Exploring Host-based Software Defined Networking and its Applications

MacFarland, Douglas C.

30 April 2015

Network operators need detailed understanding of their networks in order to ensure functionality and to mitigate security risks. Unfortunately, legacy networks are poorly suited to providing this understanding. While the software-defined networking paradigm has the potential to, existing switch-based implementations are unable to scale sufficiently to provide information in a fine-grained. Furthermore, as switches are inherently blind to the inner workings of hosts, significantly hindering an operator's ability to understand the true context behind network traffic. In this work, we explore a host-based software-defined networking implementation. We evaluation our implementation, showing that it is able to scale beyond the capabilities of a switch-based implementation. Furthermore, we discuss various detailed network policies that network operators can write and enforce which are impossible in a switch-based implementation. We also implement and discuss an anti-reconnaissance system that can be deployed without any additional components.

host agents

anti-reconnaissance

software defined networking

Improving network extensibility and scalability through SDN

Rotsos, Charalampos

January 2015

No description available.

004

Verificare: a platform for composable verification with application to SDN-Enabled systems

Skowyra, Richard William

22 January 2016

Software-Defined Networking (SDN) has become increasing prevalent in both the academic and industrial communities. A new class of system built on SDNs, which we refer to as SDN-Enabled, provide programmatic interfaces between the SDN controller and the larger distributed system. Existing tools for SDN verification and analysis are insufficiently expressive to capture this composition of a network and a larger distributed system. Generic verification systems are an infeasible solution, due to their monolithic approach to modeling and rapid state-space explosion. In this thesis we present a new compositional approach to system modeling and verification that is particularly appropriate for SDN-Enabled systems. Compositional models may have sub-components (such as switches and end-hosts) modified, added, or removed with only minimal, isolated changes. Furthermore, invariants may be defined over the composed system that restrict its behavior, allowing assumptions to be added or removed and for components to be abstracted away into the service guarantee that they provide (such as guaranteed packet arrival). Finally, compositional modeling can minimize the size of the state space to be verified by taking advantage of known model structure. We also present the Verificare platform, a tool chain for building compositional models in our modeling language and automatically compiling them to multiple off-the-shelf verification tools. The compiler outputs a minimal, calculus-oblivious formalism, which is accessed by plugins via a translation API. This enables a wide variety of requirements to be verified. As new tools become available, the translator can easily be extended with plugins to support them.

Computer science

Verification

Software-defined networking

A Resilience-Oriented and NFV-Supported Scheme for Failure Detection in Software-Defined Networking

Li, He

19 October 2018

As a recently emerging network paradigm, Software-Defined Networking (SDN) has attracted considerable attention from both industry and academia. The most significant advantage of SDN is that the paradigm disassociates the control logic (i.e., control plane) from the forwarding process (i.e., data plane), which are usually integrated into traditional network devices. Thanks to the property of centralized control, SDN enables the flexibility of dispatching flow policies to simplify network management. However, this property also makes the SDN environment vulnerable, which will cause network paralysis when the sole SDN controller runs malfunction. Although several works have been done on deploying multiple controllers to address the failure of a centralized controller, their drawbacks are leading to inefficiency and balance loss of controller utilization, provoking resource idling as well as being incapable to suffice flow outburst. Additionally, the network operators often put a great deal of effort into discovering failure nodes to recover their networks, which can be mitigated by applying failure detection before the network deterioration occurs. Network traffic prediction can serve as a practical approach to evaluate the state of the OpenFlow-based switch and consequently detect SDN node failures in advance. As far as prediction solution is concerned, most researchers investigate either statistical modeling approaches, such as Seasonal Autoregressive Integrated Moving Average (SARIMA), or Artificial Neural Network (ANN) methods, like Long Short-Term Memory (LSTM) Neural Network. Nonetheless, few of them study the model merging these two mechanisms regarding multi-step prediction. This thesis proposes a novel system associated with Network Function Virtualization (NFV) technique to enhance the resilience of SDN network. A hybrid prediction model based on the combination of SARIMA and LSTM is introduced as part of the detection module of this system, where the potential node breakdown can be readily determined so that it can implement smart prevention and fast recovery without human interaction. The results show the proposed scheme improves the performance concerning time complexity compared with that of previous work, reaching up to 95% accuracy while shortening the detection and recovery time by the new combined prediction model.

