Leveraging SDN to enable short-term on-demand security exceptions

James Griffioen, Zongming Fei, Sergio Rivera, Jacob Chappell, Mami Hayashida, Pinyi Shi, Charles Carpenter, Yongwook Song, Bhushan Chitre, Hussamuddin Nasir, Kenneth L. Calvert

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

3 Scopus citations

Abstract

Network security devices intercept, analyze and act on the traffic moving through the network to enforce security policies. They can have adverse impact on the performance, functionality, and privacy provided by the network. To address this issue, we propose a new approach to network security based on the concept of short-term on-demand security exceptions. The basic idea is to bring network providers and (trusted) users together by (1) implementing coarse-grained security policies in the traditional way using conventional in-band security approaches, and (2) handling special cases policy exceptions in the control plane using user/application-supplied information. By divulging their intent to network providers, trusted users can receive better service. By allowing security exceptions, network providers can focus inspections on general (untrusted) traffic. We describe the design of an on-demand security exception mechanism and demonstrate its utility using a prototype implementation that enables high-speed big-data transfer across campus networks. Our experiments show that the security exception mechanism can improve the throughput of flows by trusted users significantly.

Original languageEnglish
Title of host publication2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019
Pages13-18
Number of pages6
ISBN (Electronic)9783903176157
StatePublished - May 16 2019
Event2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019 - Arlington, United States
Duration: Apr 8 2019Apr 12 2019

Publication series

Name2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019

Conference

Conference2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019
Country/TerritoryUnited States
CityArlington
Period4/8/194/12/19

Bibliographical note

Publisher Copyright:
© 2019 IFIP.

Keywords

  • Middleboxes
  • Security appliance
  • Software defined networking
  • Trusted flows

ASJC Scopus subject areas

  • Information Systems and Management
  • Management Science and Operations Research
  • Information Systems
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Leveraging SDN to enable short-term on-demand security exceptions'. Together they form a unique fingerprint.

Cite this