Global ETD Search

41	Energy consumption prediction in software-defined wirelwss sensor networks. / Previsão de consumo de energia em redes de sensores sem fio definidas por software. Nuñez Segura, Gustavo Alonso 20 February 2018 (has links) Energy conservation is a main concern in Wireless Sensor Networks (WSN). To reduce energy consumption it is important to know how it is spent and how much is available during the node and network operation. Several previous works have proposed energy consumption models focused on the communication module, while neglecting the processing and sensing activities. Other works presented more complex and complete models, but lacked experiments to demonstrate their accuracy in real deployments. The main objective of this work is to design and to evaluate an accurate energy consumption model for WSN, which considers the sensing, processing, and communication modules usage. This model was used to implement two energy consumption prediction mechanism. One mechanism is based in Markov chains and the other one is based in time series analysis. The metrics to evaluate the model and prediction mechanisms performance were: energy consumption estimation accuracy, energy consumption prediction accuracy, and node\'s communication and processing resources usage. The energy consumption prediction mechanisms performance was compared using two implementation schemes: running the prediction algorithm in the sensor node and running the prediction algorithm in a Software-Defined Networking controller. The implementation was conducted using IT-SDN, a Software-Defined Wireless Sensor Network framework. For the evaluation, simulation and emulation used COOJA, while testbed experiments used TelosB devices. Results showed that considering the sensing, processing, and communication energy consumption into the model, it is possible to obtain an accurate energy consumption estimation for Wireless Sensor Networks. Also, the use of a Software-Defined Networking controller for processing complex prediction algorithms can improve the prediction accuracy. / A conservação da energia é uma das principais preocupações nas Redes de Sensores Sem Fio (WSN, do inglês Wireless Sensor Networks). Para reduzir o consumo de energia, é importante saber como a energia é gasta e quanta energia há disponível durante o funcionamento da rede. Diversos trabalhos anteriores propuseram modelos de consumo de energia focados no módulo de comunicação, ignorando o consumo por tarefas de processamento e sensoriamento. Outros trabalhos apresentam modelos mais completos e complexos, mas carecem de experimentos que demonstrem a exatidão em dispositivos reais. O objetivo principal deste trabalho é projetar e avaliar um modelo de consumo de energia para WSN que considere o consumo por sensoriamento, processamento e comunicação. Este modelo foi utilizado para implementar dois mecanismos de previsão de consumo de energia, um deles baseado em cadeias de Markov e o outro baseado em séries temporais. As métricas para avaliar o desempenho do modelo e dos mecanismos de previsão de consumo de energia foram: exatidão da estimativa de consumo de energia, exatidão da previsão de consumo de energia e uso dos recursos de comunicação e processamento do nó. O desempenho dos mecanismos de previsão de consumo de energia foram comparados utilizando dois esquemas de implementação: rodando o algoritmo de previsão no nó sensor e rodando o algoritmo de previsão em um controlador de rede definida por software. A implementação foi conduzida utilizando IT-SDN, um arcabouço de desenvolvimento de redes de sensores sem fio definidas por software. A avaliação foi feita com simulações e emulações utilizando o simulador COOJA e ensaios com dispositivos reais utilizando o TelosB. Os resultados mostraram que considerando o consumo de energia por sensoriamento, processamento e communicação, é possivel fazer uma estimativa de consumo de energia em redes de sensores sem fio com uma boa exatidão. Ainda, o uso de um controlador de rede definida por software para processamento de algoritmos de previsão complexos pode aumentar a exatidão da previsão. Consumo de energia elétrica Energy consumption Software-defined networking Wireless Wireless sensor networks
42	Aplicação de redes definidas por software no processo de gerenciamento de energia nos switches de rede OpenFlow / Software-defined networking application in the energy management process in OpenFlow network switches Prete, Ligia Rodrigues [UNESP] 13 December 2016 (has links) Submitted by LÍGIA RODRIGUES PRETE (ligiaprete@gmail.com) on 2017-02-09T18:51:10Z No. of bitstreams: 1 ligia_rodrigues_prete.pdf: 7338300 bytes, checksum: 749589aef86e7cc89e556975ee3c0763 (MD5) / Approved for entry into archive by LUIZA DE MENEZES ROMANETTO (luizamenezes@reitoria.unesp.br) on 2017-02-14T17:42:37Z (GMT) No. of bitstreams: 1 prete_lr_dr_ilha.pdf: 7338300 bytes, checksum: 749589aef86e7cc89e556975ee3c0763 (MD5) / Made available in DSpace on 2017-02-14T17:42:37Z (GMT). No. of bitstreams: 1 prete_lr_dr_ilha.pdf: 