Software-Defined Networking

Network Resiliency

Network Prediction

Infinite CacheFlow: a Rule-caching Solution for Software Defined Networks

January 2014

abstract: New OpenFlow switches support a wide range of network applications, such as firewalls, load balancers, routers, and traffic monitoring. While ternary content addressable memory (TCAM) allows switches to process packets at high speed based on multiple header fields, today's commodity switches support just thousands to tens of thousands of forwarding rules. To allow for finer-grained policies on this hardware, efficient ways to support the abstraction of a switch are needed with arbitrarily large rule tables. To do so, a hardware-software hybrid switch is designed that relies on rule caching to provide large rule tables at low cost. Unlike traditional caching solutions, neither individual rules are cached (to respect rule dependencies) nor compressed (to preserve the per-rule traffic counts). Instead long dependency chains are ``spliced'' to cache smaller groups of rules while preserving the semantics of the network policy. The proposed hybrid switch design satisfies three criteria: (1) responsiveness, to allow rapid changes to the cache with minimal effect on traffic throughput; (2) transparency, to faithfully support native OpenFlow semantics; (3) correctness, to cache rules while preserving the semantics of the original policy. The evaluation of the hybrid switch on large rule tables suggest that it can effectively expose the benefits of both hardware and software switches to the controller and to applications running on top of it. / Dissertation/Thesis / M.S. Computer Science 2014

Computer science

Algorithms

Caching

Software Defined Networking

Towards Better Kernel and Network Monitoring of Software Actions

Lei, Yunsen

15 May 2020

Monitoring software actions is one of the most studied approaches to help security researchers understand how software interacts with the system or network. In many cases, monitoring is an important component to help detect attacks that use software vulnerabilities as a vector to compromise endpoints. Attacks are becoming more sophisticated and network use is growing dramatically. Both host-based and network-based monitoring are facing different challenges. A host-based approach has more insight into software's actions but puts itself at the risk of compromise. When deployed on the server endpoint, the lack of separation between different clients only further complicates the monitoring scope. Compared to network-based approaches, host-based monitoring usually loses control of a software's network trace once the network packet leaves the endpoint. On the other hand, network-based monitoring usually has full control of a software's network packets but confronts scalability problems as the network grows. This thesis focuses on the limitations of the current monitoring approaches and technologies and proposes different solutions to mitigate the current problem. For software-defined networking, we design and implement a host-based SDN system that achieves the same forwarding path control and packet rewriting functionality as a switch-based SDN. Our implementation empower the host-based SDN with more control in the network even without using any SDN-enabled middleboxes, allowing SDN adoption in large-scale deployments. We further corroborate flow reports from different host SDN agents to address the endpoint compromise problem. On the server endpoint, we leverage containers as a light-weight environment to separate different clients and build monitoring infrastructures to narrow down the monitoring scope that have the potential to facilitate further forensic analysis.

Security monitoring

Software-defined networking

Containerization

Analysis of Topology Poisoning Attacks in Software-Defined Networking

Thanh Bui, Tien

January 2015

Software-defined networking (SDN) is an emerging architecture with a great potentialto foster the development of modern networks. By separating the controlplane from the network devices and centralizing it at a software-based controller,SDN provides network-wide visibility and flexible programmability to networkadministrators. However, the security aspects of SDN are not yet fully understood.For example, while SDN is resistant to some topology poisoning attacks inwhich the attacker misleads the routing algorithm about the network structure,similar attacks by compromised hosts and switches are still known to be possible.The goal of this thesis is to thoroughly analyze the topology poisoning attacksinitiated by compromised switches and to identify whether they are a threat toSDN. We identify three base cases of the topology poisoning attack, in which theattack that requires a single compromised switch is a new variant of topologypoisoning. We develop proof-of-concept implementations for these attacks inemulated networks based on OpenFlow, the most popular framework for SDN.We also evaluate the attacks in simulated networks by measuring how muchadditional traffic the attacker can divert to the compromised switches. A widerange of network topologies and routing algorithms are used in the simulations.The simulation results show that the discovered attacks are severe in many cases.Furthermore, the seriousness of the attacks increases according to the number oftunnels that the attacker can fabricate and also depends on the distance betweenthe tunnel endpoints. The simulations indicate that network design can help tomitigate the attacks by, for example, shortening the paths between switches in thenetwork, randomizing regular network structure, or increasing the load-balancingcapability of the routing strategy.

