Contextual, flow-based access control with scalable host-based SDN techniques

Curtis R. Taylor, Douglas C. Macfarland, Doran R. Smestad, Craig A. Shue

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

16 Scopus citations

Abstract

Network operators can better understand their networks when armed with a detailed understanding of the network traffic and host activities. Software-defined networking (SDN) techniques have the potential to improve enterprise security, but the current techniques have well-known data plane scalability concerns and limited visibility into the host's operating context. In this work, we provide both detailed host-based context and fine-grained control of network flows by shifting the SDN agent functionality from the network infrastructure into the end-hosts. We allow network operators to write detailed network policy that can discriminate based on user and program information associated with network flows. In doing so, we find our approach scales far beyond the capabilities of OpenFlow switching hardware, allowing each host to create over 25 new flows per second with no practical bound on the number of established flows in the network.

Original languageEnglish
Title of host publicationIEEE INFOCOM 2016 - 35th Annual IEEE International Conference on Computer Communications
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781467399531
DOIs
StatePublished - Jul 27 2016
Externally publishedYes
Event35th Annual IEEE International Conference on Computer Communications, IEEE INFOCOM 2016 - San Francisco, United States
Duration: Apr 10 2016Apr 14 2016

Publication series

NameProceedings - IEEE INFOCOM
Volume2016-July
ISSN (Print)0743-166X

Conference

Conference35th Annual IEEE International Conference on Computer Communications, IEEE INFOCOM 2016
Country/TerritoryUnited States
CitySan Francisco
Period04/10/1604/14/16

Funding

FundersFunder number
National Science Foundation1422180

    Fingerprint

    Dive into the research topics of 'Contextual, flow-based access control with scalable host-based SDN techniques'. Together they form a unique fingerprint.

    Cite this