Collaborating with the enemy on network management. Hall, C., Yu, D., Zhang, Z., Stout, J., Odlyzko, A., Moore, A. W., Camp, J., Benton, K., & Anderson, R. In Cambridge International Workshop on Security Protocols, volume 8809, pages 154–162, Jan, 2014. Springer, Cham.
doi  abstract   bibtex   
© Springer International Publishing Switzerland. Software Defined Networking (SDN) deconstructs the current routing infrastructure into a small number of controllers, which are general purpose computers, and a large number of switches which are programmable forwarding engines. It is already deployed in data centres, where it offers considerable advantages of both cost and flexibility over a switching fabric of traditional routers. Such applications have a single controlling organisation and issues of trust between subdomains do not really arise. However for SDN to fulfil its potential, it is necessary to design and develop mechanisms for smart networks with mutually mistrustful principals. In an earlier paper, we used as an example an airport where we might have 100,000 staff working for 3,000 different firms which include not just competitors but also organisations in a state of conflict (for example, El Al and Iran Air). That paper discussed using hierarchical control structures to delegate trust with mechanisms focussed on preventing denialof- service attacks, with the assumption that confidentiality and integrity would be provided by the principals at higher layers. But this turns out to be a quagmire. Can you run your app and your enemy’s app on the same controllers of the same fabric, and get a passable separation of behaviour on private networks that run over the same switches? And can all this be done without a trusted root anywhere? This paper reports a project to build a test environment that adapts Quagga so that a software defined network can be automatically configured using information learned from BGP. Our Quagga for SDN Module, “QuaSM”, is designed to support the use of SDN in three further use cases: in a network exchange point, in an organisation seeking to join up two or more SDN islands using an existing BGP fabric; and in security research on virtual networking.
@InProceedings{Hall2014Collaborating,
  author            = {Hall, Chris and Yu, Dongting and Zhang, Zhi-li and Stout, Jonathan and Odlyzko, Andrew and Moore, Andrew W. and Camp, Jean and Benton, Kevin and Anderson, Ross},
  booktitle         = {Cambridge International Workshop on Security Protocols},
  title             = {Collaborating with the enemy on network management},
  year              = {2014},
  month             = {Jan},
  organization      = {Springer, Cham},
  pages             = {154--162},
  volume            = {8809},
  abstract          = {© Springer International Publishing Switzerland. Software Defined Networking (SDN) deconstructs the current routing infrastructure into a small number of controllers, which are general purpose computers, and a large number of switches which are programmable forwarding engines. It is already deployed in data centres, where it offers considerable advantages of both cost and flexibility over a switching fabric of traditional routers. Such applications have a single controlling organisation and issues of trust between subdomains do not really arise. However for SDN to fulfil its potential, it is necessary to design and develop mechanisms for smart networks with mutually mistrustful principals. In an earlier paper, we used as an example an airport where we might have 100,000 staff working for 3,000 different firms which include not just competitors but also organisations in a state of conflict (for example, El Al and Iran Air). That paper discussed using hierarchical control structures to delegate trust with mechanisms focussed on preventing denialof- service attacks, with the assumption that confidentiality and integrity would be provided by the principals at higher layers. But this turns out to be a quagmire. Can you run your app and your enemy’s app on the same controllers of the same fabric, and get a passable separation of behaviour on private networks that run over the same switches? And can all this be done without a trusted root anywhere? This paper reports a project to build a test environment that adapts Quagga so that a software defined network can be automatically configured using information learned from BGP. Our Quagga for SDN Module, “QuaSM”, is designed to support the use of SDN in three further use cases: in a network exchange point, in an organisation seeking to join up two or more SDN islands using an existing BGP fabric; and in security research on virtual networking.},
  day               = {1},
  doi               = {10.1007/978-3-319-12400-1_15},
  eissn             = {1611-3349},
  isbn              = {9783319123998},
  issn              = {0302-9743},
  journal           = {Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)},
  publicationstatus = {published},
}
Downloads: 0
About
Documentation
Keywords
Search
Users
Terms and Conditions of Use
Privacy Policy
Sitemap
© BibBase.org 2021