7338300 bytes, checksum: 749589aef86e7cc89e556975ee3c0763 (MD5) Previous issue date: 2016-12-13 / O consumo de energia no setor de Tecnologia da Informação e Comunicação (TIC) tem crescido exponencialmente nos últimos anos, em virtude da quantidade crescente de equipamentos para armazenamento e processamento de dados. O paradigma de Redes Definidas por Software (do inglês, Software-Defined Networking - SDN) e a arquitetura OpenFlow estão permitindo uma nova gama de aplicações e serviços para redes. A presente tese apresenta um estudo que aplica tecnologias SDN em um ambiente virtualizado com a federação GENI (Global Environment for Network Innovation). Neste trabalho foi desenvolvido um módulo no controlador Floodlight intitulado como Módulo Economia de Energia que emprega um algoritmo denominado MiNet (Mínima Rede) para a construção da Árvore de Extensão Mínima (do inglês, Minimum Spanning Tree - MST) sobre os componentes de comutação em redes. Este estudo apresenta três simulações em duas topologias de rede Fat Tree, sendo, uma com dez (FatTree10) e outra com vinte switches (FatTree20). Na primeira simulação foi realizada sem o módulo com a configuração padrão do controlador Floodlight para servir de comparação com os resultados de desempenho obtidos nas outras duas simulações. Já a segunda, com o Módulo Economia de Energia incluído no controlador, foi avaliada quanto aos custos iniciais nas ligações entre os switches. Na terceira, os custos nas ligações dos switches foram alterados para evidenciar que o Módulo Economia de Energia é capaz de recalcular uma nova Árvore de Extensão Mínima sobre os custos fornecidos e assim adaptar-se à rede para uma nova situação de atualização. Por meio de simulações realizadas, considerando somente as ligações entre os switches, sendo, quarenta portas Ethernet para a topologia menor e oitenta portas Ethernet para a topologia ampla, de acordo com os resultados alcançados, o módulo incorporado no Floodlight reduziu o consumo de energia final em 35% para a topologia FatTree10 e 32,5% na topologia FatTree20. / Energy consumption in the Information and Communication Technology (ICT) sector has grown exponentially recently, due to the increasing amount of equipment for data storage and processing. The paradigm of Software-Defined Networking (SDN) and OpenFlow architecture are enabling a new range of applications and services for networks. This thesis presents a study that applies SDN technologies in a virtualized environment with the GENI federation (Global Environment for Network Innovation). This paper developed a module in Floodlight controller titled Energy Saving Module employing an algorithm called MiNet (Minimum Network) for the construction of the Minimum Spanning Tree (MST) on the switching components in networks. This study presents three simulations in two network topologies Fat Tree, as it follows, a ten one (FatTree10) and another with twenty switches (FatTree20). In the first simulation, it was performed without the module with the default configuration of Floodlight controller to serve as a comparison with the performance results in the other two simulations. The second, with Module Energy Saver included in the controller, it evaluated the initial costs on the links between switches. In the third, the costs in the connections of the switches were changed to high light that the Energy Savings Module is able to recalculate a new Minimum Spanning Tree on the provided costs and thus adapt the network to a new update situation. Through the performed simulations, considering only the links between switches, as it is, forty Ethernet ports for smaller topology and eighty Ethernet ports for wide topology, according to the achieved results, the embedded module Floodlight reduced the final energy consumption to 35% FatTree10 topology and 32.5% FatTree20 topology. Redes definidas por software Openflow Floodlight GENI Minet Software-defined networking
43	MARS: uma arquitetura para análise de malwares utilizando SDN. / MARS: an SDN-based malware analysis solution. João Marcelo Ceron 08 December 2017 (has links) Detectar e analisar malwares é um processo essencial para aprimorar os sistemas de segurança. As soluções atuais apresentam limitações no processo de investigação e detecção de códigos maliciosos sofisticados. Mais do que utilizar técnicas para evadir sistemas de análise, malwares sofisticados requerem condições específicas no ambiente em que são executados para revelar seu comportamento malicioso. Com o surgimento das Redes Definidas por Software (SDN), notou-se uma oportunidade para aprimorar o processo de investigação de malware propondo uma arquitetura flexível apta a detectar variações comportamentais de maneira automática. Esta tese apresenta uma arquitetura especializada para analisar códigos maliciosos que permite controlar de maneira unificada o ambiente de análise, incluindo o sandbox e os elementos que o circundam. Dessa maneira, é possível gerenciar regras de contenção, configuração dinâmica de recursos, e manipular o