Filters








21 Hits in 2.5 sec

FlowTags

Seyed Kaveh Fayazbakhsh, Vyas Sekar, Minlan Yu, Jeffrey C. Mogul
2013 Proceedings of the second ACM SIGCOMM workshop on Hot topics in software defined networking - HotSDN '13  
Unfortunately, the dynamic and traffic-dependent modifications induced by middleboxes make it difficult to reason about the correctness of network-wide policy enforcement (e.g., access control, accounting  ...  Using practical application scenarios, we argue that we need a flow tracking capability to ensure consistent policy enforcement in the presence of such dynamic traffic modifications.  ...  This work was supported in part by the Intel Lab's University Research Office. Seyed Kaveh Fayazbakhsh was supported in part by a Renaissance Technologies Fellowship.  ... 
doi:10.1145/2491185.2491203 dblp:conf/sigcomm/FayazbakhshSYM13 fatcat:mkjszsulfrenzkkbkeucluwdya

Enforcing Network-Wide Policies in the Presence of Dynamic Middlebox Actions using FlowTags

Seyed Kaveh Fayazbakhsh, Luis Chiang, Vyas Sekar, Minlan Yu, Jeffrey C. Mogul
2018
Middleboxes provide key security and performance guarantees in networks.  ...  This also makes it difficult to integrate middleboxes into SDN-capable networks and leverage the benefits that SDN can offer. In response, we develop the FlowTags architecture.  ...  This work was supported in part by grant number N00014-13-1-0048 from the Office of Naval Research and by Intel Labs' University Research Office.  ... 
doi:10.1184/r1/6468737.v1 fatcat:rlwsxlr6dfbqzf6vdp7ftjikpi

SDN-Based Middlebox Management Framework in Integrated Wired and Wireless Networks
유무선 통합망에서의 SDN 기반 미들박스 관리 프레임워크

Giwon Lee, Insun Jang, Wontae Kim, Sukjin Joo, Myungsoo Kim, Sangheon Pack, Chul-Hee Kang
2014 The Journal of Korean Institute of Communications and Information Sciences  
In this respect, Software-Defined Networking (SDN) offers a promising solution for middlebox policy enforcement by using logically centralized management, decoupling the data and control planes, and providing  ...  We introduce SDN-based middlebox management framework in integrated wired and wireless networks and discuss the further issues.  ...  ., "FlowTags: Enforcing network wide policies in the presence of dynamic middlebox actions," in Proc. ACM HotSDN 2013, Aug. 2013. [10] A.  ... 
doi:10.7840/kics.2014.39b.6.379 fatcat:2bkaew7p2je73ovx3g3pgrl4jq

Segmented proactive flow rule injection for service chaining using SDN

Prakash B. Pawar, Kotaro Kataoka
2016 2016 IEEE NetSoft Conference and Workshops (NetSoft)  
Dynamic Policy Update If the chaining policy is updated while fully proactively injecting ow rules, there may be inconsistency between the policy and its enforcement.  ...  The policy enforcer is responsible for determining the actions that are taken for the ow.  ... 
doi:10.1109/netsoft.2016.7502439 dblp:conf/netsoft/PawarK16 fatcat:m2qwf5d7xbagdf2o32drz7mx2i

EnforSDN: Network policies enforcement with SDN

Yaniv Ben-Itzhak, Katherine Barabash, Rami Cohen, Anna Levin, Eran Raichstein
2015 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM)  
In this paper, we present EnforSDN -a new management approach that exploits SDN principles to decouple the policy resolution layer from the policy enforcement layer in network service appliances.  ...  Our approach improves the enforcement management, network utilization and communication latency, without compromising the policy and the functionality of the network.  ...  Note that, the No-FW result is unachievable in the presence of network middlebox. On the other hand, EnforSDN probably reduces the flow aggregation potential .  ... 
doi:10.1109/inm.2015.7140279 dblp:conf/im/Ben-ItzhakBCLR15 fatcat:mff6gmvdljhaxewwjrvo3a6oge

SUPC: SDN enabled Universal Policy Checking in Cloud Network [article]

Ankur Chowdhary, Adel Alshamrani, Dijiang Huang
2018 arXiv   pre-print
This ensures elimination of redundant rules and policy compliance in SFC. 2) Flow conflict analysis to identify conflicts in header space and actions between various SF rules.  ...  Software Defined Network (SDN) based Network Function Virtualization (NFV) has emerged as a solution that allows dynamic SFC composition and traffic steering in a cloud network.  ...  ACKNOWLEDGMENT This research is based upon work supported by the NRL N00173-15-G017, NSF Grants 1642031, 1528099, and 1723440, and NSFC Grants 61628201 and 61571375.  ... 
arXiv:1811.00657v1 fatcat:cwi6mxyhqbhdhiea3a4qjbflt4

Research Challenges for Network Function Virtualization - Re-Architecting Middlebox for High Performance and Efficient, Elastic and Resilient Platform to Create New Services -

Kohei SHIOMOTO
2018 IEICE transactions on communications  
plane of a middlebox and enables the innovation of policy implementation by using SF chaining.  ...  Software-defined networking separates the control plane from the data plane of switch and router, while NFV decouples high-layer service functions (SFs) or Network Functions (NFs) implemented in the data  ...  [139] , [147] proposed FlowTags for enforcing network-wide policies in the presence of dynamic middlebox actions.  ... 
doi:10.1587/transcom.2017ebi0001 fatcat:5u722sdhsjfrxcfz6vqn3cq3yu

Modelling cyber security for software-defined networks those grow strong when exposed to threats

