Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,

Published byKimberly Dwyer Modified over 10 years ago

Similar presentations

Presentation on theme: "1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,"— Presentation transcript:

1 1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran, Umayr Hassan

2 2 Summary of Research Projects Campus Network Deployment –Resonance: Dynamic Access Control for Campus Networks –Pedigree: Traffic Tainting for Securing Enterprise Networks Home Network Deployments –User-Proof Networking (with Prof. Keith Edwards) Class Projects: Network Management/Network Security –OpenFlow Traffic Classification –SNMP MIB for OpenFlow –Home-Network Management using OpenFlow –OpenFlow for High Availability/Service Migration –OpenFlow and Virtualization –Access Control for Home Networks –Automated Intrusion Detection with OpenFlow

3 3 Dynamic Access Control Enterprise and campus networks are dynamic –Hosts continually coming and leaving –Hosts may become infected Today, access control is static, and poorly integrated with the network layer itself Resonance: Dynamic access control –Track state of each host on the network –Update forwarding state of switches per host as these states change

4 4 Authentication at GT: START 3. VLAN with Private IP 6. VLAN with Public IP ta.1. New MAC Addr2. VQP 7. REBOOT Web Portal 4. Web Authentication 5. Authentication Result VMPS Switch New Host

5 5 Problems with Current Approach Access Control is too coarse-grained –Static, inflexible and prone to misconfigurations –Need to rely on VLANs to isolate infected machines Cannot dynamically remap hosts to different portions of the network –Needs a DHCP request which for a windows user would mean a reboot Monitoring is not continuous Idea: Access control policies should reflect network dynamics.

6 6 Resonance Approach Step 1: Controller associates each host with generic states and security classes. Step 2: Specify a state machine for moving machines from one state to the other. Step 3: Control forwarding state in switches based on the current state of each host.

7 7 Applying resonance to START Registration Authenticated Operation Quarantined Successful Authentication Vulnerability detected Clean after update Failed Authentication Infection removed or manually fixed Still Infected after an update

8 8 Challenges Scale –How many forwarding entries per switch? –How much traffic at the controller? Performance –Responsiveness Security –MAC address spoofing –Securing the controller (and control framework)

9 9

10 10 Enterprise Information Flow Control Goal: Control how information flows between different hosts in the network –Control the spread of malware –Prevent data leaks Challenges –Heterogeneous devices –Hosts may not be trusted Solution: Pedigree –Classify traffic based on What process generated the traffic Where that process has taken inputs –Implement control policies in the network

11 11 Pedigree Design Trusted tagging component resides on host. Traffic carries taints that reflect provenance of network traffic. Switch one hop from hosts makes access control decisions.

12 12 Current Function Internet 1.Host sends request over control channel to open with flow with taint set. 2. Traffic diverted to controller, which checks policy. 3. Controller inserts flow table entry, if policy compliant.

Download ppt "1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,"

Similar presentations

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
11/20/09 ONR MURI Project Kick-Off 1 Network-Level Monitoring for Tracking Botnets Nick Feamster School of Computer Science Georgia Institute of Technology.

11/20/09 ONR MURI Project Kick-Off 1 Network-Level Monitoring for Tracking Botnets Nick Feamster School of Computer Science Georgia Institute of Technology.
Packets with Provenance Anirudh, Mukarram, Nick, Kaushik.

Packets with Provenance Anirudh, Mukarram, Nick, Kaushik.
Campus Testbed for Network Management and Operations Nick Feamster Georgia Tech Joint with Ankur Nayak, Russ Clark, Ron Hutchins, Campus OIT Also input.

Campus Testbed for Network Management and Operations Nick Feamster Georgia Tech Joint with Ankur Nayak, Russ Clark, Ron Hutchins, Campus OIT Also input.
DTunnels Year 1 Summary Nick Feamster. Overview Two pieces –DTunnels: Mechanism for creating appearance of layer 2 links between virtual nodes –BGP Mux:

DTunnels Year 1 Summary Nick Feamster. Overview Two pieces –DTunnels: Mechanism for creating appearance of layer 2 links between virtual nodes –BGP Mux:
Network Security Highlights Nick Feamster Georgia Tech.

Network Security Highlights Nick Feamster Georgia Tech.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq.

Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq.
Network Security Highlights Nick Feamster Georgia Tech.

Network Security Highlights Nick Feamster Georgia Tech.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Mitigating Layer 2 Attacks

Mitigating Layer 2 Attacks
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Common Layer 2 Attacks and Countermeasures.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
© 2011 Georgia Institute of Technology OpenFlow/SDN at Georgia Tech Russ Clark in collaboration with Ron Hutchins, Nick Feamster, and Matt Sanders July.

© 2011 Georgia Institute of Technology OpenFlow/SDN at Georgia Tech Russ Clark in collaboration with Ron Hutchins, Nick Feamster, and Matt Sanders July.
SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual.

SilverLine: Preventing Data Leaks from Compromised Web Applications Yogesh Mundada Anirudh Ramachandran Nick Feamster Georgia Tech 1 Appeared in Annual.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Lithium: Event-Driven Network Control Nick Feamster, Hyojoon Kim, Russ Clark Georgia Tech Andreas Voellmy Yale University OpenFlow/Software Defined Networking.

Lithium: Event-Driven Network Control Nick Feamster, Hyojoon Kim, Russ Clark Georgia Tech Andreas Voellmy Yale University OpenFlow/Software Defined Networking.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) SriramGopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) SriramGopinath( )

Similar presentations

Ads by Google