Abstract
Network security devices intercept, analyze and act on the traffic moving through the network to enforce security policies. They can have adverse impact on the performance, functionality, and privacy provided by the network. To address this issue, we propose a new approach to network security based on the concept of short-term on-demand security exceptions. The basic idea is to bring network providers and (trusted) users together by (1) implementing coarse-grained security policies in the traditional way using conventional in-band security approaches, and (2) handling special cases policy exceptions in the control plane using user/application-supplied information. By divulging their intent to network providers, trusted users can receive better service. By allowing security exceptions, network providers can focus inspections on general (untrusted) traffic. We describe the design of an on-demand security exception mechanism and demonstrate its utility using a prototype implementation that enables high-speed big-data transfer across campus networks. Our experiments show that the security exception mechanism can improve the throughput of flows by trusted users significantly.
Original language | English |
---|---|
Title of host publication | 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019 |
Pages | 13-18 |
Number of pages | 6 |
ISBN (Electronic) | 9783903176157 |
State | Published - May 16 2019 |
Event | 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019 - Arlington, United States Duration: Apr 8 2019 → Apr 12 2019 |
Publication series
Name | 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019 |
---|
Conference
Conference | 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019 |
---|---|
Country/Territory | United States |
City | Arlington |
Period | 4/8/19 → 4/12/19 |
Bibliographical note
Publisher Copyright:© 2019 IFIP.
Keywords
- Middleboxes
- Security appliance
- Software defined networking
- Trusted flows
ASJC Scopus subject areas
- Information Systems and Management
- Management Science and Operations Research
- Information Systems
- Computer Networks and Communications