Usama Ahmed, Imran Raza, Syed Asad Hussain, Amjad Ali, Muddesar Iqbal, Xinheng Wang
2015 Journal of Reliable Intelligent Environments  
The advent of Software-Defined Networks (SDN) has given a new outlook to information protection, where the network can aid in the design of a system that is secure and dependable in case of cyber threats  ...  Whether the information is being processed in the application, in transit within the network or residing in the storage, it is equally susceptible to attack at every level of abstraction and cannot be  ...  The flow tracking capability is introduced to ensure consistent policy enforcement in the presence of dynamic traffic modifications.  ... 
doi:10.1007/s40860-015-0008-0 fatcat:5uzcjwxp4bhnfbq3acw6srtmny

A Survey of Security in Software Defined Networks

Sandra Scott-Hayward, Sriram Natarajan, Sakir Sezer
2016 IEEE Communications Surveys and Tutorials  
The objective of FlowTags is to ensure consistent network policy enforcement as packet headers and contents may be dynamically modified by middleboxes.  ...  place network network traffic management functions and direct traffic to those functions FlowTags [109] Ensure consistent network policy enforcement Middleboxes add tags to outgoing packets to in  ... 
doi:10.1109/comst.2015.2453114 fatcat:7d46s7rtxrg3romy2zds72e5pm

SNAP

Mina Tahmasbi Arashloo, Yaron Koral, Michael Greenberg, Jennifer Rexford, David Walker
2016 Proceedings of the 2016 conference on ACM SIGCOMM 2016 Conference - SIGCOMM '16  
Early programming languages for software-defined networking (SDN) were built on top of the simple matchaction paradigm offered by OpenFlow 1.0.  ...  However, emerging hardware and software switches offer much more sophisticated support for persistent state in the data plane, without involving a central controller.  ...  We thank our shepherd, Sujata Banerjee, and the anonymous reviewers for their thoughtful feedback; Changhoon Kim, Nick McKeown, Arjun Guha, and Anirudh Sivaraman for helpful discussions; and Nick Feamster  ... 
doi:10.1145/2934872.2934892 dblp:conf/sigcomm/ArashlooK0RW16 fatcat:4xw26mrdavgnzjksaqmeyrvujm

SNAP: Stateful Network-Wide Abstractions for Packet Processing [article]

Mina Tahmasbi Arashloo, Yaron Koral, Michael Greenberg, Jennifer Rexford, David Walker
2016 arXiv   pre-print
Early programming languages for software-defined networking (SDN) were built on top of the simple match-action paradigm offered by OpenFlow 1.0.  ...  However, emerging hardware and software switches offer much more sophisticated support for persistent state in the data plane, without involving a central controller.  ...  We thank our SIG-COMM'16 shepherd, Sujata Banerjee, and the anonymous SIGCOMM'16 reviewers for their thoughtful feedback; Changhoon Kim, Nick McKeown, Arjun Guha, and Anirudh Sivaraman for helpful discussions  ... 
arXiv:1512.00822v2 fatcat:cpjequdeovbo7d23h2wph66lam

Scalable Testing of Context-Dependent Policies over Stateful Data Planes with Armstrong [article]

Seyed K. Fayaz, Yoshiaki Tobioka, Sagar Chaki, Vyas Sekar
2015 arXiv   pre-print
Network operators today spend significant manual effort in ensuring and checking that the network meets their intended policies.  ...  Together, these introduce new expressiveness and scalability challenges that fall outside the scope of existing network verification mechanisms.  ...  In doing so we take the "CAD for networks" vision one step closer to reality.  ... 
arXiv:1505.03356v2 fatcat:qbiqewfppzbg3bkjfgysbnajs4

Towards flexible, scalable and autonomic virtual tenant slices

Mohamed Fekih Ahmed, Chamssedine Talhi, Mohamed Cheriet
2015 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM)  
A clear disadvantage of FlowTags is the fact that it supports only pre-defined policies and does not handle dynamic actions.  ...  In contrast to Slick and FlowTags, the SIMPLE-fying middlebox policy enforcement (Qazi et al. (2013)) ( 2013a ) 2013a ), and CloudNaaS (Benson et al. (2011) ) provide a language for managing middleboxes  ... 
doi:10.1109/inm.2015.7140361 dblp:conf/im/AhmedTC15 fatcat:qcyz5zlbsvhtvjyyfy6rlytaii

Network and server resource management strategies for data centre infrastructures: A survey

Fung Po Tso, Simon Jouet, Dimitrios P. Pezaros
2016 Computer Networks  
In this paper, we present an extensive survey on the management of server and network resources over virtualised Cloud DC infrastructures, highlighting key concepts and results, and critically discussing  ...  Of the significant capital outlay required for building and operating such infrastructures, server and network equipment account for 45 and 15% of the total cost, respectively, making resource utilisation  ...  Acknowledgements The work has been supported in part by the UK Engineering and Physical Sciences Research Council (EPSRC) grants EP/N033957/1 , EP/L026015/1 , and EP/L005255/1 .  ... 
doi:10.1016/j.comnet.2016.07.002 fatcat:gcvbvxczprb2lpx4jkl2hpb5hq

Reasoning about Stateful Network Behaviors

Seyed Kevah Fayaz
2018
Today checking whether the intended policies are enforced correctly is stymied by two fundamental sources of complexity: the diversity and stateful nature of the behaviors of real networks.  ...  Prior work on checking network policies is limited to a particular state of the network.  ...  Thus, our focus here is to systematically revive the ORIG-INBINDING and CONTEXTBINDING, even in the presence of dynamic middlebox actions. We identify flow tracking as the key to policy enforcement.  ... 
doi:10.1184/r1/6721265.v1 fatcat:hlah4itvsfdl3nck76o4h74ahq
« Previous Showing results 1 — 15 out of 21 results