ترغب بنشر مسار تعليمي؟ اضغط هنا

Programmable In-Network Security for Context-aware BYOD Policies

88   0   0.0 ( 0 )
 نشر من قبل Qiao Kang
 تاريخ النشر 2019
  مجال البحث الهندسة المعلوماتية
والبحث باللغة English




اسأل ChatGPT حول البحث

Bring Your Own Device (BYOD) has become the new norm in enterprise networks, but BYOD security remains a top concern. Context-aware security, which enforces access control based on dynamic runtime context, holds much promise. Recent work has developed SDN solutions to collect device context for network-wide access control in a central controller. However, the central controller poses a bottleneck that can become an attack target, and processing context changes at remote software has low agility. We present a new paradigm, programmable in-network security (Poise), which is enabled by the emergence of programmable switches. At the heart of Poise is a novel switch primitive, which can be programmed to support a wide range of context-aware policies in hardware. Users of Poise specify concise policies, and Poise compiles them into different instantiations of the security primitive in P4. Compared to centralized SDN defenses, Poise is resilient to control plane saturation attacks, and it dramatically increases defense agility.



قيم البحث

اقرأ أيضاً

Cellular (C) setups facilitate the connectivity amongst the devices with better provisioning of services to its users. Vehicular networks are one of the representative setups that aim at expanding their functionalities by using the available cellular systems like Long Term Evolution (LTE)-based Evolved Universal Terrestrial Radio Access Network (E-UTRAN) as well as the upcoming Fifth Generation (5G)-based functional architecture. The vehicular networks include Vehicle to Vehicle (V2V), Vehicle to Infrastructure (V2I), Vehicle to Pedestrian (V2P) and Vehicle to Network (V2N), all of which are referred to as Vehicle to Everything (V2X). 5G has dominated the vehicular network and most of the upcoming research is motivated towards the fully functional utilization of 5G-V2X. Despite that, credential management and edge-initiated security are yet to be resolved under 5G-V2X. To further understand the issue, this paper presents security management as a principle of sustainability and key-management. The performance tradeoff is evaluated with the key-updates required to maintain a secure connection between the vehicles and the 5G-terminals. The proposed approach aims at the utilization of high-speed mmWave-based backhaul for enhancing the security operations between the core and the sub-divided functions at the edge of the network through a dual security management framework. The evaluations are conducted using numerical simulations, which help to understand the impact on the sustainability of connections as well as identification of the fail-safe points for secure and fast operations. Furthermore, the evaluations help to follow the multiple tradeoffs of security and performance based on the metrics like mandatory key updates, the range of operations and the probability of connectivity.
Machine learning finds rich applications in Internet of Things (IoT) networks such as information retrieval, traffic management, spectrum sensing, and signal authentication. While there is a surge of interest to understand the security issues of mach ine learning, their implications have not been understood yet for wireless applications such as those in IoT systems that are susceptible to various attacks due the open and broadcast nature of wireless communications. To support IoT systems with heterogeneous devices of different priorities, we present new techniques built upon adversarial machine learning and apply them to three types of over-the-air (OTA) wireless attacks, namely jamming, spectrum poisoning, and priority violation attacks. By observing the spectrum, the adversary starts with an exploratory attack to infer the channel access algorithm of an IoT transmitter by building a deep neural network classifier that predicts the transmission outcomes. Based on these prediction results, the wireless attack continues to either jam data transmissions or manipulate sensing results over the air (by transmitting during the sensing phase) to fool the transmitter into making wrong transmit decisions in the test phase (corresponding to an evasion attack). When the IoT transmitter collects sensing results as training data to retrain its channel access algorithm, the adversary launches a causative attack to manipulate the input data to the transmitter over the air. We show that these attacks with different levels of energy consumption and stealthiness lead to significant loss in throughput and success ratio in wireless communications for IoT systems. Then we introduce a defense mechanism that systematically increases the uncertainty of the adversary at the inference stage and improves the performance. Results provide new insights on how to attack and defend IoT networks using deep learning.
58 - Kuo-Feng Hsu 2019
We present Contra, a system for performance-aware routing that can adapt to traffic changes at hardware speeds. While existing work has developed point solutions for performance-aware routing on a fixed topology (e.g., a Fattree) with a fixed routing policy (e.g., use least utilized paths), Contra can be configured to operate seamlessly over any network topology and a wide variety of sophisticated routing policies. Users of Contra write network-wide policies that rank network paths given their current performance. A compiler then analyzes such policies in conjunction with the network topology and decomposes them into switch-local P4 programs, which collectively implement a new, specialized distance-vector protocol. This protocol generates compact probes that traverse the network, gathering path metrics to optimize for the user policy dynamically. Switches respond to changing network conditions at hardware speeds by routing flowlets along the best policy-compliant paths. Our experiments show that Contra scales to large networks, and that in terms of flow completion times, it is competitive with hand-crafted systems that have been customized for specific topologies and policies.
Security is a primary concern for the networks aiming at the utilization of Cellular (C) services for connecting Vehicles to Everything (V2X). At present, C-V2X is observing a paradigm shift from Long Term Evolution (LTE) - Evolved Universal Terrestr ial Radio Access Network (E-UTRAN) to Fifth Generation (5G) based functional architecture. However, security and credential management are still concerns to be resolved under 5G-V2X. A sizably voluminous number of key updates and non-availability of sub-functions at the edge cause adscititious overheads and decrement the performance while alarming the possibilities of variants of cyber attacks. In this paper, security management is studied as a principle of sustainability and its tradeoff is evaluated with the number of key-updates required to maintain an authenticated connection of a vehicle to the 5G-terminals keeping intact the security functions at the backhaul. A numerical study is presented to determine the claims and understand the proposed tradeoff.
Recent years have witnessed the fast growth in telecommunication (Telco) techniques from 2G to upcoming 5G. Precise outdoor localization is important for Telco operators to manage, operate and optimize Telco networks. Differing from GPS, Telco locali zation is a technique employed by Telco operators to localize outdoor mobile devices by using measurement report (MR) data. When given MR samples containing noisy signals (e.g., caused by Telco signal interference and attenuation), Telco localization often suffers from high errors. To this end, the main focus of this paper is how to improve Telco localization accuracy via the algorithms to detect and repair outlier positions with high errors. Specifically, we propose a context-aware Telco localization technique, namely RLoc, which consists of three main components: a machine-learning-based localization algorithm, a detection algorithm to find flawed samples, and a repair algorithm to replace outlier localization results by better ones (ideally ground truth positions). Unlike most existing works to detect and repair every flawed MR sample independently, we instead take into account spatio-temporal locality of MR locations and exploit trajectory context to detect and repair flawed positions. Our experiments on the real MR data sets from 2G GSM and 4G LTE Telco networks verify that our work RLoc can greatly improve Telco location accuracy. For example, RLoc on a large 4G MR data set can achieve 32.2 meters of median errors, around 17.4% better than state-of-the-art.
التعليقات
جاري جلب التعليقات جاري جلب التعليقات
mircosoft-partner

هل ترغب بارسال اشعارات عن اخر التحديثات في شمرا-اكاديميا