TY - GEN
T1 - SeReNe
T2 - 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2015
AU - Chung, Chun Jen
AU - Xing, Tianyi
AU - Huang, Dijiang
AU - Medhi, Deep
AU - Trivedi, Kishor
N1 - Funding Information:
This research has been supported in part by NATO Science for Peace and Security project number 984425 and National Science Foundation Grant No. CNS-1217736.
Publisher Copyright:
© 2015 IEEE.
PY - 2015/9/18
Y1 - 2015/9/18
N2 - In the current enterprise data enter networking environment, a major hurdle in the development of network security is the lack of an orchestrated and resilient defensive mechanism that uses well-established quantifiable metrics, models, and evaluation methods. In this position paper, we describe an emerging Secure and Resilient Networking (SeReNe) service model to establish a programmable and dynamic defensive mechanism that can adjust the system's networking resources such as topology, bandwidth allocation, and traffic/flow forwarding policies, according to the network security situations. We posit that this requires addressing two interdependent technical areas: (a) a Moving Target Defense (MTD) framework both at networking and software levels, and (b) an Adaptive Security-enabled Traffic Engineering (ASeTE) approach to select optimal countermeasures by considering the effectiveness of countermeasures and network bandwidth allocations while minimizing the intrusiveness to the applications and the cost of deploying the countermeasures. We believe that our position can greatly benefit the virtual networking system established in data Centerior enterprise virtual networking systems that have adopted latest Open Flow technologies.
AB - In the current enterprise data enter networking environment, a major hurdle in the development of network security is the lack of an orchestrated and resilient defensive mechanism that uses well-established quantifiable metrics, models, and evaluation methods. In this position paper, we describe an emerging Secure and Resilient Networking (SeReNe) service model to establish a programmable and dynamic defensive mechanism that can adjust the system's networking resources such as topology, bandwidth allocation, and traffic/flow forwarding policies, according to the network security situations. We posit that this requires addressing two interdependent technical areas: (a) a Moving Target Defense (MTD) framework both at networking and software levels, and (b) an Adaptive Security-enabled Traffic Engineering (ASeTE) approach to select optimal countermeasures by considering the effectiveness of countermeasures and network bandwidth allocations while minimizing the intrusiveness to the applications and the cost of deploying the countermeasures. We believe that our position can greatly benefit the virtual networking system established in data Centerior enterprise virtual networking systems that have adopted latest Open Flow technologies.
KW - multi-tenant datacenter
KW - security and resilience
UR - http://www.scopus.com/inward/record.url?scp=84957679321&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84957679321&partnerID=8YFLogxK
U2 - 10.1109/DSN-W.2015.25
DO - 10.1109/DSN-W.2015.25
M3 - Conference contribution
AN - SCOPUS:84957679321
T3 - Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2015
SP - 4
EP - 11
BT - Proceedings - 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, DSN-W 2015
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 22 June 2015 through 25 June 2015
ER -