CAREER: Towards Elastic Security with Safe and Efficient Network Security Function Virtualization

职业：通过安全高效的网络安全功能虚拟化迈向弹性安全

• 批准号: 2129164
• 负责人: Hongxin Hu
• 金额: $ 50万
• 依托单位: SUNY at Buffalo
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2021
• 资助国家: 美国
• 起止时间: 2021-02-01 至 2025-10-31
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2129164&HistoricalAwards=false
• 关键词: CAREER; Towards; Elastic; Security; Safe

Traditional network security functions are generally implemented on vendor proprietary appliances or middleboxes, which usually lack a general programming interface, and their versatility and flexibility are also very poor. These traditional network security appliances often need to be placed at fixed network entry points and have a constant capacity with respect to the maximum amount of traffic they can process. Such rigid nature makes them inefficient in protecting today's prevailing programmable and virtualizable environments. Network Function Virtualization (NFV) and Software-Defined Networking (SDN) are two emerging networking paradigms that offer the potential to address those limitations and are able to facilitate elastic security with the design of a new breed of network security functions called virtual Network Security Functions (vNSFs). The major goal of this project is to extend the understanding and science of virtual Network Security Functions. It will develop new technology for virtual Network Security Functions where security microservices can be deployed elastically, safely and efficiently, on demand, tailored to the needs of the situation. It addresses major challenges inherent in the management, design, deployment, and execution of virtual Network Security Functions that currently prevent the full use of their benefits. This project will also integrate a comprehensive education plan with the proposed research to train the next generation workforce in computational sciences. The project will foster the diversity of students by active recruitment of women and other under-represented groups for participation in the research.This project will first propose a new firewall architecture to address challenges in virtual firewall scaling. This project will then explore solutions to facilitate safe and efficient virtualization of both traditional and Artificial Neural Network (ANN)-based Intrusion Detection Systems. Finally, this project will develop a general framework, OpenNSFV, for supporting safe and efficient virtualization of network security functions. The proposed solutions of this project will be flexible, scalable, trustworthy, and optimal, and will substantially enhance the security of programmable and virtualizable network infrastructure. To demonstrate the practicality and feasibility of the proposed solutions, the project will implement, deploy, and evaluate the proposed security mechanisms in real production environments.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

传统的网络安全功能一般都是在厂商专有设备或中间盒上实现的，通常缺乏通用的编程接口，通用性和灵活性也很差。这些传统的网络安全设备通常需要放置在固定的网络入口点，并且具有相对于它们可以处理的最大流量的恒定容量。这种僵化的性质使得它们在保护当今流行的可编程和虚拟化环境方面效率低下。网络功能虚拟化（NFV）和软件定义网络（SDN）是两种新兴的网络范例，它们提供了解决这些限制的潜力，并且能够通过设计称为虚拟网络安全功能（vNSF）的新型网络安全功能来促进弹性安全。该项目的主要目标是扩展虚拟网络安全功能的理解和科学。 它将为虚拟网络安全功能开发新技术，其中安全微服务可以根据需要灵活，安全和高效地部署，并根据情况的需要进行定制。它解决了虚拟网络安全功能的管理、设计、部署和执行中固有的主要挑战，这些挑战目前阻碍了充分利用其优势。该项目还将整合一个全面的教育计划与拟议的研究，以培养计算科学的下一代劳动力。该项目将通过积极招募女性和其他代表性不足的群体参与研究来促进学生的多样性。该项目将首先提出一个新的防火墙架构，以解决虚拟防火墙扩展方面的挑战。该项目将探索解决方案，以促进传统和基于人工神经网络（ANN）的入侵检测系统的安全和有效的虚拟化。最后，本项目将开发一个通用框架OpenNSFV，用于支持安全和高效的网络安全功能虚拟化。该项目提出的解决方案将是灵活的，可扩展的，值得信赖的和最佳的，并将大大提高可编程和虚拟化网络基础设施的安全性。为了证明所提出的解决方案的实用性和可行性，该项目将在真实的生产环境中实施、部署和评估所提出的安全机制。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Understanding and Measuring Robustness of Vision and Language Multimodal Models

理解和测量视觉和语言多模态模型的鲁棒性

• 发表时间: 2023
• 期刊: Proceedings of the International Conference on Secure Knowledge Management (SKM 2023
• 作者: Vishwamitra, Nishant;Guo, Keyan;Hu, Hongxin;Zhao, Ziming;Cheng, Long;Luo, Feng
• 通讯作者: Luo, Feng

BYOZ: Protecting BYOD Through Zero Trust Network Security

BYOZ：通过零信任网络安全保护 BYOD

• 发表时间: 2022
• 期刊: and Storage
• 作者: Anderson, John;Huang, Qiqing;Cheng, Long;Hu, Hongxin
• 通讯作者: Hu, Hongxin

xNIDS: Explaining Deep Learning-based Network Intrusion Detection Systems for Active Intrusion Responses

• 发表时间: 2023
• 期刊: Proceedings of the 36th Annual Computer Security Applications Conference
• 作者: Feng Wei;Hongda Li;Ziming Zhao;Hongxin Hu

Teaching SDN Security Using Hands-on Labs in CloudLab

使用 CloudLab 中的动手实验室教授 SDN 安全性

• 发表时间: 2020
• 期刊: Journal of the Colloquium for Information System Security Education
• 作者: Yuan, Xiaohong;Liu, Zhipeng;Park, Younghee;Hu, Hongxin;Li, Hongda
• 通讯作者: Li, Hongda

HierTopo: Towards High-Performance and Efficient Topology Optimization for Dynamic Networks

• DOI: 10.1109/iwqos52092.2021.9521261
• 发表时间: 2021-06
• 期刊: 2021 IEEE/ACM 29th International Symposium on Quality of Service (IWQOS)
• 作者: Jing Chen;Zili Meng;Yaning Guo;Mingwei Xu;Hongxin Hu