Collaborative Research: CICI: Secure and Resilient Architecture: NetSecOps -- Policy-driven, Knowledge-centric, Holistic Network Security Operations Architecture

Grants and Contracts Details


University campus infrastructures count among the most complex and sophisticated information technology (IT) deployments; often combining a mix of enterprise, retail and healthcare environments with IT requirements derived from the university’s teaching and research mission. Dealing with the security of this environment is particularly challenging. Like other networked environments campus IT infrastructures are constantly under attack from the Internet and subject to malware infections and susceptible to software and hardware vulnerabilities. In addition, different campus environments have very different policies and regulations that govern its treatment of sensitive data (e.g., private personal information, health care data, financial transactions etc.). Further, the unique requirements of data-intensive scientific workflows often do not fit enterprise centric IT approaches. This typically results in ad-hoc exceptions which bypass standard operational methods and procedures, thus leaving both the scientific workflow and the campus as a whole vulnerable to attack. In short, state-of-the-art campus security operations still heavily rely on human domains experts to interpret high level policy documents and attempt to implement those policies through low level mechanisms, to manually implement exceptions to these policies to accommodate scientific workflow requirements, to interpret reports and alerts from a variety of security point solutions, and to be at the center of all IT security operations, attempting to react to security events in near real time on a 24 by 7 basis. Given the constant increase in cyber security threats, this state of affairs is clearly untenable. We propose to address these challenges through a collaborative research effort between the University of Utah and the University of Kentucky. We propose the realization of NetSecOps, a policy-driven, knowledgecentric, holistic network security operations architecture. NetSecOps is policy-driven in that high level human readable policies are encoded into systematic policy specifications that drive the actual configuration and operation of the IT infrastructure. NetSecOps is knowledge-centric in that data, information and knowledge about the infrastructure is captured and maintained in a knowledge store, allowing IT operational tasks to be realized on and informed by this knowledge. NetSecOps is holistic in that we envision that ultimately all operational tasks be performed through the architecture and that all aspects of the environment be captured in it. We propose to do research that would endow the NetSecOps architecture with the following unique capabilities: (i) The ability to capture campus network security policies systematically.(ii) Fine-grained network control abstractions that can implement the security characteristics demanded by these policies. (Including policies related to both scientific workflows and IT domains.) (iii) Policy traceability tools to allow verifying whether high-level policies are maintained by these network abstractions. (iv) Knowledge-discovery tools that enable reasoning across data from existing security point-solutions. (Including security monitoring tools and authentication and authorization frameworks.) (v) The ability to automatically adjust the network’s security posture based on detected security events by applying policy-driven network control abstractions. We will ground our work in real world context by partnering with IT and security domain experts at both the University of Utah and the University of Kentucky and will evaluate our approach by deploying NetSecOps on selected parts of the campus infrastructures at both institutions. Our proposed work addresses a critical problem faced by all university campuses. It is our contention that the makeup of our team, academic researchers, together with IT systems and security professionals, uniquely position us to have impact in this space. We will release into the public domain the software of our architecture, the policy traceability tools, the network control abstractions and knowledge-discovery tools, as well as the systematic polices derived from security policy documents. We expect these resources to be broadly adopted by universities as part of their best-practice IT security operations. This will be especially true for smaller universities who might be lacking in security expertise. We expect that our approach will similarly be applicable to and be adopted by other domains with complex IT environments. We plan to disseminate our work through publications at high quality security conferences. The PIs will include research tasks from this proposal as course research projects for graduate level courses they teach. Together with the graduate students who will be directly involved in the research, the students doing these course projects will benefit from being exposed to real world data and problems by working with the PIs and domain experts.
Effective start/end date9/1/168/31/21


  • National Science Foundation: $515,925.00


Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.