TY - GEN
T1 - NEAt
T2 - 2017 Symposium on SDN Research, SOSR 2017
AU - Zhou, Wenxuan
AU - Croft, Jason
AU - Liu, Bingzhe
AU - Caesar, Matthew
N1 - Publisher Copyright:
© 2017 ACM.
Copyright:
Copyright 2017 Elsevier B.V., All rights reserved.
PY - 2017/4/3
Y1 - 2017/4/3
N2 - Configuring and maintaining an enterprise network is a challenging and error-prone process. Administrators must often consider security policies from a variety of sources simultaneously, including regulatory requirements, industry standards, and to mitigate attack vectors. Erroneous implementation of a policy, however, can result in costly data breaches and intrusions. Relying on humans to discover and troubleshoot violations is slow and prone to error, considering the speed at which new attack vectors propagate and the increasing network dynamics, partly an effect of SDN. To ensure the network is always in a state consistent with the desired policies, administrators need frameworks to automatically diagnose and repair violations in real-time. To address this problem, we present NEAt, a system analogous to a smartphone's autocorrect feature that enables on-the-fly repair to policy-violating updates. NEAt modifies the forwarding behavior of updates to automatically repair violations of properties such as reachability, service chaining, and segmentation. NEAt sits between an SDN controller and the forwarding devices, and intercepts updates proposed by SDN applications. If an update violates the policy defined by an administrator, such as reachability or segmentation, NEAt transforms the update into one that complies with the policy. Unlike domain-specific languages or synthesis platforms, NEAt allows enterprise networks to leverage the advanced functionality of SDN applications while simultaneously achieving strong, automated enforcement of general policies.
AB - Configuring and maintaining an enterprise network is a challenging and error-prone process. Administrators must often consider security policies from a variety of sources simultaneously, including regulatory requirements, industry standards, and to mitigate attack vectors. Erroneous implementation of a policy, however, can result in costly data breaches and intrusions. Relying on humans to discover and troubleshoot violations is slow and prone to error, considering the speed at which new attack vectors propagate and the increasing network dynamics, partly an effect of SDN. To ensure the network is always in a state consistent with the desired policies, administrators need frameworks to automatically diagnose and repair violations in real-time. To address this problem, we present NEAt, a system analogous to a smartphone's autocorrect feature that enables on-the-fly repair to policy-violating updates. NEAt modifies the forwarding behavior of updates to automatically repair violations of properties such as reachability, service chaining, and segmentation. NEAt sits between an SDN controller and the forwarding devices, and intercepts updates proposed by SDN applications. If an update violates the policy defined by an administrator, such as reachability or segmentation, NEAt transforms the update into one that complies with the policy. Unlike domain-specific languages or synthesis platforms, NEAt allows enterprise networks to leverage the advanced functionality of SDN applications while simultaneously achieving strong, automated enforcement of general policies.
KW - Auto-correct
KW - Real-time
KW - Software-defined networking
UR - http://www.scopus.com/inward/record.url?scp=85018984049&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85018984049&partnerID=8YFLogxK
U2 - 10.1145/3050220.3050238
DO - 10.1145/3050220.3050238
M3 - Conference contribution
AN - SCOPUS:85018984049
T3 - SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research
SP - 157
EP - 163
BT - SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research
PB - Association for Computing Machinery
Y2 - 3 April 2017 through 4 April 2017
ER -