Software-defined networking

OpenFlow

Topology poisoning attack

Genetic Algorithm-Based Improved Availability Approach for Controller Placement in SDN

Asamoah, Emmanuel

13 July 2023

Thanks to the Software-Defined Networking (SDN) paradigm, which segregates the control and data layers of traditional networks, large and scalable networks can now be dynamically configured and managed. It is a game-changing networking technology that provides increased flexibility and scalability through centralized management. The Controller Placement Problem (CPP), however, poses a crucial problem in SDN because it directly impacts the efficiency and performance of the network. The CPP attempts to determine the most ideal number of controllers for any network and their corresponding relative positioning. This is to generally minimize communication delays between switches and controllers and maintain network reliability and resilience. In this thesis, we present a modified Genetic Algorithm (GA) technique to solve the CPP efficiently. Our approach makes use the GA’s capabilities to obtain the best controller placement correlation based on important factors such as network delay, reliability and availability. We further optimize the process by means of certain deduced constraints to allow faster convergence. In this study, our primary objective is to optimize the control plane design by identifying the optimal controller placement, which minimizes delay and significantly improves both the switch-to-controller and controller-to-controller link availability. We introduce an advanced genetic algorithm methodology and showcase a precise technique for optimizing the inherent availability constraints. To evaluate the trade-offs between the deployment of controllers and the associated costs of enhancing particular node link availabilities, we performed computational experiments on three distinct networks of varying sizes. Overall, our work contributes to the growth trajectory of SDN research by offering a novel GA-based resolution to the controller placement problem that can improve network performance and dependability.

Software-Defined Networking

Controller Placement

Genetic Algorithm

Attack-aware Security Function Management / Angriffsbewusste Verwaltung von Sicherheitsfunktionen