tráfego de rede gerado pelos malwares. Para avaliar a arquitetura foi analisado um conjunto de malwares em dois cenários de avaliação. No primeiro cenário de avaliação, as funcionalidades descritas pela solução proposta revelaram novos eventos comportamentais em 100% dos malwares analisados. Já, no segundo cenários de avaliação, foi analisado um conjunto de malwares projetados para dispositivos IoT. Em consequência, foi possível bloquear ataques, monitorar a comunicação do malware com seu controlador de botnet, e manipular comandos de ataques. / Mechanisms to detect and analyze malicious software are essential to improve security systems. Current security mechanisms have limited success in detecting sophisticated malicious software. More than to evade analysis system, many malware require specific conditions to activate their actions in the target system. The flexibility of Software-Defined Networking (SDN) provides an opportunity to develop a malware analysis architecture that can detect behavioral deviations in an automated way. This thesis presents a specialized architecture to analyze malware by managing the analysis environment in a centralized way, including to control the sandbox and the elements that surrounds it. The proposed architecture enables to determine the network access policy, to handle the analysis environment resource configuration, and to manipulate the network connections performed by the malware. To evaluate our solution we have analyzed a set of malware in two evaluation scenarios. In the first evaluation scenario, we showed that the mechanisms proposed have increased the number of behavioral events in 100% of the malware analyzed. In the second evaluation scenario, we have analyzed malware designed for IoT devices. As a result, by using the MARS features, it was possible to block attacks, to manipulate attack commands, and to enable the malware communication with the respective botnet controller. The experimental results showed that our solution can improve the dynamic malware analysis process by providing this configuration flexibility to the analysis environment. Análise de Malware Arquitetura de software Dynamic analysis Malware analysis Software-defined networking
44	Towards a programmable and virtualized mobile radio access network architecture Foukas, Xenofon January 2018 (has links) Emerging 5G mobile networks are envisioned to become multi-service environments, enabling the dynamic deployment of services with a diverse set of performance requirements, accommodating the needs of mobile network operators, verticals and over-the-top service providers. The Radio Access Network (RAN) part of mobile networks is expected to play a very significant role towards this evolution. Unfortunately, such a vision cannot be efficiently supported by the conventional RAN architecture, which adopts a fixed and rigid design. For the network to evolve, flexibility in the creation, management and control of the RAN components is of paramount importance. The key elements that can allow us to attain this flexibility are the programmability and the virtualization of the network functions. While in the case of the mobile core, these issues have been extensively studied due to the advent of technologies like Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) and the similarities that the core shares with other wired networks like data centers, research in the domain of the RAN is still in its infancy. The contributions made in this thesis significantly advance the state of the art in the domain of RAN programmability and virtualization in three dimensions. First, we design and implement a software-defined RAN (SD-RAN) platform called FlexRAN, that provides a flexible control plane designed with support for real-time RAN control applications, flexibility to realize various degrees of coordination among RAN infrastructure entities, and programmability to adapt control over time and easier evolution to the future following SDN/NFV principles. Second, we leverage the capabilities of the FlexRAN platform to design and implement Orion, which is a novel RAN slicing system that enables the dynamic on-the-fly virtualization of base stations, the flexible customization of slices to meet their respective service needs and which can be used in an end-to-end network slicing setting. Third, we focus on the use case of multi-tenancy in a neutral-host indoors small-cell environment, where we design Iris, a system that builds on the capabilities of FlexRAN and Orion and introduces a dynamic pricing mechanism for the efficient and flexible allocation of shared spectrum to the tenants. A number of additional use cases that highlight the benefits of the developed systems are also presented. The lessons learned through this research are summarized and a discussion is made on interesting topics for future work in this domain. The prototype systems presented in this thesis have been made publicly available and are being used by various research groups worldwide in the context of 5G research.
