Automatically correcting networks with NEAT

Wenxuan Zhou, Jason Croft, Bingzhe Liu, Elaine Ang, Matthew Caesar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Configuring and maintaining an enterprise network is a challenging and error-prone process. Administrators often need to consider security policies from a variety of sources such as regulatory requirements, industry standards, and mitigating attack vectors. Erroneous configuration or network application could violet crucial policies, and result in costly data breaches and intrusions. Relying on humans to discover and troubleshoot violations is slow and prone to error, considering the speed at which new attack vectors propagate and the increasing network dynamics, partly an effect of SDN. To address this problem, we present NEAt, a system analogous to a smartphone's autocorrect feature that enables on-the-fly repair to policy-violating updates. It does so by modifying the forwarding behavior of updates to automatically repair violations of policies such as reachability, service chaining, and segmentation. NEAt takes as input a set of administrator-defined high-level policies, and formulates these policies as directed graphs. Sitting between an SDN controller and the forwarding devices, NEAt intercepts updates proposed by SDN applications. If an update violates a policy, NEAt transforms the update into one that complies with the policy. Unlike domain-specific languages or synthesis platforms, NEAt allows enterprise networks to leverage the advanced functionality of SDN applications while simultaneously achieving strong, automated enforcement of general policies. Based on a prototype implementation and experimentation using Mininet and operation trace of a large enterprise network we demonstrate that NEAt achieves promising performance in real-time bug-fixing.

Original languageEnglish (US)
Title of host publicationProceedings of the 15th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2018
PublisherUSENIX Association
Pages595-608
Number of pages14
ISBN (Electronic)9781939133014
StatePublished - 2018
Event15th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2018 - Renton, United States
Duration: Apr 9 2018Apr 11 2018

Publication series

NameProceedings of the 15th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2018

Conference

Conference15th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2018
Country/TerritoryUnited States
CityRenton
Period4/9/184/11/18

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Control and Systems Engineering

Fingerprint

Dive into the research topics of 'Automatically correcting networks with NEAT'. Together they form a unique fingerprint.

Cite this