Iffländer, Lukas

January 2021

Over the last decades, cybersecurity has become an increasingly important issue. Between 2019 and 2011 alone, the losses from cyberattacks in the United States grew by 6217%. At the same time, attacks became not only more intensive but also more and more versatile and diverse. Cybersecurity has become everyone’s concern. Today, service providers require sophisticated and extensive security infrastructures comprising many security functions dedicated to various cyberattacks. Still, attacks become more violent to a level where infrastructures can no longer keep up. Simply scaling up is no longer sufficient. To address this challenge, in a whitepaper, the Cloud Security Alliance (CSA) proposed multiple work packages for security infrastructure, leveraging the possibilities of Software-defined Networking (SDN) and Network Function Virtualization (NFV). Security functions require a more sophisticated modeling approach than regular network functions. Notably, the property to drop packets deemed malicious has a significant impact on Security Service Function Chains (SSFCs)—service chains consisting of multiple security functions to protect against multiple at- tack vectors. Under attack, the order of these chains influences the end-to-end system performance depending on the attack type. Unfortunately, it is hard to predict the attack composition at system design time. Thus, we make a case for dynamic attack-aware SSFC reordering. Also, we tackle the issues of the lack of integration between security functions and the surrounding network infrastructure, the insufficient use of short term CPU frequency boosting, and the lack of Intrusion Detection and Prevention Systems (IDPS) against database ransomware attacks. Current works focus on characterizing the performance of security functions and their behavior under overload without considering the surrounding infrastructure. Other works aim at replacing security functions using network infrastructure features but do not consider integrating security functions within the network. Further publications deal with using SDN for security or how to deal with new vulnerabilities introduced through SDN. However, they do not take security function performance into account. NFV is a popular field for research dealing with frameworks, benchmarking methods, the combination with SDN, and implementing security functions as Virtualized Network Functions (VNFs). Research in this area brought forth the concept of Service Function Chains (SFCs) that chain multiple network functions after one another. Nevertheless, they still do not consider the specifics of security functions. The mentioned CSA whitepaper proposes many valuable ideas but leaves their realization open to others. This thesis presents solutions to increase the performance of single security functions using SDN, performance modeling, a framework for attack-aware SSFC reordering, a solution to make better use of CPU frequency boosting, and an IDPS against database ransomware. Specifically, the primary contributions of this work are: • We present approaches to dynamically bypass Intrusion Detection Systems (IDS) in order to increase their performance without reducing the security level. To this end, we develop and implement three SDN-based approaches (two dynamic and one static). We evaluate the proposed approaches regarding security and performance and show that they significantly increase the performance com- pared to an inline IDS without significant security deficits. We show that using software switches can further increase the performance of the dynamic approaches up to a point where they can eliminate any throughput drawbacks when using the IDS. • We design a DDoS Protection System (DPS) against TCP SYN flood at tacks in the form of a VNF that works inside an SDN-enabled network. This solution eliminates known scalability and performance drawbacks of existing solutions for this attack type. Then, we evaluate this solution showing that it correctly handles the connection establishment and present solutions for an observed issue. Next, we evaluate the performance showing that our solution increases performance up to three times. Parallelization and parameter tuning yields another 76% performance boost. Based on these findings, we discuss optimal deployment strategies. • We introduce the idea of attack-aware SSFC reordering and explain its impact in a theoretical scenario. Then, we discuss the required information to perform this process. We validate our claim of the importance of the SSFC order by analyzing the behavior of single security functions and SSFCs. Based on the results, we conclude that there is a massive impact on the performance up to three orders of magnitude, and we find contradicting optimal orders for different workloads. Thus, we demonstrate the need for dynamic reordering. Last, we develop a model for SSFC regarding traffic composition and resource demands. We classify the traffic into multiple classes and model the effect of single security functions on the traffic and their generated resource demands as functions of the incoming network traffic. Based on our model, we propose three approaches to determine optimal orders for reordering. • We implement a framework for attack-aware SSFC reordering based on this knowledge. The framework places all security functions inside an SDN-enabled network and reorders them using SDN flows. Our evaluation shows that the framework can enforce all routes as desired. It correctly