45	SDN no contexto de IoT : refatoração de middleware para monitoramento de pacientes crônicos baseada em software-defined networking / SDN in the IoT context : software-defined networking based refactoring of a middleware for chronic patients monitoring Arbiza, Lucas Mendes Ribeiro January 2016 (has links) Algumas palavras e definições comumente utilizadas quando se está falando de Software-Defined Networking, como programabilidade, flexibilidade, ou gerenciamento centralizado, parecem muito apropriadas ao contexto de um outro paradigma de rede: Internet of Things. Em redes domésticas já não é incomum a existência de dispositivos projetados para segurança, climatização, iluminação, monitoramento de saúde e algumas formas de automação que diferem entre si em diversos aspectos, como no modo de operar e de se comunicar. Lidar com este tipo de cenário, que pode diferir bastante daquilo que estamos acostumados na gerência de redes e serviços, fazendo uso dos recursos tradicionais como ferramentas e protocolos bem estabelecidos, pode ser difícil e, em alguns casos, inviável. Com o objetivo de possibilitar o monitoramento remoto de pacientes com doenças crônicas através de dispositivos de healthcare disponíveis no mercado, uma proposta de middleware foi desenvolvida em um projeto de pesquisa para contornar as limitações relacionadas à interoperabilidade, coleta de dados, gerência, segurança e privacidade encontradas nos dispositivos utilizados. O middleware foi projetado com o intuito de executar em access points instalados na casa dos pacientes. Contudo, as limitações de hardware e software do access point utilizado refletem no desenvolvimento, pois restringem o uso de linguagens de programação e recursos que poderiam agilizar e facilitar a implementação dos módulos e dos mecanismos necessários. Os contratempos encontrados no desenvolvimento motivaram a busca por alternativas, o que resultou na refatoração do middleware através de Software-Defined Networking, baseando-se em trabalhos que exploram o uso desse paradigma em redes domésticas. O objetivo deste trabalho é verificar a viabilidade da utilização de Software-Defined Networking no contexto de Internet of Things, mais especificamente, aplicado ao serviço de monitoramento de pacientes da proposta anterior e explorar os possíveis benefícios resultantes. Com a refatoração, a maior parte da carga de serviços da rede e do monitoramento foi distribuída entre servidores remotos dedicados, com isso os desenvolvedores podem ir além das restrições do access point e fazer uso de recursos antes não disponíveis, o que potencializa um processo de desenvolvimento mais ágil e com funcionalidades mais complexas, ampliando as possibilidades do serviço. Adicionalmente, a utilização de Software-Defined Networking proporcionou a entrega de mais de um serviço através de um único access point, escalabilidade e autonomia no gerenciamento das redes e dos dispositivos e na implantação de serviços, fazendo uso de recursos do protocolo OpenFlow, e a cooperação entre dispositivos e serviços a fim de se criar uma representação digital mais ampla do ambiente monitorado. / Some words and definitions usually employed when talking about Software-Defined Networking such as programmability, frexibility, or centralized management sound very appropriate to the context of another network paradigm: Internet of Things. The presence of devices designed for security, air conditioning, lighting, health monitoring and some other automation resources have become common in home networks; those devices may be different in many ways, such as the way they operate and communicate, between others. Dealing with this kind of scenario may differ in many ways from what we are familiar regarding networking and services management; the use of traditional management tools and protocols may be hard or even unfeasible. Aiming to enable the health monitoring of patients with chronical illnesses through using off-the-shelf healthcare devices a middleware proposal was developed in a research project to circumvent interoperability, data collecting, management, security and privacy issues found in employed devices. The middleware was designed to run on access points in the homes of the patients. Although hardware and software limitations of the used access points reflect on the development process, because they restrict the use of programming languages and resources that could be employed to expedite the implementation of necessary modules and features. Development related mishaps have motivated the search for alternatives resulting in the middleware refactoring through Software-Defined Networking, based on previous works where that paradigm is used in home networks. This work aims to verify the feasability of the employment of Software- Defined Networking in the Internet of Things context, and its resulting benefits; specifically in the health monitoring of chronic patients service from the previous proposal. After refactoring most of the network and services load was distributed among remote dedicated servers allowing developers to go beyond the limitations imposed by access points constraints, and to make use of resources not available before enabling agility to the development process; it also enables the development of more complex features expanding services possibilities. Additionally Software-Defined Networking employment provides benefits such as the delivering of more than only one service through the same access point; scalability and autonomy to the network and devices monitoring, as to the service deployment through the use of OpenFlow resources; and devices and services cooperation enabling the built of a wider digital representation of the monitored environment. Redes : Computadores Informática médica Software-defined networking Internet of things Network management Middleware Home networks
