Contextual, flow-based access control with scalable host-based SDN techniques

Proceedings - IEEE INFOCOM

Volumn 2016-July, Issue , 2016, Pages

  Taylor, Curtis R ^a   Macfarland, Douglas C ^a   Smestad, Doran R ^a   Shue, Craig A ^a  

^a WORCESTER POLYTECHNIC INSTITUTE   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

ELECTRICAL ENGINEERING;

ENTERPRISE SECURITY; FINE-GRAINED CONTROL; LIMITED VISIBILITY; NETWORK INFRASTRUCTURE; NETWORK OPERATOR; NETWORK POLICY; NETWORK TRAFFIC; SOFTWARE DEFINED NETWORKING (SDN);

ACCESS CONTROL;

EID: 84983268897     PISSN: 0743166X     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/INFOCOM.2016.7524498     Document Type: Conference Paper

References (41)

1. Microsoft vulnerabilities study: Mitigating risk by removing user privileges," in Avetco whitepaper, 2013
2. "Openflow specification version 1.3.0," June 2014
3. "Open vswitch manual," http://openvswitch.org/support/dist-docs/ovsbenchmark. 1.txt, April 2015
4. "Penetration Testing Software-Metasploit," http://www.metasploit. com, April 2015
5. "Remote Administration Toolkit (or Trojan) for POSiX (Linux/Unix) system working as a Web Service," https://github.com/abhishekkr/ n00bRAT, April 2015
6. F. Adelstein, "Live forensics: diagnosing your system without killing it first," Communications of the ACM, vol. 49, no. 2, pp. 63-66, 2006
7. S. M. Bellovin, "Security problems in the tcp/ip protocol suite," ACM SIGCOMM Computer Communication Review, vol. 19, no. 2, pp. 32-48, 1989
8. H. Binsalleeh, T. Ormerod, A. Boukhtouta, P. Sinha, A. Youssef, M. Debbabi, and L. Wang, "On the analysis of the zeus botnet crimeware toolkit," in Privacy Security and Trust (PST), 2010 Eighth Annual International Conference on. IEEE, 2010, pp. 31-38
9. M. Casado, M. J. Freedman, J. Pettit, J. Luo, N. McKeown, and S. Shenker, "Ethane: Taking control of the enterprise," SIGCOMM Comput. Commun. Rev., vol. 37, no. 4, pp. 1-12, Aug. 2007. [Online]. Available: http://doi.acm.org/10.1145/1282427.1282382
10. W. Cui, R. H. Katz, and W.-t. Tan, "Design and implementation of an extrusion-based break-in detector for personal computers," in Computer Security Applications Conference, 21st Annual. IEEE, 2005, pp. 10-pp
11. A. R. Curtis, J. C. Mogul, J. Tourrilhes, P. Yalagandula, P. Sharma, and S. Banerjee, "Devoflow: Scaling flow management for high-performance networks," in Proceedings of the ACM SIGCOMM 2011 Conference, ser. SIGCOMM '11. New York, NY, USA: ACM, 2011, pp. 254-265. [Online]. Available: http://doi.acm.org/10.1145/2018436.2018466
12. C. Dixon, H. Uppal, V. Brajkovic, D. Brandon, T. Anderson, and A. Krishnamurthy, "Ettm: A scalable fault tolerant network manager," in Proceedings of the 8th USENIX Conference on Networked Systems Design and Implementation, ser. NSDI'11. Berkeley, CA, USA: USENIX Association, 2011, pp. 85-98
13. D. Erickson, "The beacon openflow controller," in Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking. ACM, 2013, pp. 13-18
14. G. A. Fink, V. Duggirala, R. Correa, and C. North, "Bridging the host-network divide: Survey, taxonomy, and solution," in Proceedings of the 20th Conference on Large Installation System Administration, ser. LISA '06. Berkeley, CA, USA: USENIX Association, 2006, pp. 20-20. [Online]. Available: http://dl.acm.org/citation.cfm?id=1267793.1267813
15. C. Gates, M. Collins, M. Duggan, A. Kompanek, and M. Thomas, "More netflow tools for performance and security," in Proceedings of the 18th USENIX Conference on System Administration, ser. LISA '04. Berkeley, CA, USA: USENIX Association, 2004, pp. 121-132. [Online]. Available: http://dl.acm.org/citation.cfm?id=1052676.1052691
16. GEANT, "Technology investigation of openflow and testing," GEANT Whitepaper DJ1-2.1. [Online] http://geant3.archive.geant.net/ Media Centre/Media Library/Media%20Library/GN3-13-003 DJ1-2-1 Technology-Investigation-of-OpenFlow-and-Testing.pdf, July 2013
17. K. Gennuso, "Shedding light on security incidents using network flows," http://www.sans.org/reading-room/whitepapers/incident/ shedding-light-security-incidents-network-flows-33935, 2012
18. T. Hinrichs, N. Gude, M. Casado, J. Mitchell, and S. Shenker, "Expressing and enforcing flow-based network security policies," 2008
19. T. L. Hinrichs, N. S. Gude, M. Casado, J. C. Mitchell, and S. Shenker, "Practical declarative network management," in Proceedings of the 1st ACM Workshop on Research on Enterprise Networking, ser. WREN '09. New York, NY, USA: ACM, 2009. [Online]. Available: http://doi.acm.org/10.1145/1592681.1592683