adapts to all attacks and returns to the original state after the attacks cease. We find possible security issues at the moment of reordering and present solutions to eliminate them. • Next, we design and implement an approach to load balance servers while taking into account their ability to go into a state of Central Processing Unit (CPU) frequency boost. To this end, the approach collects temperature information from available hosts and places services on the host that can attain the boosted mode the longest. We evaluate this approach and show its effectiveness. For high load scenarios, the approach increases the overall performance and the performance per watt. Even better results show up for low load workloads, where not only all performance metrics improve but also the temperatures and total power consumption decrease. • Last, we design an IDPS protecting against database ransomware attacks that comprise multiple queries to attain their goal. Our solution models these attacks using a Colored Petri Net (CPN). A proof-of-concept implementation shows that our approach is capable of detecting attacks without creating false positives for benign scenarios. Furthermore, our solution creates only a small performance impact. Our contributions can help to improve the performance of security infrastructures. We see multiple application areas from data center operators over software and hardware developers to security and performance researchers. Most of the above-listed contributions found use in several research publications. Regarding future work, we see the need to better integrate SDN-enabled security functions and SSFC reordering in data center networks. Future SSFC should discriminate between different traffic types, and security frameworks should support automatically learning models for security functions. We see the need to consider energy efficiency when regarding SSFCs and take CPU boosting technologies into account when designing performance models as well as placement, scaling, and deployment strategies. Last, for a faster adaptation against recent ransomware attacks, we propose machine-assisted learning for database IDPS signatures. / In den letzten Jahrzehnten wurde Cybersicherheit zu einem immer wichtigeren Thema. Allein zwischen 2019 und 2011 stiegen die Verluste durch Cyberattacken in den Vereinigten Staaten um 6217%. Gleichzeitig wurden die Angriffe nicht nur intensiver, sondern auch immer vielseitiger und facettenreicher. Cybersicherheit ist zu einem allgegenwärtigen Thema geworden. Heute benötigen Dienstleistungsanbieter ausgefeilte und umfassende Sicherheitsinfrastrukturen, die viele Sicherheitsfunktionen für verschiedene Cyberattacken umfassen. Den- noch werden die Angriffe immer heftiger, so dass diese Infrastrukturen nicht mehr mithalten können. Ein einfaches Scale-Up ist nicht mehr ausreichend. Um dieser Herausforderung zu begegnen, schlug die Cloud Security Alliance (CSA) in einem Whitepaper mehrere Arbeitspakete für Sicherheitsinfrastruk turen vor, die die Möglichkeiten des Software-definierten Netzwerks (SDN) und der Netzwerkfunktionsvirtualisierung (NFV) nutzen. Sicherheitsfunktionen erfordern einen anspruchsvolleren Modellierungsansatz als normale Netzwerkfunktionen. Vor allem die Eigenschaft, als bösartig erachtete Pakete fallen zu lassen, hat erhebliche Auswirkungen auf Security Service Function Chains (SSFCs) – Dienstketten, die aus mehreren Sicherheitsfunktionen zum Schutz vor mehreren Angriffsvektoren bestehen. Bei einem Angriff beeinflusst die Reihenfolge dieser Ketten je nach Angriffstyp die Gesamtsystemleistung. Leider ist es schwierig, die Angriffszusammensetzung zur Designzeit vorherzusagen. Daher plädieren wir für eine dynamische, angriffsbewusste Neuordnung der SSFC. Außerdem befassen wir uns mit den Problemen der mangelnden Integration zwischen Sicherheitsfunktionen und der umgebenden Netzwerkinfrastruktur, der unzureichenden Nutzung der kurzfristigen CPU-Frequenzverstärkung und des Mangels an Intrusion Detection and Prevention Systems (IDPS) zur Abwehr von Datenbank-Lösegeldangriffen. Bisherige Arbeiten konzentrieren sich auf die Charakterisierung der Leistungsfähigkeit von Sicherheitsfunktionen und deren Verhalten bei Überlastung ohne Berücksichtigung der umgebenden Infrastruktur. Andere Arbeiten zielen darauf ab, Sicherheitsfunktionen unter Verwendung von Merkmalen der Netzwerkinfrastruktur zu ersetzen, berücksichtigen aber nicht die Integration von Sicherheitsfunktionen innerhalb des Netzwerks. Weitere Publikationen befassen sich mit der Verwendung von SDN für die Sicherheit oder mit dem Umgang mit neuen, durch SDN eingeführten Schwachstellen. Sie berücksichtigen jedoch nicht die Leistung von Sicherheitsfunktionen. Die NFV-Domäne ist ein beliebtes Forschungsgebiet, das sich mit Frameworks, Benchmarking-Methoden, der Kombination mit SDN und der Implementierung von Sicherheitsfunktionen als Virtualized Network Functions (VNFs) befasst. Die Forschung in diesem Bereich brachte das Konzept der Service-Funktionsketten (SFCs) hervor, die mehrere Netzwerkfunktionen nacheinander verketten. Dennoch berücksichtigen sie noch immer nicht die Besonderheiten von Sicherheitsfunktionen. Zu diesem Zweck schlägt das bereits erwähnte CSA-Whitepaper viele wertvolle Ideen vor, lässt aber deren Realisierung anderen offen. In dieser Arbeit werden Lösungen zur Steigerung der Leistung einzelner Sicherheitsfunktionen mittels SDN, Performance Engineering, Modellierung und ein Rahmenwerk für die angriffsbewusste SSFC-Neuordnung, eine