46	Cyber Attacks Detection and Mitigation in SDN Environments January 2018 (has links) abstract: Cyber-systems and networks are the target of different types of cyber-threats and attacks, which are becoming more common, sophisticated, and damaging. Those attacks can vary in the way they are performed. However, there are similar strategies and tactics often used because they are time-proven to be effective. The motivations behind cyber-attacks play an important role in designating how attackers plan and proceed to achieve their goals. Generally, there are three categories of motivation are: political, economical, and socio-cultural motivations. These indicate that to defend against possible attacks in an enterprise environment, it is necessary to consider what makes such an enterprise environment a target. That said, we can understand what threats to consider and how to deploy the right defense system. In other words, detecting an attack depends on the defenders having a clear understanding of why they become targets and what possible attacks they should expect. For instance, attackers may preform Denial of Service (DoS), or even worse Distributed Denial of Service (DDoS), with intention to cause damage to targeted organizations and prevent legitimate users from accessing their services. However, in some cases, attackers are very skilled and try to hide in a system undetected for a long period of time with the incentive to steal and collect data rather than causing damages. Nowadays, not only the variety of attack types and the way they are launched are important. However, advancement in technology is another factor to consider. Over the last decades, we have experienced various new technologies. Obviously, in the beginning, new technologies will have their own limitations before they stand out. There are a number of related technical areas whose understanding is still less than satisfactory, and in which long-term research is needed. On the other hand, these new technologies can boost the advancement of deploying security solutions and countermeasures when they are carefully adapted. That said, Software Defined Networking i(SDN), its related security threats and solutions, and its adaption in enterprise environments bring us new chances to enhance our security solutions. To reach the optimal level of deploying SDN technology in enterprise environments, it is important to consider re-evaluating current deployed security solutions in traditional networks before deploying them to SDN-based infrastructures. Although DDoS attacks are a bit sinister, there are other types of cyber-threats that are very harmful, sophisticated, and intelligent. Thus, current security defense solutions to detect DDoS cannot detect them. These kinds of attacks are complex, persistent, and stealthy, also referred to Advanced Persistent Threats (APTs) which often leverage the bot control and remotely access valuable information. APT uses multiple stages to break into a network. APT is a sort of unseen, continuous and long-term penetrative network and attackers can bypass the existing security detection systems. It can modify and steal the sensitive data as well as specifically cause physical damage the target system. In this dissertation, two cyber-attack motivations are considered: sabotage, where the motive is the destruction; and information theft, where attackers aim to acquire invaluable information (customer info, business information, etc). I deal with two types of attacks (DDoS attacks and APT attacks) where DDoS attacks are classified under sabotage motivation category, and the APT attacks are classified under information theft motivation category. To detect and mitigate each of these attacks, I utilize the ease of programmability in SDN and its great platform for implementation, dynamic topology changes, decentralized network management, and ease of deploying security countermeasures. / Dissertation/Thesis / Doctoral Dissertation Computer Science 2018 Computer science Advanced Persistent Threats Anomaly Detection Cyber Attacks Machine Learning Software Defined Networking Threats Detection
