Packets with Provenance Anirudh, Mukarram, Nick, Kaushik.

Slides:

Advertisements

Similar presentations

11/20/09 ONR MURI Project Kick-Off 1 Network-Level Monitoring for Tracking Botnets Nick Feamster School of Computer Science Georgia Institute of Technology.

Advertisements

1 OpenFlow Research on the Georgia Tech Campus Network Russ Clark Nick Feamster Students: Yogesh Mundada, Hyojoon Kim, Ankur Nayak, Anirudh Ramachandran,

Network Security Highlights Nick Feamster Georgia Tech.

Securing Enterprise Networks with Traffic Tainting Anirudh Ramachandran Nick Feamster Yogesh Mundada Mukarram bin Tariq.

Network Security Highlights Nick Feamster Georgia Tech.

1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.

Scaling The Edge Bridge Address Table In Datacenter Networks June-2012.

Internetworking II: MPLS, Security, and Traffic Engineering

Copyright © 2014 EMC Corporation. All Rights Reserved. Basic Network Configuration for File Upon completion of this module, you should be able to: Configure.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

CS 4700 / CS 5700 Network Fundamentals Lecture 15: NAT (You Better Forward Those Ports) Revised 3/9/2013.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

History DHCP was first defined as a standards track protocol in RFC 1531 in October 1993, as an extension to the Bootstrap Protocol (BOOTP). The motivation.

1 Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT.

NAT: Network Address Translation local network (e.g., home network) /24 rest of Internet Datagrams.

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

Cache Table. ARP Modules Output Module Sleep until IP packet is received from IP Software Check cache table for entry corresponding to the destination.

Chapter 6 Network Address Translation (NAT). Network Address Translation  Modification of source or destination IP address  Needed by networks using.

TCP/IP Protocol Suite 1 Chapter 11 Upon completion you will be able to: User Datagram Protocol Be able to explain process-to-process communication Know.

P2P Project Mark Kurman Nir Zur Danny Avigdor. Introduction ► Motivation:  Firewalls may allow TCP or UDP connections on several specific ports and block.

SNMP Simple Network Management Protocol

A Scalable, Commodity Data Center Network Architecture.

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.

Sleepy Watermark Tracing: An Active Network-based Intrusion Response Framework Xinyuan Wang † Douglas S. Reeves †‡ S. Felix Wu †† Jim Yuill † † Department.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 3: Introduction to IP QoS.

Page 1 NAT & VPN Lecture 8 Hassan Shuja 05/02/2006.

1 NAT Network Address Translation Motivation for NAT To solve the insufficient problem of IP addresses IPv6 –All software and hardware need to be updated.

Brent Salisbury CCIE#11972 Network Architect University of Kentucky 9/22/ OpenStack & OpenFlow Demo.

Network Layer4-1 DHCP: Dynamic Host Configuration Protocol Goal: allow host to dynamically obtain its IP address from network server when it joins network.

1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.

1 Chapter 20: Firewalls Fourth Edition by William Stallings Lecture slides by Lawrie Brown(modified by Prof. M. Singhal, U of Kentucky)

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Dr. Clincy1 Chapter 6 Delivery & Forwarding of IP Packets Lecture #4 Items you should understand by now – before routing Physical Addressing – with in.

Module 10: How Middleboxes Impact Performance

McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.

Packet Capture and Analysis: An Introduction to Wireshark 1.

Tracking Rejected Traffic.  When creating Cisco router access lists, one of the greatest downfalls of the log keyword is that it only records matches.

1 Internet Firewall Security Present by: Ying Fu Department of Computer Science South Eastern University February, 2001.

NetVizura A network traffic analysis tool. Agenda Why NetVizura is needed How NetVizura works Where NetVizura is deployed Use cases.

NAT/PAT by S K SATAPATHY

Networking Components Assignment 3 Corbin Watkins.

1 Kyung Hee University Chapter 11 User Datagram Protocol.

Silberschatz, Galvin and Gagne ©2011 Operating System Concepts Essentials – 8 th Edition Chapter 2: The Linux System Part 5.

LINUX® Netfilter The Linux Firewall Engine. Overview LINUX® Netfilter is a firewall engine built into the Linux kernel Sometimes called “iptables” for.

Virtual Local Area Networks In Security By Mark Reed.

Network Virtualization Ben Pfaff Nicira Networks, Inc.

CS 3700 Networks and Distributed Systems

أمن المعلومات لـ أ. عبدالرحمن محجوب حمد mtc.edu.sd أمن المعلومات Information Security أمن المعلومات Information Security  أ. عبدالرحمن محجوب  Lec (5)

NAT : Network Address Translation

Chapter 11 User Datagram Protocol

Network Address Translation

Network Address Translation (NAT)

Computer Data Security & Privacy

CS 3700 Networks and Distributed Systems

Chapter 6 Delivery & Forwarding of IP Packets

Network Address Translation (NAT)

Introduction to Networking

* Essential Network Security Book Slides.

Chapter 14 User Datagram Protocol (UDP)

Steps to set up end-to-end/partial-path circuits

CS 3700 Networks and Distributed Systems

Firewalls Jiang Long Spring 2002.

Implementing an OpenFlow Switch on the NetFPGA platform

Chapter 2: The Linux System Part 5

Chapter 24 Mobile IP.

Network Address Translation (NAT)

Subnets in TCP/IP Networks © N. Ganesan, Ph.D.

OpenSec：Policy-Based Security Using Software-Defined Networking

Presentation transcript:

Packets with Provenance Anirudh, Mukarram, Nick, Kaushik

Motivation Traffic classification, access control, etc. Today: Coarse and imprecise –IP addresses –Port numbers Instead: Classify traffic based on –Where traffic is coming from –What inputs that traffic has taken

Design Trusted tagging component on host Arbiter near network border

Applications Provisioning Blacklisting Exfiltration Secure network regions

Assumptions Network elements dont modify tags End host has a trusted component –Privileged process –Kernel module –Hypervisor –Outside the host

Tags: Structure and Function Local properties (container ID) History of interactions (taint set)

Accumulating Tags

Concerns Privacy concerns Packet overhead Overflow of taint set –Size of taint set could become quite large Storage overhead How to identify taints that reflect a certain class of traffic?

Current Function Internet 1.Host sends request over control channel to open with flow with taint set. 2. Traffic diverted to controller, which checks policy. 3. Controller inserts flow table entry, if policy compliant.