EAGER: ACI: Secure and Effective Policy Enforcement in Software-Defined WANs
Sri International, Menlo Park CA
Investigators
Abstract
Software Defined Networking (SDN) is a rapidly emerging, open source technology which decouples the network control functions from the data itself. This allows network functions to be programmed by network operators, application owners and system administrators. Instituting a dynamic network policy that constantly changes represents a strategic shift in the management of networks, which currently are static in nature. However, the flexibility in configuration has security repercussions in that SDN has no inherent security mechanisms built into its design. Permissions for configuration of the network ? both one?s own and others - as well as coordination and visibility between networks are still open technical questions. SDN has recently been adopted by a handful of major enterprise providers for limited use within their data centers, where robust security is less of an issue since the traffic stays within one network. However, as the Research and Education community and industry both look to adopt large scale SDN on their network backbones, the lack of a security framework for interdomain SDN use is a glaring vulnerability. This project defines the security architecture for large scale SDN networks and lays out a security coordination protocol for the largest use case for SDN, Wide Area Networking.
View original record on NSF Award Search →