47	MARS: uma arquitetura para análise de malwares utilizando SDN. / MARS: an SDN-based malware analysis solution. Ceron, João Marcelo 08 December 2017 (has links) Detectar e analisar malwares é um processo essencial para aprimorar os sistemas de segurança. As soluções atuais apresentam limitações no processo de investigação e detecção de códigos maliciosos sofisticados. Mais do que utilizar técnicas para evadir sistemas de análise, malwares sofisticados requerem condições específicas no ambiente em que são executados para revelar seu comportamento malicioso. Com o surgimento das Redes Definidas por Software (SDN), notou-se uma oportunidade para aprimorar o processo de investigação de malware propondo uma arquitetura flexível apta a detectar variações comportamentais de maneira automática. Esta tese apresenta uma arquitetura especializada para analisar códigos maliciosos que permite controlar de maneira unificada o ambiente de análise, incluindo o sandbox e os elementos que o circundam. Dessa maneira, é possível gerenciar regras de contenção, configuração dinâmica de recursos, e manipular o tráfego de rede gerado pelos malwares. Para avaliar a arquitetura foi analisado um conjunto de malwares em dois cenários de avaliação. No primeiro cenário de avaliação, as funcionalidades descritas pela solução proposta revelaram novos eventos comportamentais em 100% dos malwares analisados. Já, no segundo cenários de avaliação, foi analisado um conjunto de malwares projetados para dispositivos IoT. Em consequência, foi possível bloquear ataques, monitorar a comunicação do malware com seu controlador de botnet, e manipular comandos de ataques. / Mechanisms to detect and analyze malicious software are essential to improve security systems. Current security mechanisms have limited success in detecting sophisticated malicious software. More than to evade analysis system, many malware require specific conditions to activate their actions in the target system. The flexibility of Software-Defined Networking (SDN) provides an opportunity to develop a malware analysis architecture that can detect behavioral deviations in an automated way. This thesis presents a specialized architecture to analyze malware by managing the analysis environment in a centralized way, including to control the sandbox and the elements that surrounds it. The proposed architecture enables to determine the network access policy, to handle the analysis environment resource configuration, and to manipulate the network connections performed by the malware. To evaluate our solution we have analyzed a set of malware in two evaluation scenarios. In the first evaluation scenario, we showed that the mechanisms proposed have increased the number of behavioral events in 100% of the malware analyzed. In the second evaluation scenario, we have analyzed malware designed for IoT devices. As a result, by using the MARS features, it was possible to block attacks, to manipulate attack commands, and to enable the malware communication with the respective botnet controller. The experimental results showed that our solution can improve the dynamic malware analysis process by providing this configuration flexibility to the analysis environment. Análise de Malware Arquitetura de software Dynamic analysis Malware analysis Software-defined networking
48	ASSESSMENT OF DISAGGREGATING THE SDN CONTROL PLANE Adib Rastegarnia (7879706) 20 November 2019 (has links) Current SDN controllers have been designed based on a monolithic approach that integrates all of services and applications into one single, huge program. The monolithic design of SDN controllers restricts programmers who build management applications to specific programming interfaces and services that a given SDN controller provides, making application development dependent on the controller, and thereby restricting portability of management applications across controllers. Furthermore, the monolithic approach means an SDN controller must be recompiled whenever a change is made, and does not provide an easy way to add new functionality or scale to handle large networks. To overcome the weaknesses inherent in the monolithic approach, the next generation of SDN controllers must use a distributed, microservice architecture that disaggregates the control plane by dividing the monolithic controller into a set of cooperative microservices. Disaggregation allows a programmer to choose a programming language that is appropriate for each microservice. In this dissertation, we describe steps taken towards disaggregating the SDN control plane, consider potential ways to achieve the goal, and discuss the advantages and disadvantages of each. We propose a distributed architecture that disaggregates controller software into a small controller core and a set of cooperative microservices. In addition, we present a software defined network programming framework called Umbrella that provides a set of abstractions that programmers can use for writing of SDN management applications independent of NB APIs that SDN controllers provide. Finally, we present an intent-based network programming framework called OSDF to provide a high-level policy based API for programming of network devices using SDN. <br> Networking and Communications Software Defined Networking OpenFlow SDN Control Plane Disaggregation Intent-based Networking Programmable Networks
