skip to main content
10.1145/2999572.2999573acmconferencesArticle/Chapter ViewAbstractPublication PagesconextConference Proceedingsconference-collections
invited-talk

Enabling Software-Defined Network Security for Next-Generation Networks

Published: 06 December 2016 Publication History

Abstract

The state of network security today is quite abysmal. Security breaches and downtime of critical infrastructures continue to be the norm rather than the exception, despite the dramatic rise in spending on network security.
Attackers today can easily leverage a distributed and programmable infrastructure of compromised machines (or botnets) to launch large-scale and sophisticated attack campaigns. In contrast, the defenders of our critical infrastructures are fundamentally crippled as they rely on fixed capacity, inflexible, and expensive hardware appliances deployed at designated "chokepoints". These primitive defense capabilities force defenders into adopting weak and static security postures configured for simple and known attacks, or otherwise risk user revolt, as they face unpleasant tradeoffs between false positives and false negatives. Unfortunately, attacks can easily evade these defenses; e.g., piggybacking on popular services (e.g., drive-by-downloads) and by overloading the appliances. Continuing along this trajectory means that attackers will always hold the upper hand as defenders are stifled by the inflexible and impotent tools in their arsenal.
An overarching goal of my work is to change the dynamics of this attack-defense equation. Instead of taking a conventional approach of developing attack-specific defenses, I argue that we can leverage recent trends in software-defined networking and network functions virtualization to better empower defenders with the right tools and abstractions to tackle the constantly evolving attack landscape. To this end, I envision a new software-defined approach to network security, where we can rapidly develop and deploy novel in-depth defenses and dynamically customize the network's security posture to the current operating context.
In this talk, I will give an overview of our recent work on the basic building blocks to enable this vision as well as some early security capabilities we have developed. Using anecdotes from this specific exercise, I will also try to highlight lessons and experiences in the overall research process (e.g., how to pick and formulate problems, the role of serendipity, and the benefits of finding ``bridges'' to other subdomains).

Index Terms

  1. Enabling Software-Defined Network Security for Next-Generation Networks

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CoNEXT '16: Proceedings of the 12th International on Conference on emerging Networking EXperiments and Technologies
    December 2016
    524 pages
    ISBN:9781450342926
    DOI:10.1145/2999572
    Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 06 December 2016

    Check for updates

    Author Tags

    1. network security
    2. networking
    3. software-defined networks

    Qualifiers

    • Invited-talk

    Conference

    CoNEXT '16
    Sponsor:

    Acceptance Rates

    CoNEXT '16 Paper Acceptance Rate 30 of 160 submissions, 19%;
    Overall Acceptance Rate 198 of 789 submissions, 25%

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 472
      Total Downloads
    • Downloads (Last 12 months)2
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 17 Jan 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media