20. IBM Corporation, "Ibm system networking RackSwitch G8264," IBM Data Sheet [Online] http://www-01.ibm.com/common/ssi/cgibin/ ssialias?subtype=SPandinfotype=PMandappname=STGE QC QC USENandhtmlfid=QCD03020USENandattachment=QCD03020USEN. PDF#loaded, July 2014
21. M. S. Johns, "Identification protocol," IETF RFC 1413, February 1993
22. M. Kuzniar, P. Peresini, and D. Kostic, "What you need to know about sdn flow tables," in Lecture Notes in Computer Science (LNCS), no. EPFL-CONF-204742, 2015
23. K. Lakkaraju, W. Yurcik, and A. J. Lee, "NVisionIP: Netflow visualizations of system state for security situational awareness," in ACM Workshop on Visualization and Data Mining for Computer Security, October 2004
24. A. Lazaris, D. Tahara, X. Huang, E. Li, A. Voellmy, Y. R. Yang, and M. Yu, "Tango: Simplifying SDN control with automatic switch property inference, abstraction, and optimization," in ACM International on Con-ference on Emerging Networking Experiments and Technologiesmerging Networking Experiments and Technologies. ACM, 2014, pp. 199-212
25. C. Low, "Icmp attacks illustrated," SANS Institute URL: http://rr. sans. org/threats/ICMP attacks. php (12/11/2001), 2001
26. L. Lu, V. Yegneswaran, P. Porras, and W. Lee, "Blade: an attack-agnostic approach for preventing drive-by malware infections," in Proceedings of the 17th ACM conference on Computer and communications security. ACM, 2010, pp. 440-450
27. N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turner, "Openflow: Enabling innovation in campus networks," ACM SIGCOMM Computer Communication Review, vol. 38, no. 2, pp. 69-74, 2008
28. Microsoft, "Windows filter platform architecture overview," https://msdn.microsoft.com/en-us/library/windows/hardware/ ff571066(v=vs.85).aspx
29. Which ports need to be open to use skype for windows desktop?" Skype FAQ 148 https://support.skype.com/en/faq/FA148/which-portsneed-to-be-open-to-use-skype-for-windows-desktop, April 2015
30. Mircosoft, "System center configuration manager," http://technet. microsoft.com/en-us/systemcenter/bb507744.aspx, 2014
31. D. Montero, M. Yannuzzi, A. Shaw, L. Jacquin, A. Pastor, R. Serral-Gracia, A. Lioy, F. Risso, C. Basile, R. Sassu, M. Nemirovsky, F. Ciaccia, M. Georgiades, S. Charalambides, J. Kuusijarvi, and F. Bosco, "Virtualized security at the network edge: a user-centric approach," Communications Magazine, IEEE, vol. 53, no. 4, pp. 176-186, April 2015
32. J. Naous, R. Stutsman, D. Mazieres, N. McKeown, and N. Zeldovich, "Delegating network security with more information," in Proceedings of the 1st ACM workshop on Research on enterprise networking. ACM, 2009, pp. 19-26
33. OpenBSD Developers, "Pf: The openbsd packet filter," http://www. openbsd.org/faq/pf
34. B. Parno, Z. Zhou, and A. Perrig, "Using trustworthy host-based information in the network," in Proceedings of the Seventh ACM Workshop on Scalable Trusted Computing, ser. STC '12. New York, NY, USA: ACM, 2012, pp. 33-44
35. J. H. Saltzer and M. D. Schroeder, "The protection of information in computer systems," Proceedings of the IEEE, 1975
36. S. Scott-Hayward, G. O'Callaghan, and S. Sezer, "Sdn security: A survey," in Future Networks and Services (SDN4FNS), 2013 IEEE SDN for, Nov 2013, pp. 1-7
37. A. Tootoonchian and Y. Ganjali, "Hyperflow: A distributed control plane for openflow," in Proceedings of the 2010 Internet Network Management Conference on Research on Enterprise Networking, ser. INM/WREN'10. Berkeley, CA, USA: USENIX Association, 2010, pp. 3-3. [Online]. Available: http://dl.acm.org/citation.cfm?id=1863133.1863136
38. M. Tracy, W. Jansen, K. Scarfone, and T. Winogard, "Guidelines on securing public web servers," NIST Special Publication 800-44, Version 2, p. 142, September 2007
39. Twisted Framework Developers, "Python twisted framework," https:// twistedmatrix.com
40. A. Wang, Y. Guo, F. Hao, T. Lakshman, and S. Chen, "Scotch: Elastically scaling up SDN control-plane using vswitch based overlay," in ACM International on Conference on Emerging Networking Experiments and Technologies. ACM, 2014, pp. 403-414
41. H. Zhang, W. Banick, D. Yao, and N. Ramakrishnan, "User intentionbased traffic dependence analysis for anomaly detection," in Security and Privacy Workshops (SPW), 2012 IEEE Symposium on. IEEE, 2012, pp. 104-112