Presentation is loading. Please wait.

Presentation is loading. Please wait.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Published byJaden Dougherty Modified over 10 years ago

Similar presentations

Presentation on theme: "Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute."— Presentation transcript:

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute of Technology

2 Summary Enterprise and campus networks are dynamic –Hosts continually coming and leaving –Hosts may become infected Today, access control is static, and poorly integrated with the network layer itself Resonance: Dynamic access control –Track state of each host on the network –Update forwarding state of switches per host as these states change

3 State of the Art Todays networks have many components bolted on after the fact –Firewalls, VLANs, Web authentication portal, vunerability scanner Separate (and perhaps competing) devices for performing the following functions –Registration (based on MAC addresses) –Scanning –Filtering and rate limiting traffic

4 Authentication at GT: START

5 Problems with Current Architecture Access Control is too coarse-grained Cannot dynamically remap hosts to different portions of the network –Needs a DHCP request which for a windows user would mean a reboot Monitoring is not continuous Idea: Express access control to incorporate network dynamics.

6 Problems with Current Approaches Existing enterprise security techniques are reactive and ad-hoc A mix of security middleboxes, intrusion detection systems etc. result in collection of complex network configurations Possible negative side effects –Misconfiguration –Security problems

7 Resonance: Summary Step 1: Associate each host with generic states and security classes. Step 2: Specify a state machine for moving machines from one state to the other. Step 3: Control forwarding state in switches based on the current state of each machine. –Actions from other network elements, and distributed inference, can affect network state.

8 Applying Resonance to START

9 Resonance: Step-by-Step

10 Preliminary Implementation: OpenFlow OpenFlow: Flow-based control over the forwarding behavior of switches and routers –A switch, a centralized controller and end-hosts –Switches communicate with the controller through an open protocol over a secure channel Why OpenFlow? –Dynamically change security policies –Central control enables Specifying a single, centralized security policy Coordinating the mechanisms for switches

11

12 Resonance Controller: NOX NOX: Programmatic interface to the OpenFlow controller –Ability to add, remove and reuse components We are building the Resonance controller using NOX

13 Research Testbed

14 Challenges Scale –How many forwarding entries per switch? –How much traffic at the controller? Performance Responsiveness Security –MAC address spoofing –Securing the controller (and control framework)

15 Summary Resonance: An architecture to secure and maintain enterprise networks. –Preliminary design –Application to Georgia Tech campus network –Planned evaluation Many challenges remain –Scaling –Performance Questions?

Download ppt "Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute."

Similar presentations

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,
Research Summary Nick Feamster. The Big Picture Improving Internet availability by making networks easier to operate Three approaches –From the ground.

Research Summary Nick Feamster. The Big Picture Improving Internet availability by making networks easier to operate Three approaches –From the ground.
Campus Testbed for Network Management and Operations Nick Feamster Georgia Tech Joint with Ankur Nayak, Russ Clark, Ron Hutchins, Campus OIT Also input.

Campus Testbed for Network Management and Operations Nick Feamster Georgia Tech Joint with Ankur Nayak, Russ Clark, Ron Hutchins, Campus OIT Also input.
Network Troubleshooting: rcc and Beyond Nick Feamster Georgia Tech (joint with Russ Clark, Yiyi Huang, Anukool Lakhina)

Network Troubleshooting: rcc and Beyond Nick Feamster Georgia Tech (joint with Russ Clark, Yiyi Huang, Anukool Lakhina)
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq.

Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA 2011. 04. 11 Presented.

OpenFlow : Enabling Innovation in Campus Networks SIGCOMM 2008 Nick McKeown, Tom Anderson, et el. Stanford University California, USA Presented.
© 2011 Georgia Institute of Technology OpenFlow/SDN at Georgia Tech Russ Clark in collaboration with Ron Hutchins, Nick Feamster, and Matt Sanders July.

© 2011 Georgia Institute of Technology OpenFlow/SDN at Georgia Tech Russ Clark in collaboration with Ron Hutchins, Nick Feamster, and Matt Sanders July.
Lithium: Event-Driven Network Control Nick Feamster, Hyojoon Kim, Russ Clark Georgia Tech Andreas Voellmy Yale University OpenFlow/Software Defined Networking.

Lithium: Event-Driven Network Control Nick Feamster, Hyojoon Kim, Russ Clark Georgia Tech Andreas Voellmy Yale University OpenFlow/Software Defined Networking.
May, 2006 EdgeNet 2006 The Protection Problem in Enterprise Networks Martin Casado PhD Student in Computer Science, Stanford University

May, 2006 EdgeNet 2006 The Protection Problem in Enterprise Networks Martin Casado PhD Student in Computer Science, Stanford University
1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.

1 Version 3.0 Module 8 Virtual LANs. 2 Version 3.0.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
VLANs Semester 3, Chapter 3 Allan Johnson Website:

VLANs Semester 3, Chapter 3 Allan Johnson Website:
Data Security in Local Networks using Distributed Firewalls

Data Security in Local Networks using Distributed Firewalls
Institute of Technology, Sligo Dept of Computing Semester 3, version 2.1.3 Semester 3 Chapter 3 VLANs.

Institute of Technology, Sligo Dept of Computing Semester 3, version Semester 3 Chapter 3 VLANs.
Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.

Being Proactive with Computer Posture Assessment Department of Housing and Residence Education Charles Benjamin.
Networking Components By: Michael J. Hardrick. HUB  A low cost device that sends data from one computer to all others usually operating on Layer 1 of.

Networking Components By: Michael J. Hardrick. HUB  A low cost device that sends data from one computer to all others usually operating on Layer 1 of.
Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, Jonathan Turner, SIGCOM CCR, 2008 Presented.

Nick McKeown, Tom Anderson, Hari Balakrishnan, Guru Parulkar, Larry Peterson, Jennifer Rexford, Scott Shenker, Jonathan Turner, SIGCOM CCR, 2008 Presented.
The Operator Neutral Access At KistaIP. KistaIP ? Is a student dorm with 144 apartments.

The Operator Neutral Access At KistaIP. KistaIP ? Is a student dorm with 144 apartments.

Similar presentations

Ads by Google