Lösung zur besseren Nutzung der CPU-Frequenzsteigerung und ein IDPS gegen Datenbank-Lösegeld. Im Einzelnen sind die sechs Hauptbeiträge dieser Arbeit: • Wir stellen Ansätze zur dynamischen Umgehung von Intrusion-Detection-Systemen (IDS) vor, um deren Leistung zu erhöhen, ohne das Sicherheitsniveau zu senken. Zu diesem Zweck entwickeln und implementieren wir drei SDN-basierte Ansätze (zwei dynamische und einen statischen). Wir evaluieren sie hinsichtlich Sicherheit und Leistung und zeigen, dass alle Ansätze die Leistung im Vergleich zu einem Inline-IDS ohne signifikante Sicherheitsdefizite signifikant steigern. Wir zeigen ferner, dass die Verwendung von Software-Switches die Leistung der dynamischen Ansätze weiter steigern kann, bis zu einem Punkt, an dem sie bei der Verwendung des IDS etwaige Durchsatznachteile beseitigen können. • Wir entwerfen ein DDoS-Schutzsystem (DPS) gegen TCP-SYN-Flutangriffe in Form eines VNF, das innerhalb eines SDN-fähigen Netzwerks funktioniert. Diese Lösung eliminiert bekannte Skalierbarkeits-und Leistungsnachteile bestehender Lösungen für diesen Angriffstyp. Dann bewerten wir diese Lösung und zeigen, dass sie den Verbindungsaufbau korrekt handhabt, und präsentieren Lösungen für ein beobachtetes Problem. Als nächstes evaluieren wir die Leistung und zeigen, dass unsere Lösung die Leistung bis zum Dreifachen erhöht. Durch Parallelisierung und Parameterabstimmung werden weitere 76% der Leistung erzielt. Auf der Grundlage dieser Ergebnisse diskutieren wir optimale Einsatzstrategien. • Wir stellen die Idee der angriffsbewussten Neuordnung des SSFC vor und erläutern deren Auswirkungen anhand eines theoretischen Szenarios. Dann erörtern wir die erforderlichen Informationen zur Durchführung dieses Prozesses. Wir validieren unsere Behauptung von der Bedeutung der SSFC-Ordnung, indem wir das Verhalten einzelner Sicherheitsfunktionen und SSFCs analysieren. Aus den Ergebnissen schließen wir auf eine massive Auswirkung auf die Leistung bis zu drei Größenordnungen, und wir finden widersprüchliche optimale Aufträge für unterschiedliche Arbeitsbelastungen. Damit beweisen wir die Notwendigkeit einer dynamischen Neuordnung. Schließlich entwickeln wir ein Modell für den SSFC hinsichtlich der Verkehrszusammensetzung und des Ressourcenbedarfs. Dazu klassifizieren wir den Datenverkehr in mehrere Klassen und modellieren die Auswirkungen einzelner Sicherheitsfunktionen auf den Datenverkehr und die von ihnen erzeugten Ressourcenanforderungen als Funktionen des eingehenden Netzwerkverkehrs. Auf der Grundlage unseres Modells schlagen wir drei Ansätze zur Berechnung der gewünschten Reihenfolge für die Neuordnung vor. Auf der Grundlage dieses Wissens implementieren wir einen Rahmen für die angriffsbewusste SSFC-Neuordnung. Das Rahmenwerk platziert alle Sicherheitsfunktionen innerhalb eines SDN-fähigen Netzwerks und ordnet sie mit Hilfe von SDN-Flüssen neu an. Unsere Auswertung zeigt, dass das Rahmenwerk alle Routen wie gewünscht durchsetzen kann. Es passt sich allen Angriffen korrekt an und kehrt nach Beendigung der Angriffe in den ursprünglichen Zustand zurück. Wir finden mögliche Sicherheitsprobleme zum Zeitpunkt der Neuordnung und präsentieren Lösungen zu deren Beseitigung. Als Nächstes entwerfen und implementieren wir einen Ansatz zum Lastausgleich von Servern hinsichtlich ihrer Fähigkeit, in einen Zustand der Frequenzerhöhung der Zentraleinheit (CPU) zu gehen. Zu diesem Zweck sammelt der Ansatz Temperaturinformationen von verfügbaren Hosts und platziert den Dienst auf dem Host, der den verstärkten Modus am längsten erreichen kann. Wir evaluieren diesen Ansatz und zeigen seine Funktionalität auf. Für Hochlastszenarien erhöht der Ansatz die Gesamtleistung und steigert die Leistung pro Watt. Noch bessere Ergebnisse zeigen sich bei Niedriglast-Workloads, wo sich nicht nur alle Leistungsmetriken verbessern, sondern auch die Temperaturen und der Gesamtstromverbrauch sinken. • Zuletzt entwerfen wir ein IDPS, das vor Lösegeld-Angriffen auf Datenbanken schützt, die mehrere Abfragen umfassen, um ihr Ziel zu erreichen. Unsere Lösung modelliert diese Angriffe mit einem Colored Petri Net (CPN). Eine Proof-of-Concept-Implementierung zeigt, dass unser Ansatz in der Lage ist, die beobachteten Angriffe zu erkennen, ohne für gutartige Szenarien falsch positive Ergebnisse zu erzeugen. Darüber hinaus erzeugt un sere Lösung nur eine geringe Auswirkung auf die Leistung. Unsere Beiträge können dazu beitragen, die Leistungsfähigkeit von Sicherheitsinfrastrukturen zu erhöhen. Wir sehen vielfältige Anwendungsbereiche, von Rechenzentrumsbetreibern über Software- und Hardwareentwickler bis hin zu Sicherheits- und Leistungsforschern. Die meisten der oben aufgeführten Beiträge fanden in mehreren Forschungspublikationen Verwendung. Was die zukünftige Arbeit betrifft, so sehen wir die Notwendigkeit, bessere SDN-fähige Sicherheitsfunktionen und SSFC-Neuordnung in Rechenzentrumsnetzwerke zu integrieren. Künftige SSFC sollten zwischen verschiedenen Verkehrsarten unterscheiden, und Sicherheitsrahmen sollten automatisch lernende Modelle für Sicherheitsfunktionen unterstützen. Wir sehen den Bedarf, bei der Betrachtung von SSFCs die Energieeffizienz zu berücksichtigen und bei der Entwicklung von Leistungsmodellen sowie Platzierungs-, Skalierungs- und Bereitstellungsstrategien CPU-verstärkende Technologien in Betracht zu ziehen. Schließlich schlagen wir für eine schnellere Anpassung an die jüngsten Lösegeld-Angriffe maschinengestütztes Lernen für Datenbank-IDPS-Signaturen vor.

