TY - GEN
T1 - Resonance
T2 - 1st Workshop: Research on Enterprise Networking, WREN 2009, Co-located with the 2009 SIGCOMM Conference, SIGCOMM'09
AU - Nayak, Ankur
AU - Reimers, Alex
AU - Feamster, Nick
AU - Clark, Russ
PY - 2009
Y1 - 2009
N2 - Enterprise network security is typically reactive, and it relies heavily on host security and middleboxes. This approach creates complicated interactions between protocols and systems that can cause incorrect behavior and slow response to attacks. We argue that imbuing the network layer with mechanisms for dynamic access control can remedy these ills. We propose Resonance, a system for securing enterprise networks, where the network elements themselves enforce dynamic access control policies based on both flow-level information and real-time alerts. Resonance uses programmable switches to manipulate traffic at lower layers; these switches take actions (e.g., dropping or redirecting traffic) to enforce high-level security policies based on input from both higher-level security policies and distributed monitoring and inference systems. We describe the design of Resonance, apply it to Georgia Tech's network access control system, show how it can both overcome the current shortcomings and provide new security functions, describe our proposed deployment, and discuss open research questions.
AB - Enterprise network security is typically reactive, and it relies heavily on host security and middleboxes. This approach creates complicated interactions between protocols and systems that can cause incorrect behavior and slow response to attacks. We argue that imbuing the network layer with mechanisms for dynamic access control can remedy these ills. We propose Resonance, a system for securing enterprise networks, where the network elements themselves enforce dynamic access control policies based on both flow-level information and real-time alerts. Resonance uses programmable switches to manipulate traffic at lower layers; these switches take actions (e.g., dropping or redirecting traffic) to enforce high-level security policies based on input from both higher-level security policies and distributed monitoring and inference systems. We describe the design of Resonance, apply it to Georgia Tech's network access control system, show how it can both overcome the current shortcomings and provide new security functions, describe our proposed deployment, and discuss open research questions.
KW - Access control
KW - Enterprise networks
KW - Programmable networks
UR - http://www.scopus.com/inward/record.url?scp=77954339615&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=77954339615&partnerID=8YFLogxK
U2 - 10.1145/1592681.1592684
DO - 10.1145/1592681.1592684
M3 - Conference contribution
AN - SCOPUS:77954339615
SN - 9781605584430
T3 - Computer Communication Review
SP - 11
EP - 18
BT - Proceedings of the 1st ACM Workshop on Research on Enterprise Networking, WREN '09, Co-located with the 2009 SIGCOMM Conference, SIGCOMM'09
Y2 - 17 August 2009 through 21 August 2009
ER -