-generation networks by providing operators the tools necessary to verify and enforce critical network security properties. As programmable data planes are poised to transform modern the architecture of modern networks, the proposed work will advance the current state of the art in networking by extending verification and enforcement techniques to programmable data plane networks, for which neither network verification nor security policy mechanisms currently exist. To do so, investigators will transform data plane programs, expressed in P4, into assertions suitable for analysis using existing network verification tools based on SMT solvers. Investigators will also develop a security kernel implemented as a P4 data plane program to enforce network-wide security properties at run time. Finally, this work will also develop new data plane services that will enable a new class of security functions to be deployed in the network in order to improve the overall security of computer networks.
软件定义网络(SDN)和可编程数据平面的最新进展使数据中心和企业网络运营商能够快速部署新协议、自定义网络行为并开发创新服务。这些进步有望改善和简化网络运营,提高向最终用户提供的服务质量。然而,可编程数据平面也给网络管理带来了新的复杂性,特别是确保网络满足关键的安全属性。目前的网络验证和分析工具无法处理这些复杂的新网络。这项工作旨在解决网络和计算机安全交叉点的三个重要问题:首先,这项工作提出开发新技术,允许运营商验证其网络满足云托管环境中的租户隔离等安全属性。其次,这项工作建议使用数据平面来实现安全机制来强制执行安全属性,这种方法补充了验证,作为确保正确网络行为的一种方式。最后,这项工作建议开发新的安全服务,利用可编程数据平面的功能。拟议工作的结果将通过为运营商提供必要的工具来验证和实施关键的网络安全属性,促进采用更安全和更灵活的下一代网络。由于可编程数据平面正准备改变现代网络的体系结构,因此所提出的工作将通过将验证和实施技术扩展到可编程数据平面网络来推进当前网络技术的发展,目前既不存在网络验证也不存在安全策略机制。为此,研究人员将把P4中表示的数据平面程序转换为适合使用基于SMT求解器的现有网络验证工具进行分析的断言。调查人员还将开发一个安全内核,作为P4数据平面程序实现,以在运行时强制执行网络范围的安全属性。最后,这项工作还将开发新的数据平面服务,使一类新的安全功能能够部署在网络中,以提高计算机网络的整体安全性。
项目成果
期刊论文数量(3)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Uncovering Bugs in P4 Programs with Assertion-based Verification
- DOI:10.1145/3185467.3185499
- 发表时间:2018-03
- 期刊:
- 影响因子:0
- 作者:Lucas Freire;M. Neves;Lucas Leal;Kirill Levchenko;A. E. S. Filho;M. Barcellos
- 通讯作者:Lucas Freire;M. Neves;Lucas Leal;Kirill Levchenko;A. E. S. Filho;M. Barcellos
Dynamic Property Enforcement in Programmable Data Planes
- DOI:10.1109/tnet.2021.3068339
- 发表时间:2021-08
- 期刊:
- 影响因子:0
- 作者:M. Neves;B. Huffaker;Kirill Levchenko;M. Barcellos
- 通讯作者:M. Neves;B. Huffaker;Kirill Levchenko;M. Barcellos
Verification of P4 Programs in Feasible Time Using Assertions
使用断言在可行时间内验证 P4 程序
- DOI:10.1145/3281411.3281421
- 发表时间:2018
- 期刊:
- 影响因子:0
- 作者:Neves, Miguel;Freire, Lucas;Schaeffer-Filho, Alberto;Barcellos, Marinho
- 通讯作者:Barcellos, Marinho
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Kirill Levchenko其他文献
Pinning Down Abuse on Google Maps
在 Google 地图上遏制滥用行为
- DOI:
- 发表时间:
2017 - 期刊:
- 影响因子:0
- 作者:
D. Huang;Doug Grundman;Kurt Thomas;Abhishek Kumar;Elie Bursztein;Kirill Levchenko;A. Snoeren - 通讯作者:
A. Snoeren
Development of Modern Forecasting Models
现代预测模型的发展
- DOI:
- 发表时间:
2023 - 期刊:
- 影响因子:0
- 作者:
V. Ivanyuk;Konstantin I. Shuvalov;Gurami Akhobadze;Victoria Malekova;Alexey Mikhailov;Kirill Levchenko - 通讯作者:
Kirill Levchenko
Story Beyond the Eye: Glyph Positions Break PDF Text Redaction
眼睛之外的故事:字形位置破坏 PDF 文本编辑
- DOI:
10.48550/arxiv.2206.02285 - 发表时间:
2022 - 期刊:
- 影响因子:0
- 作者:
M. Bland;Anushya Iyer;Kirill Levchenko - 通讯作者:
Kirill Levchenko
On the difficulty of scalably detecting network attacks
关于大规模检测网络攻击的难度
- DOI:
10.1145/1030083.1030087 - 发表时间:
2004 - 期刊:
- 影响因子:0
- 作者:
Kirill Levchenko;R. Paturi;G. Varghese - 通讯作者:
G. Varghese
Multilevel Security
- DOI:
10.1007/978-0-387-39940-9_3100 - 发表时间:
2020-12 - 期刊:
- 影响因子:0
- 作者:
Kirill Levchenko - 通讯作者:
Kirill Levchenko
Kirill Levchenko的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Kirill Levchenko', 18)}}的其他基金
NeTS: Medium: Collaborative Research: PacketLab: A Universal Measurement Endpoint Interface
NeTS:媒介:协作研究:PacketLab:通用测量端点接口
- 批准号:
1903612 - 财政年份:2018
- 资助金额:
$ 20万 - 项目类别:
Continuing Grant
NeTS: Medium: Collaborative Research: PacketLab: A Universal Measurement Endpoint Interface
NeTS:媒介:协作研究:PacketLab:通用测量端点接口
- 批准号:
1764055 - 财政年份:2018
- 资助金额:
$ 20万 - 项目类别:
Continuing Grant
CPS: Synergy: Collaborative Research: Foundations of Secure Cyber-Physical Systems of Systems
CPS:协同:协作研究:安全网络物理系统的基础
- 批准号:
1646493 - 财政年份:2016
- 资助金额:
$ 20万 - 项目类别:
Standard Grant
相似海外基金
EAGER: USBRCCR: Collaborative: Lightweight Policy Enforcement of Information Flows in IoT Infrastructures
EAGER:USBRCCR:协作:物联网基础设施中信息流的轻量级策略执行
- 批准号:
1740916 - 财政年份:2017
- 资助金额:
$ 20万 - 项目类别:
Standard Grant
EAGER: USBRCCR: Collaborative: Securing Networks in the Programmable Data Plane Era
EAGER:USBRCCR:协作:确保可编程数据平面时代的网络安全
- 批准号:
1740791 - 财政年份:2017
- 资助金额:
$ 20万 - 项目类别:
Standard Grant
EAGER: USBRCCR: Collaborative: Lightweight Policy Enforcement of Information Flows in IoT Infrastructures
EAGER:USBRCCR:协作:物联网基础设施中信息流的轻量级策略执行
- 批准号:
1740897 - 财政年份:2017
- 资助金额:
$ 20万 - 项目类别:
Standard Grant
EAGER: USBRCCR: HealthSense: Assessing and Protecting Privacy in Wireless Wearable Sensor-Generated Medical Data
EAGER:USBRCCR:HealthSense:评估和保护无线可穿戴传感器生成的医疗数据中的隐私
- 批准号:
1740907 - 财政年份:2017
- 资助金额:
$ 20万 - 项目类别:
Standard Grant
EAGER: USBRCCR: Improving Network Security at the Network Edge
EAGER:USBRCCR:提高网络边缘的网络安全性
- 批准号:
1740895 - 财政年份:2017
- 资助金额:
$ 20万 - 项目类别:
Standard Grant
EAGER: USBRCCR: Researching Internet Routing Security in the Wild
EAGER:USBRCCR:野外研究互联网路由安全
- 批准号:
1740883 - 财政年份:2017
- 资助金额:
$ 20万 - 项目类别:
Standard Grant