We consider the problem of designing enterprise network security systems
which are easy to manage, robust and flexible. This problem is challenging. Today,
most approaches rely on host security, middleboxes, and complex interactions between
many protocols. To solve this problem, we explore how new programmable networking
paradigms can facilitate fine-grained network control. We present Resonance, a
system for securing enterprise networks , where the network elements themselves en-
force dynamic access control policies through state changes based on both flow-level
information and real-time alerts. Resonance uses programmable switches to manipulate
traffic at lower layers; these switches take actions (e.g., dropping or redirecting
traffic) to enforce high-level security policies based on input from both higher-level security
boxes and distributed monitoring and inference systems. Using our approach,
administrators can create security applications by first identifying a state machine to
represent different policy changes and then, translating these states into actual network
policies. Earlier approaches in this direction (e.g., Ethane, Sane) have remained
low-level requiring policies to be written in languages which are too detailed and are
difficult for regular users and administrators to comprehend. As a result, significant
effort is needed to package policies, events and network devices into a high-level application.
Resonance abstracts out all the details through its state-machine based
policy specification framework and presents security functions which are close to the
end system and hence, more tractable.
To demonstrate how well Resonance can be applied to existing systems, we consider
two use cases. First relates to "Network Admission Control" problem. Georgia
Tech dormitories currently use a system called START (Scanning Technology for Automated
Registration, Repair, and Response Tasks) to authenticate and secure new
hosts entering the network [23]. START uses a VLAN-based approach to isolate new
hosts from authenticated hosts, along with a series of network device interactions. VLANs
are notoriously difficult to use, requiring much hand-holding and manual configuration.
Our interactions with the dorm network administrators have revealed that this existing
system is not only difficult to manage and scale but also inflexible, allowing only
coarse-grained access control. We implemented START by expressing its functions
in the Resonance framework. The current system is deployed across three buildings
in Georgia Tech with both wired as well as wireless connectivities. We present an
evaluation of our system's scalability and performance. We consider dynamic rate
limiting as the second use case for Resonance. We show how a network policy that
relies on rate limiting and traffic shaping can easily be implemented using only a few
state transitions. We plan to expand our deployment to more users and buildings
and support more complex policies as an extension to our ongoing work.
Main contributions of this thesis include design and implementation of a flexible
access control model, evaluation studies of our system's scalability and performance,
and a campus-wide testbed setup with a working version of Resonance running. Our
preliminary evaluations suggest that Resonance is scalable and can be potentially
deployed in production networks. Our work can provide a good platform for more
advanced and powerful security techniques for enterprise networks.
Identifer | oai:union.ndltd.org:GATECH/oai:smartech.gatech.edu:1853/33813 |
Date | 07 April 2010 |
Creators | Nayak, Ankur Kumar |
Publisher | Georgia Institute of Technology |
Source Sets | Georgia Tech Electronic Thesis and Dissertation Archive |
Detected Language | English |
Type | Thesis |
Page generated in 0.0059 seconds