GGrantIndex
← Search

SaTC: CORE: Small: Collaborative: A New Approach to Federated Network Security

$183,450FY2017CSENSF

Rochester Institute Of Tech, Rochester NY

Investigators

Abstract

Modern networks are often federated in nature---i.e., they are an interoperation between independent networks spanning multiple administrative domains. For example, in many enterprises, different business units control various logical segments of the network, but share common resources, such as routers, firewalls, and load-balancers. In such federated systems, the correct enforcement of network security policies relies on interactions that span multiple administrative domains. This project is developing techniques for enforcing security policies in federated networks using a new form of Proof Carrying Code (PCC), specialized to the networking domain. This enforcement mechanism will ensure that only authorized actors can reconfigure devices in federated networks, and will guarantee that configuration software preserves "behavioral" policies such as access control, slice isolation, etc. The technical contributions of this research will include (i) developing PCC techniques for NetKAT, a language for SDN programming that comes equipped with a sound and complete equational reasoning system, and (ii) integrating NetKAT PCC into the Nexus Authorization Language (NAL), a framework that provides methods for specifying and enforcing distributed authorization policies. Key challenges will include how to generate, represent, and transform NetKAT proofs, and how to deal with dynamic behaviors such as network configuration changes and evolving trust models. The broader impacts of this project include (i) developing open-source software that will be tested on a GENI rack hosted by the BTV Ignite program with broader impacts in the local Burlington, VT community, and (ii) presenting education opportunities for underrepresented groups via an outreach program for high school students developed in partnership with the New York State 4-H and Science Leadership Academy.

View original record on NSF Award Search →