NetODESSA: Dynamic policy enforcement in cloud networks

John Bellessa, Evan Kroske, Reza Farivar, Mirko Montanari, Kevin Larson, Roy H. Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The networking environments found in cloud computing systems are highly complex and dynamic. Consequently, they have strained current policy management and enforcement systems that are based on writing explicit rules about individual hosts. In response, we propose NetODESSA, an inference-based system for network configuration and dynamic policy enforcement. NetODESSA permits the construction of flexible and resilient dynamic networks by allowing network administrators to write general policies about classes of hosts that are combined with runtime information to form network-level actions. Moreover, NetODESSA will infer refinements to the policy from network and host-level data, ensuring that the network remains secure. We have created an initial design for the system and implemented a basic prototype, demonstrating the practicality of this scheme.

Original languageEnglish (US)
Title of host publicationProceedings - 2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011
Pages57-61
Number of pages5
DOIs
StatePublished - Dec 15 2011
Event2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011 - Madrid, Spain
Duration: Oct 4 2011Oct 7 2011

Publication series

NameProceedings of the IEEE Symposium on Reliable Distributed Systems
ISSN (Print)1060-9857

Other

Other2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011
CountrySpain
CityMadrid
Period10/4/1110/7/11

Keywords

  • Dynamic networks
  • Network management
  • Network monitoring
  • Network security
  • Resilience

ASJC Scopus subject areas

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'NetODESSA: Dynamic policy enforcement in cloud networks'. Together they form a unique fingerprint.

Cite this