CAREER: Programmable In-network Security

职业：可编程网络安全

• 批准号: 2420309
• 负责人: Ang Chen
• 金额: $ 55万
• 依托单位: Regents of the University of Michigan - Ann Arbor
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-10-01 至 2024-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2420309&HistoricalAwards=false
• 关键词: CAREER; Programmable; network; Security

Attacks on the Internet cost the economy billions of dollars. While today’s Internet was developed to provide widespread connectivity to individuals and businesses across the world, the networks that support the Internet do not have built-in security mechanisms. This project is focused on solving that problem by investigating future network designs based on new network technology that would support security and provide defense across a wide variety of attacks. The project vision is to develop Programmable In-network Security, or ‘Poise’. Poise aims to design and integrate a wide range of defenses directly inside the network, leveraging the technology trend of network programmability. If successful, a Poise network would support security as naturally as today’s networks support connectivity. This project will develop new scientific foundations for network security, investigate practical use cases, release open-source tools, and produce educational materials. The potential impact of Poise is to make future networks fundamentally more secure than they are today. This project presents a vision of Programmable In-network Security, or ‘Poise’, informed by the recent trend that network devices are becoming increasingly programmable, and with a goal of supporting security as a first-class network attribute. The project plans to take a three-pronged approach to realizing this goal. First, Poise aims to transform a programmable switch into a defense platform by designing a wide range of security applications that reside in the switch. Second, Poise aims to transform a network of programmable switches into a defense fleet, by architecting defense applications into the network paths and synchronizing them for whole-network defense. Third, Poise seeks to ensure that the defense applications, individually and collectively, are themselves secure against attacks. In its ultimate embodiment, a Poise network would toggle a wide array of defenses rapidly on and off as traffic flows through, mitigating attacks in real time. This project will advance the state of the art in network security in the above three dimensions and will produce scientific foundations and reusable system prototypes.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

对互联网的攻击使经济损失数十亿美元。虽然今天的互联网是为了向世界各地的个人和企业提供广泛的连接而开发的，但支持互联网的网络没有内置的安全机制。该项目的重点是通过研究基于新网络技术的未来网络设计来解决这一问题，这些新网络技术将支持安全性并为各种攻击提供防御。 该项目的愿景是开发可编程的网络安全，或“姿态”。Poise旨在利用网络可编程性的技术趋势，直接在网络内部设计和集成各种防御。如果成功，Poise网络将像今天的网络支持连接一样自然地支持安全性。该项目将为网络安全开发新的科学基础，调查实际用例，发布开源工具，并制作教育材料。Poise的潜在影响是使未来的网络从根本上比现在更安全。 该项目提出了一个可编程的网络安全，或“姿态”的愿景，由最近的趋势，网络设备变得越来越可编程，并支持安全作为一个一流的网络属性的目标通知。该项目计划采取三管齐下的办法来实现这一目标。首先，Poise旨在通过设计驻留在交换机中的各种安全应用程序，将可编程交换机转变为防御平台。第二，Poise的目标是将可编程交换机网络转变为防御舰队，将防御应用程序构建到网络路径中，并将其同步用于整个网络防御。第三，Poise旨在确保防御应用程序，无论是单独的还是整体的，本身都是安全的，不会受到攻击。在其最终的实施方案中，一个Poise网络将在流量流过时快速打开和关闭各种防御，从而真实的减轻攻击。该项目将在上述三个方面推进网络安全领域的最新技术水平，并将产生科学基础和可重复使用的系统原型。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。