Academic Journal
Collaborating with the enemy on network management
| العنوان: | Collaborating with the enemy on network management |
|---|---|
| المؤلفون: | Chris Hall, Dongting Yu, Zhi-li Zhang, Jonathan Stout, Andrew Odlyzko, Andrew W. Moore, Jean Camp, Kevin Benton, Ross Anderson |
| المساهمون: | The Pennsylvania State University CiteSeerX Archives |
| المصدر: | http://www.cl.cam.ac.uk/~rja14/Papers/spw14-08-Anderson.pdf. |
| سنة النشر: | 2014 |
| المجموعة: | CiteSeerX |
| الوصف: | Software Defined Networking (SDN) deconstructs the current routing infrastruc-ture into a small number of controllers, which are general purpose computers, and a large number of switches which are programmable forwarding engines. It is already deployed in data centres, where it offers considerable advantages of both cost and flexibility over a switching fabric of traditional routers. Such applications have a single controlling organisation and issues of trust between subdomains do not really arise. However for SDN to fulfil its potential, it is necessary to design and develop mechanisms for smart networks with mututally mistrustful principals. In an earlier paper, we used as an example an airport where we might have 100,000 staff working for 3,000 different firms which include not just competi-tors but also organisations in a state of conflict (for example, El Al and Iran Air) [1]. That paper discussed using hierarchical control structures to delegate trust with mechanisms focussed on preventing denial-of-service attacks, with the assumption that confidentiality and integrity would be provided by the princi-pals at higher layers. But this turns out to be a quagmire. Can you run your app and your enemy’s app on the same controllers of the same fabric, and get a passable separation of behaviour on private networks that run over the same switches? And can all this be done without a trusted root anywhere? This paper reports a project to build a test environment that adapts Quagga so that a software defined network can be automatically configured using informa-tion learned from BGP. Our Quagga for SDN Module, “QuaSM”, is designed to support the use of SDN in three further use cases: in a network exchange point, in an organisation seeking to join up two or more SDN islands using an existing BGP fabric; and in security research on virtual networking. 1 1 |
| نوع الوثيقة: | text |
| وصف الملف: | application/pdf |
| اللغة: | English |
| Relation: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.635.3412; http://www.cl.cam.ac.uk/~rja14/Papers/spw14-08-Anderson.pdf |
| الاتاحة: | http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.635.3412 http://www.cl.cam.ac.uk/~rja14/Papers/spw14-08-Anderson.pdf |
| Rights: | Metadata may be used without restrictions as long as the oai identifier remains attached to it. |
| رقم الانضمام: | edsbas.EAA73D10 |
| قاعدة البيانات: | BASE |
| الوصف غير متاح. |