Browse wiki

From Navigators

Jump to: navigation, search
Publication:2017 FabioPereira
Abstract The accuracy provided by traditional sampl The accuracy provided by traditional sampling-based monitoring approaches, such as NetFlow, is increasingly being considered insufficient to meet the requirements of today’s networks. By summarizing all traffic for specific statistics of interest, sketch-based alternatives have been shown to achieve higher levels of accuracy for the same cost. Existing switches, however, lack the necessary capability to perform the sort of processing required by this approach. The emergence of programmable switches and the processing they enable in the data plane has recently led sketch-based solutions to be made possible in switching hardware. One limitation of existing solutions is that they lack security. At the scale of the datacenter networks that power cloud computing, this limitation becomes a serious concern. For instance, there is evidence of security incidents perpetrated by malicious insiders inside cloud infrastructures. By compromising the monitoring algorithm, such an attacker can render the monitoring process useless, leading to undesirable actions (such as routing sensitive traffic to disallowed locations). In this paper we propose, for the first time, a secure sketch-based monitoring solution that can run in programmable switches. Our algorithm – a secure version of the well-known count-min sketch – was implemented in P4, a programming language for switches. The evaluation of our solution demonstrates the performance penalty introduced by security to be negligible. y introduced by security to be negligible.
Author Fabio Pereira + , Nuno Ferreira Neves + , Fernando Ramos +
Booktitle Third International Workshop on Security in NFV-SDN (IEEE NFV-SDN 2017)  +
Document Document for Publication-2017 FabioPereira.pdf +
Key 2017 FabioPereira  +
Month nov  +
NumPubDate 2,017.11  +
Project Project:SEGRID +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
Title Secure Network Monitoring Using Programmable Data Planes  +
Type inproceedings  +
Year 2017  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 6 November 2017 06:13:23  +
hide properties that link here 
  No properties link to this page.
 

 

Enter the name of the page to start browsing from.
Views
Personal tools
Toolbox
Navigators toolbox