49	SDN-BASED MECHANISMS FOR PROVISIONING QUALITY OF SERVICE TO SELECTED NETWORK FLOWS Alharbi, Faisal 01 January 2018 (has links) Despite the huge success and adoption of computer networks in the recent decades, traditional network architecture falls short of some requirements by many applications. One particular shortcoming is the lack of convenient methods for providing quality of service (QoS) guarantee to various network applications. In this dissertation, we explore new Software-Defined Networking (SDN) mechanisms to provision QoS to targeted network flows. Our study contributes to providing QoS support to applications in three aspects. First, we explore using alternative routing paths for selected flows that have QoS requirements. Instead of using the default shortest path used by the current network routing protocols, we investigate using the SDN controller to install forwarding rules in switches that can achieve higher bandwidth. Second, we develop new mechanisms for guaranteeing the latency requirement by those applications depending on timely delivery of sensor data and control signals. The new mechanism pre-allocates higher priority queues in routers/switches and reserves these queues for control/sensor traffic. Third, we explore how to make the applications take advantage of the opportunity provided by SDN. In particular, we study new transmission mechanisms for big data transfer in the cloud computing environment. Instead of using a single TCP path to transfer data, we investigate how to let the application set up multiple TCP paths for the same application to achieve higher throughput. We evaluate these new mechanisms with experiments and compare them with existing approaches. Software Defined Networking Quality of Service Network Architecture Multipath TCP Computer Sciences
50	AUTOMATED NETWORK SECURITY WITH EXCEPTIONS USING SDN Rivera Polanco, Sergio A. 01 January 2019 (has links) Campus networks have recently experienced a proliferation of devices ranging from personal use devices (e.g. smartphones, laptops, tablets), to special-purpose network equipment (e.g. firewalls, network address translation boxes, network caches, load balancers, virtual private network servers, and authentication servers), as well as special-purpose systems (badge readers, IP phones, cameras, location trackers, etc.). To establish directives and regulations regarding the ways in which these heterogeneous systems are allowed to interact with each other and the network infrastructure, organizations typically appoint policy writing committees (PWCs) to create acceptable use policy (AUP) documents describing the rules and behavioral guidelines that all campus network interactions must abide by. While users are the audience for AUP documents produced by an organization's PWC, network administrators are the responsible party enforcing the contents of such policies using low-level CLI instructions and configuration files that are typically difficult to understand and are almost impossible to show that they do, in fact, enforce the AUPs. In other words, mapping the contents of imprecise unstructured sentences into technical configurations is a challenging task that relies on the interpretation and expertise of the network operator carrying out the policy enforcement. Moreover, there are multiple places where policy enforcement can take place. For example, policies governing servers (e.g., web, mail, and file servers) are often encoded into the server's configuration files. However, from a security perspective, conflating policy enforcement with server configuration is a dangerous practice because minor server misconfigurations could open up avenues for security exploits. On the other hand, policies that are enforced in the network tend to rarely change over time and are often based on one-size-fits-all policies that can severely limit the fast-paced dynamics of emerging research workflows found in campus networks. This dissertation addresses the above problems by leveraging recent advances in Software-Defined Networking (SDN) to support systems that enable novel in-network approaches developed to support an organization's network security policies. Namely, we introduce PoLanCO, a human-readable yet technically-precise policy language that serves as a middle-ground between the imprecise statements found in AUPs and the technical low-level mechanisms used to implement them. Real-world examples show that PoLanCO is capable of implementing a wide range of policies found in campus networks. In addition, we also present the concept of Network Security Caps, an enforcement layer that separates server/device functionality from policy enforcement. A Network Security Cap intercepts packets coming from, and going to, servers and ensures policy compliance before allowing network devices to process packets using the traditional forwarding mechanisms. Lastly, we propose the on-demand security exceptions model to cope with the dynamics of emerging research workflows that are not suited for a one-size-fits-all security approach. In the proposed model, network users and providers establish trust relationships that can be used to temporarily bypass the policy compliance checks applied to general-purpose traffic -- typically by network appliances that perform Deep Packet Inspection, thereby creating network bottlenecks. We describe the components of a prototype exception system as well as experiments showing that through short-lived exceptions researchers can realize significant improvements for their special-purpose traffic. Software-Defined Networking Network Security Policy Enforcement Security Exceptions Digital Communications and Networking Systems and Communications

Search results