Software-defined networking

Computersicherheit

Virtualisierung

ddc:000

Head into the Cloud: An Analysis of the Emerging Cloud Infrastructure

Chandrasekaran, Balakrishnan

January 2016

<p>We are witnessing a paradigm shift in computing---people are increasingly using Web-based software for tasks that only a few years ago were carried out using software running locally on their computers. The increasing use of mobile devices, which typically have limited processing power, is catalyzing the idea of offloading computations to the cloud. It is within this context of cloud computing that this thesis attempts to address a few key questions: (a) With more computations moving to the cloud, what is the state of the Internet's core? In particular, do routing changes and consistent congestion in the Internet's core affect end users' experiences? (b) With software-defined networking (SDN) principles increasingly being used to manage cloud infrastructures, are the software solutions robust (i.e., resilient to bugs)? With service outage costs being prohibitively expensive, how can we support network operators in experimenting with novel ideas without crashing their SDN ecosystems? (c) How can we build a large-scale passive IP geolocation system to geolocate the entire IP address space at once so that cloud-based software can utilize the geolocation database in enhancing the end-user experience? (d) Why is the Internet so slow? Since a low-latency network allows more offloading of computations to the cloud, how can we reduce the latency in the Internet?</p> / Dissertation

Computer science

Cloud computing

Network measurements

Software-defined networking