NetODESSA: Dynamic policy enforcement in cloud networks

John Bellessa, Evan Kroske, Reza Farivar, Mirko Montanari, Kevin Larson, Roy H. Campbell

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The networking environments found in cloud computing systems are highly complex and dynamic. Consequently, they have strained current policy management and enforcement systems that are based on writing explicit rules about individual hosts. In response, we propose NetODESSA, an inference-based system for network configuration and dynamic policy enforcement. NetODESSA permits the construction of flexible and resilient dynamic networks by allowing network administrators to write general policies about classes of hosts that are combined with runtime information to form network-level actions. Moreover, NetODESSA will infer refinements to the policy from network and host-level data, ensuring that the network remains secure. We have created an initial design for the system and implemented a basic prototype, demonstrating the practicality of this scheme.

Original languageEnglish (US)
Title of host publicationProceedings - 2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011
Pages57-61
Number of pages5
DOIs
StatePublished - Dec 15 2011
Event2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011 - Madrid, Spain
Duration: Oct 4 2011Oct 7 2011

Publication series

NameProceedings of the IEEE Symposium on Reliable Distributed Systems
ISSN (Print)1060-9857

Other

Other2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011
CountrySpain
CityMadrid
Period10/4/1110/7/11

Fingerprint

Cloud computing
Dynamic Networks
Cloud Computing
Networking
Refinement
Policy
Prototype
Configuration
Design
Class

Keywords

  • Dynamic networks
  • Network management
  • Network monitoring
  • Network security
  • Resilience

ASJC Scopus subject areas

  • Software
  • Theoretical Computer Science
  • Hardware and Architecture
  • Computer Networks and Communications

Cite this

Bellessa, J., Kroske, E., Farivar, R., Montanari, M., Larson, K., & Campbell, R. H. (2011). NetODESSA: Dynamic policy enforcement in cloud networks. In Proceedings - 2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011 (pp. 57-61). [6076814] (Proceedings of the IEEE Symposium on Reliable Distributed Systems). https://doi.org/10.1109/SRDSW.2011.24

NetODESSA : Dynamic policy enforcement in cloud networks. / Bellessa, John; Kroske, Evan; Farivar, Reza; Montanari, Mirko; Larson, Kevin; Campbell, Roy H.

Proceedings - 2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011. 2011. p. 57-61 6076814 (Proceedings of the IEEE Symposium on Reliable Distributed Systems).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Bellessa, J, Kroske, E, Farivar, R, Montanari, M, Larson, K & Campbell, RH 2011, NetODESSA: Dynamic policy enforcement in cloud networks. in Proceedings - 2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011., 6076814, Proceedings of the IEEE Symposium on Reliable Distributed Systems, pp. 57-61, 2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011, Madrid, Spain, 10/4/11. https://doi.org/10.1109/SRDSW.2011.24
Bellessa J, Kroske E, Farivar R, Montanari M, Larson K, Campbell RH. NetODESSA: Dynamic policy enforcement in cloud networks. In Proceedings - 2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011. 2011. p. 57-61. 6076814. (Proceedings of the IEEE Symposium on Reliable Distributed Systems). https://doi.org/10.1109/SRDSW.2011.24
Bellessa, John ; Kroske, Evan ; Farivar, Reza ; Montanari, Mirko ; Larson, Kevin ; Campbell, Roy H. / NetODESSA : Dynamic policy enforcement in cloud networks. Proceedings - 2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011. 2011. pp. 57-61 (Proceedings of the IEEE Symposium on Reliable Distributed Systems).
@inproceedings{a295b43a36124d7ea9ce84bccd9cc4ff,
title = "NetODESSA: Dynamic policy enforcement in cloud networks",
abstract = "The networking environments found in cloud computing systems are highly complex and dynamic. Consequently, they have strained current policy management and enforcement systems that are based on writing explicit rules about individual hosts. In response, we propose NetODESSA, an inference-based system for network configuration and dynamic policy enforcement. NetODESSA permits the construction of flexible and resilient dynamic networks by allowing network administrators to write general policies about classes of hosts that are combined with runtime information to form network-level actions. Moreover, NetODESSA will infer refinements to the policy from network and host-level data, ensuring that the network remains secure. We have created an initial design for the system and implemented a basic prototype, demonstrating the practicality of this scheme.",
keywords = "Dynamic networks, Network management, Network monitoring, Network security, Resilience",
author = "John Bellessa and Evan Kroske and Reza Farivar and Mirko Montanari and Kevin Larson and Campbell, {Roy H.}",
year = "2011",
month = "12",
day = "15",
doi = "10.1109/SRDSW.2011.24",
language = "English (US)",
isbn = "9780769544519",
series = "Proceedings of the IEEE Symposium on Reliable Distributed Systems",
pages = "57--61",
booktitle = "Proceedings - 2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011",

}

TY - GEN

T1 - NetODESSA

T2 - Dynamic policy enforcement in cloud networks

AU - Bellessa, John

AU - Kroske, Evan

AU - Farivar, Reza

AU - Montanari, Mirko

AU - Larson, Kevin

AU - Campbell, Roy H.

PY - 2011/12/15

Y1 - 2011/12/15

N2 - The networking environments found in cloud computing systems are highly complex and dynamic. Consequently, they have strained current policy management and enforcement systems that are based on writing explicit rules about individual hosts. In response, we propose NetODESSA, an inference-based system for network configuration and dynamic policy enforcement. NetODESSA permits the construction of flexible and resilient dynamic networks by allowing network administrators to write general policies about classes of hosts that are combined with runtime information to form network-level actions. Moreover, NetODESSA will infer refinements to the policy from network and host-level data, ensuring that the network remains secure. We have created an initial design for the system and implemented a basic prototype, demonstrating the practicality of this scheme.

AB - The networking environments found in cloud computing systems are highly complex and dynamic. Consequently, they have strained current policy management and enforcement systems that are based on writing explicit rules about individual hosts. In response, we propose NetODESSA, an inference-based system for network configuration and dynamic policy enforcement. NetODESSA permits the construction of flexible and resilient dynamic networks by allowing network administrators to write general policies about classes of hosts that are combined with runtime information to form network-level actions. Moreover, NetODESSA will infer refinements to the policy from network and host-level data, ensuring that the network remains secure. We have created an initial design for the system and implemented a basic prototype, demonstrating the practicality of this scheme.

KW - Dynamic networks

KW - Network management

KW - Network monitoring

KW - Network security

KW - Resilience

UR - http://www.scopus.com/inward/record.url?scp=83255173900&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=83255173900&partnerID=8YFLogxK

U2 - 10.1109/SRDSW.2011.24

DO - 10.1109/SRDSW.2011.24

M3 - Conference contribution

AN - SCOPUS:83255173900

SN - 9780769544519

T3 - Proceedings of the IEEE Symposium on Reliable Distributed Systems

SP - 57

EP - 61

BT - Proceedings - 2011 30th IEEE International Symposium on Reliable Distributed Systems Workshops, SRDS 2011

ER -